samlesa 4.3.4 → 4.4.0

package/build/src/binding-post.js

@@ -87,7 +87,7 @@ function base64LoginRequest(referenceTagXPath, entity, customTagReplacement) {
  * @param AttributeStatement
  * @param idpInit
  */
-async function base64LoginResponse({ requestInfo = {}, entity, user = {}, customTagReplacement, encryptThenSign = false, AttributeStatement = [], idpInit }) {
+async function base64LoginResponse({ requestInfo = {}, entity, user = {}, customTagReplacement, encryptThenSign = false, AttributeStatement = [], idpInit, destinationBinding = binding.post, }) {
     const idpSetting = entity.idp.entitySetting;
     const spSetting = entity.sp.entitySetting;
     // @ts-ignore
@@ -100,7 +100,9 @@ async function base64LoginResponse({ requestInfo = {}, entity, user = {}, custom
     const nameIDFormat = idpSetting.nameIDFormat;
     const selectedNameIDFormat = Array.isArray(nameIDFormat) ? nameIDFormat[0] : namespace.format.unspecified;
     if (metadata && metadata.idp && metadata.sp) {
-        const base = metadata.sp.getAssertionConsumerService(binding.post);
+        const base = destinationBinding === binding.artifact
+            ? metadata.sp.getAssertionConsumerService(binding.artifact, { mode: 'lenient' })
+            : metadata.sp.getAssertionConsumerService(binding.post);
         let rawSamlResponse;
         const nowTime = new Date();
         const spEntityID = metadata.sp.getEntityID();
@@ -108,7 +110,9 @@ async function base64LoginResponse({ requestInfo = {}, entity, user = {}, custom
         oneMinutesLaterTime.setMinutes(oneMinutesLaterTime.getMinutes() + 5);
         const OneMinutesLater = oneMinutesLaterTime.toISOString();
         const now = nowTime.toISOString();
-        const acl = metadata.sp.getAssertionConsumerService(binding.post);
+        const acl = destinationBinding === binding.artifact
+            ? metadata.sp.getAssertionConsumerService(binding.artifact, { mode: 'lenient' })
+            : metadata.sp.getAssertionConsumerService(binding.post);
         // @ts-ignore
         const sessionID = idpSetting?.generateID() ?? `_${randomUUID()}`;
         const sessionIndex = 'session' + sessionID; // 这个是当前系统的会话索引，用于单点注销

package/build/src/entity-idp.js

@@ -3,8 +3,6 @@
  * @author tngan
  * @desc  Declares the actions taken by identity provider
  */
-import { wording, } from './urn.js';
-const binding = wording.binding;
 import Entity from './entity.js';
 import { namespace } from './urn.js';
 import postBinding from './binding-post.js';
@@ -68,7 +66,7 @@ export class IdentityProvider extends Entity {
                     sp,
                 }, user, relayState, customTagReplacement, AttributeStatement);
             case namespace.binding.artifact:
-                context = await artifactBinding.soapLoginResponse({
+                context = await artifactBinding.createLoginResponse({
                     requestInfo,
                     entity: {
                         idp: this,
@@ -91,6 +89,49 @@ export class IdentityProvider extends Entity {
             type: 'SAMLResponse'
         };
     }
+    createArtifactResolveRequest(sp, artifact) {
+        return artifactBinding.createArtifactResolveRequest({
+            requester: this,
+            responder: sp,
+            artifact,
+        });
+    }
+    async createArtifactResolveResponse(params) {
+        const { sp, samlMessage, requestInfo = {}, user = {}, customTagReplacement, encryptThenSign = false, AttributeStatement = [], idpInit = false, inResponseTo = '', } = params;
+        const resolvedMessage = samlMessage ?? (await artifactBinding.createLoginResponse({
+            requestInfo,
+            entity: {
+                idp: this,
+                sp,
+            },
+            user,
+            customTagReplacement,
+            encryptThenSign,
+            AttributeStatement,
+            idpInit,
+        })).samlContent;
+        return artifactBinding.createArtifactResolveResponse({
+            requester: sp,
+            responder: this,
+            inResponseTo,
+            samlMessage: resolvedMessage,
+        });
+    }
+    parseArtifactResolveRequest(sp, xml) {
+        return artifactBinding.parseArtifactResolveRequest({
+            requester: sp,
+            responder: this,
+            xml,
+        });
+    }
+    parseArtifactResolveResponse(sp, xml, inResponseTo) {
+        return artifactBinding.parseArtifactResolveResponse({
+            requester: this,
+            responder: sp,
+            xml,
+            inResponseTo,
+        });
+    }
     /**
      * Validation of the parsed URL parameters
      * @param sp ServiceProvider instance
@@ -98,6 +139,13 @@ export class IdentityProvider extends Entity {
      * @param req RequesmessageSigningOrderst
      */
     parseLoginRequest(sp, binding, req) {
+        if (binding === namespace.binding.artifact || binding === 'artifact') {
+            return artifactBinding.parseLoginRequest({
+                idp: this,
+                sp,
+                request: req,
+            });
+        }
         const self = this;
         return flow({
             from: sp,

package/build/src/entity-sp.js

@@ -61,7 +61,7 @@ export class ServiceProvider extends Entity {
                 context = simpleSignBinding.base64LoginRequest({ idp, sp: this }, customTagReplacement);
                 break;
             case nsBinding.artifact:
-                context = artifactBinding.soapLoginRequest("/*[local-name(.)='AuthnRequest']", {
+                context = artifactBinding.createLoginRequest("/*[local-name(.)='AuthnRequest']", {
                     idp,
                     sp: this
                 }, customTagReplacement);
@@ -76,14 +76,24 @@ export class ServiceProvider extends Entity {
             type: 'SAMLRequest',
         };
     }
-    async createLoginSoapRequest(idp, binding = 'artifact', config) {
-        const context = await artifactBinding.soapLoginRequest("/*[local-name(.)='AuthnRequest']", {
+    createArtifactResolveRequest(idp, artifact) {
+        return artifactBinding.createArtifactResolveRequest({
+            requester: this,
+            responder: idp,
+            artifact,
+        });
+    }
+    async createArtifactResolveResponse(idp, config) {
+        const samlMessage = config?.samlMessage ?? artifactBinding.createLoginRequest("/*[local-name(.)='AuthnRequest']", {
             idp,
             sp: this,
-            inResponse: config?.inResponseTo,
-            relayState: config?.relayState,
-        }, config?.customTagReplacement);
-        return context;
+        }, config?.customTagReplacement).samlContent;
+        return artifactBinding.createArtifactResolveResponse({
+            requester: idp,
+            responder: this,
+            inResponseTo: config?.inResponseTo || '',
+            samlMessage,
+        });
     }
     /**
      * @desc   Validation of the parsed the URL parameters
@@ -92,6 +102,13 @@ export class ServiceProvider extends Entity {
      * @param  {request}   req                      request
      */
     parseLoginResponse(idp, binding, request) {
+        if (binding === namespace.binding.artifact || binding === 'artifact') {
+            return artifactBinding.parseLoginResponse({
+                idp,
+                sp: this,
+                request,
+            });
+        }
         const self = this;
         return flow({
             from: idp,
@@ -103,31 +120,19 @@ export class ServiceProvider extends Entity {
             request: request
         });
     }
-    /**
-     * @desc   Parse and validate Artifact Resolve request
-     * @param  {IdentityProvider}   idp             object of identity provider
-     * @param  {string}   xml                       SOAP request XML string
-     */
-    parseLoginRequestResolve(idp, xml) {
-        const self = this;
-        return artifactBinding.parseLoginRequestResolve({
-            idp: idp,
-            sp: self,
-            xml: xml
+    parseArtifactResolveRequest(idp, xml) {
+        return artifactBinding.parseArtifactResolveRequest({
+            requester: idp,
+            responder: this,
+            xml,
         });
     }
-    /**
-     * @desc   Resolve SAML Response by Artifact ID
-     * @param  {IdentityProvider}   idp             object of identity provider
-     * @param  {string}   art                       Artifact string
-     * @param  {request}   req                      request
-     */
-    parseLoginResponseResolve(idp, art, request) {
-        const self = this;
-        return artifactBinding.parseLoginResponseResolve({
-            idp: idp,
-            sp: self,
-            art: art
+    parseArtifactResolveResponse(idp, xml, inResponseTo) {
+        return artifactBinding.parseArtifactResolveResponse({
+            requester: this,
+            responder: idp,
+            xml,
+            inResponseTo,
         });
     }
 }

package/build/src/extractor.js

@@ -140,10 +140,27 @@ export const artifactResolveFields = [
     },
 ];
 export const artifactResponseFields = [
-    { key: 'request', localPath: ['Envelope', 'Body', 'ArtifactResolve'], attributes: ['ID', 'IssueInstant', 'Version'] },
-    { key: 'issuer', localPath: ['Envelope', 'Body', 'ArtifactResolve', 'Issuer'], attributes: [] },
-    { key: 'Artifact', localPath: ['Envelope', 'Body', 'ArtifactResolve', 'Artifact'], attributes: [] },
-    { key: 'signature', localPath: ['Envelope', 'Body', 'ArtifactResolve', 'Signature'], attributes: [], context: true },
+    {
+        key: 'response',
+        localPath: ['Envelope', 'Body', 'ArtifactResponse'],
+        attributes: ['ID', 'IssueInstant', 'Version', 'InResponseTo', 'Destination']
+    },
+    {
+        key: 'issuer',
+        localPath: ['Envelope', 'Body', 'ArtifactResponse', 'Issuer'],
+        attributes: []
+    },
+    {
+        key: 'status',
+        localPath: ['Envelope', 'Body', 'ArtifactResponse', 'Status', 'StatusCode'],
+        attributes: ['Value']
+    },
+    {
+        key: 'signature',
+        localPath: ['Envelope', 'Body', 'ArtifactResponse', 'Signature'],
+        attributes: [],
+        context: true
+    },
 ];
 export const loginResponseStatusFields = [
     { key: 'top', localPath: ['Response', 'Status', 'StatusCode'], attributes: ['Value'] },

package/build/src/libsamlSoap.js

@@ -1,122 +1,114 @@
-import { getContext } from "./api.js";
-import { select } from "xpath";
-import { SignedXml } from "xml-crypto-next";
-import fs from "fs";
-import utility, { flattenDeep } from "./utility.js";
-import libsaml from "./libsaml.js";
-import { wording } from "./urn.js";
+import fs from 'fs';
 import { DOMParser } from '@xmldom/xmldom';
+import { select } from 'xpath';
+import { SignedXml } from 'xml-crypto-next';
+import utility, { normalizeCertificates } from './utility.js';
+import libsaml from './libsaml.js';
+import { wording } from './urn.js';
+import { getContext } from './api.js';
 function toNodeArray(result) {
-    if (Array.isArray(result))
+    if (Array.isArray(result)) {
         return result;
-    if (result != null && typeof result === 'object' && 'nodeType' in result)
+    }
+    if (result != null && typeof result === 'object' && 'nodeType' in result) {
         return [result];
+    }
     return [];
 }
 const certUse = wording.certUse;
 const docParser = new DOMParser();
-async function verifyAndDecryptSoapMessage(xml, opts) {
-    const { dom } = getContext();
-    const doc = dom.parseFromString(xml, 'application/xml');
-    const docParser = new DOMParser();
-    let type = '';
-    // 为 SOAP 消息定义 XPath
-    const artifactResolveXpath = "/*[local-name()='Envelope']/*[local-name()='Body']/*[local-name()='ArtifactResolve']";
-    const artifactResponseXpath = "/*[local-name()='Envelope']/*[local-name()='Body']/*[local-name()='ArtifactResponse']";
-    // 检测 ArtifactResolve 或 ArtifactResponse 的存在
-    // @ts-expect-error
-    const artifactResolveNodes = toNodeArray(select(artifactResolveXpath, doc));
-    // @ts-expect-error
-    const artifactResponseNodes = toNodeArray(select(artifactResponseXpath, doc));
-    // 根据消息类型选择合适的 XPath
-    let basePath = "";
-    if (artifactResolveNodes?.length > 0) {
-        type = 'artifactResolve';
-        basePath = "/*[local-name()='Envelope']/*[local-name()='Body']/*[local-name()='ArtifactResolve']";
+function resolvePublicCertificate(signatureNode, opts) {
+    if (!opts.keyFile && !opts.metadata) {
+        throw new Error('ERR_UNDEFINED_SIGNATURE_VERIFIER_OPTIONS');
     }
-    else if (artifactResponseNodes?.length > 0) {
-        type = 'artifactResponse';
-        basePath = "/*[local-name()='Envelope']/*[local-name()='Body']/*[local-name()='ArtifactResponse']";
+    if (opts.keyFile) {
+        return fs.readFileSync(opts.keyFile);
     }
-    else {
-        throw new Error('ERR_UNSUPPORTED_SOAP_MESSAGE_TYPE');
+    const certificateNode = toNodeArray(select(".//*[local-name(.)='X509Certificate']", signatureNode));
+    const metadataCerts = normalizeCertificates(opts.metadata.getX509Certificate(certUse.signing));
+    if (certificateNode.length === 0 && metadataCerts.length === 0) {
+        throw new Error('NO_SELECTED_CERTIFICATE');
     }
-    // 基于 SOAP 结构重新定义 XPath
-    const messageSignatureXpath = `${basePath}/*[local-name(.)='Signature']`;
-    // @ts-expect-error
-    const messageSignatureNode = toNodeArray(select(messageSignatureXpath, doc));
-    let selection = [];
-    if (messageSignatureNode?.length > 0) {
-        selection = selection.concat(messageSignatureNode);
+    if (certificateNode.length > 0) {
+        const x509CertificateData = certificateNode[0].firstChild?.nodeValue || '';
+        const x509Certificate = utility.normalizeCerString(x509CertificateData);
+        if (metadataCerts.length > 0 && !metadataCerts.includes(x509Certificate)) {
+            throw new Error('ERROR_UNMATCH_CERTIFICATE_DECLARATION_IN_METADATA');
+        }
+        return libsaml.getKeyInfo(x509Certificate).getKey();
     }
-    if (selection.length === 0) {
-        throw new Error('ERR_ZERO_SIGNATURE');
+    return libsaml.getKeyInfo(metadataCerts[0]).getKey();
+}
+function extractResolvedMessage(rootNode) {
+    const resolvedNodes = toNodeArray(select("./*[local-name()='Response' or local-name()='AuthnRequest' or local-name()='LogoutRequest' or local-name()='LogoutResponse']", rootNode));
+    if (resolvedNodes.length === 0) {
+        return null;
     }
-    return verifySignature(xml, selection, opts);
+    return resolvedNodes[0].toString();
 }
-function verifySignature(xml, selection, opts) {
-    // 尝试所有签名节点
-    for (const signatureNode of selection) {
+function verifySignature(xml, signatureNodes, opts) {
+    for (const signatureNode of signatureNodes) {
         const sig = new SignedXml();
-        let verified = false;
-        sig.signatureAlgorithm = opts.signatureAlgorithm;
-        if (!opts.keyFile && !opts.metadata) {
-            throw new Error('ERR_UNDEFINED_SIGNATURE_VERIFIER_OPTIONS');
-        }
-        if (opts.keyFile) {
-            sig.publicCert = fs.readFileSync(opts.keyFile);
-        }
-        if (opts.metadata) {
-            const certificateNode = select(".//*[local-name(.)='X509Certificate']", signatureNode);
-            // 证书处理逻辑
-            let metadataCert = opts.metadata.getX509Certificate(certUse.signing);
-            if (Array.isArray(metadataCert)) {
-                metadataCert = flattenDeep(metadataCert);
-            }
-            else if (typeof metadataCert === 'string') {
-                metadataCert = [metadataCert];
-            }
-            metadataCert = metadataCert.map(utility.normalizeCerString);
-            // 没有证书的情况
-            if (certificateNode.length === 0 && metadataCert.length === 0) {
-                throw new Error('NO_SELECTED_CERTIFICATE');
-            }
-            if (certificateNode.length !== 0) {
-                const x509CertificateData = certificateNode[0].firstChild.data;
-                const x509Certificate = utility.normalizeCerString(x509CertificateData);
-                if (metadataCert.length >= 1 && !metadataCert.includes(x509Certificate)) {
-                    throw new Error('ERROR_UNMATCH_CERTIFICATE_DECLARATION_IN_METADATA');
-                }
-                sig.publicCert = libsaml.getKeyInfo(x509Certificate).getKey();
-            }
-            else {
-                sig.publicCert = libsaml.getKeyInfo(metadataCert[0]).getKey();
-            }
-        }
+        sig.publicCert = resolvePublicCertificate(signatureNode, opts);
         sig.loadSignature(signatureNode);
-        verified = sig.checkSignature(xml); // 使用原始XML验证
+        const verified = sig.checkSignature(xml);
         if (!verified) {
             throw new Error('ERR_FAILED_TO_VERIFY_SIGNATURE');
         }
-        if (sig.getSignedReferences().length < 1) {
+        const signedReferences = sig.getSignedReferences();
+        if (signedReferences.length < 1) {
             throw new Error('NO_SIGNATURE_REFERENCES');
         }
-        const signedVerifiedXML = sig.getSignedReferences()[0];
-        const rootNode = docParser.parseFromString(signedVerifiedXML, 'application/xml').documentElement;
-        // 处理签名的内容
-        switch (rootNode?.localName) {
-            case 'ArtifactResolve':
-                return [true, rootNode.toString(), false, false];
-            case 'ArtifactResponse':
-                // @ts-expect-error
-                const Response = select("/*[local-name()='ArtifactResponse']/*[local-name()='Response']", rootNode);
-                return [true, Response?.[0].toString(), false, false]; // 签名验证成功但未找到断言
-            default:
-                return [true, null, false, true]; // 签名验证成功但未找到可识别的内容
+        const signedXml = signedReferences[0];
+        const rootNode = docParser.parseFromString(signedXml, 'application/xml').documentElement;
+        if (!rootNode) {
+            throw new Error('ERR_INVALID_SOAP_PAYLOAD');
         }
+        if (rootNode.localName === 'ArtifactResolve') {
+            return {
+                verified: true,
+                soapContent: xml,
+                message: rootNode.toString(),
+                type: 'ArtifactResolve',
+                resolvedMessage: null,
+            };
+        }
+        if (rootNode.localName === 'ArtifactResponse') {
+            return {
+                verified: true,
+                soapContent: xml,
+                message: rootNode.toString(),
+                type: 'ArtifactResponse',
+                resolvedMessage: extractResolvedMessage(rootNode),
+            };
+        }
+    }
+    throw new Error('ERR_UNSUPPORTED_SOAP_MESSAGE_TYPE');
+}
+async function verifyAndDecryptSoapMessage(xml, opts) {
+    const { dom } = getContext();
+    const doc = dom.parseFromString(xml, 'application/xml');
+    const artifactResolveXpath = "/*[local-name()='Envelope']/*[local-name()='Body']/*[local-name()='ArtifactResolve']";
+    const artifactResponseXpath = "/*[local-name()='Envelope']/*[local-name()='Body']/*[local-name()='ArtifactResponse']";
+    const artifactResolveNodes = toNodeArray(select(artifactResolveXpath, doc));
+    const artifactResponseNodes = toNodeArray(select(artifactResponseXpath, doc));
+    let basePath = '';
+    if (artifactResolveNodes.length > 0) {
+        basePath = artifactResolveXpath;
+    }
+    else if (artifactResponseNodes.length > 0) {
+        basePath = artifactResponseXpath;
+    }
+    else {
+        throw new Error('ERR_UNSUPPORTED_SOAP_MESSAGE_TYPE');
+    }
+    const messageSignatureXpath = `${basePath}/*[local-name(.)='Signature']`;
+    const messageSignatureNodes = toNodeArray(select(messageSignatureXpath, doc));
+    if (messageSignatureNodes.length === 0) {
+        throw new Error('ERR_ZERO_SIGNATURE');
     }
-    return [false, null, false, true];
+    return verifySignature(xml, messageSignatureNodes, opts);
 }
 export default {
-    verifyAndDecryptSoapMessage
+    verifyAndDecryptSoapMessage,
 };

package/build/src/metadata.js

@@ -13,7 +13,6 @@ export default class Metadata {
      * @param  {object} extraParse for custom metadata extractor
      */
     constructor(xml, extraParse = []) {
-        this.xmlString = xml.toString();
         this.xmlString = xml.toString();
         this.meta = extract(this.xmlString, extraParse.concat([
             {

package/build/src/soap.js

@@ -1,144 +1,73 @@
 import axios from 'axios';
-import https from 'node:https';
-import crypto from "node:crypto";
 import { Builder } from 'xml2js';
 import iconv from 'iconv-lite';
-// 2. 配置 Axios 实例（处理自签名证书）
+import { generateArtifactId, parseArtifact } from './artifact.js';
 const axiosInstance = axios.create({
-    httpsAgent: new https.Agent({
-        rejectUnauthorized: false // 允许自签名证书
-    })
+    timeout: 5000,
 });
-export async function sendArtifactResolve(url, soapRequest) {
-    try {
-        const response = await axiosInstance.post(url, soapRequest, {
-            headers: {
-                'Content-Type': 'text/xml',
-                'SOAPAction': '"ArtifactResolve"'
-            },
-            timeout: 5000 // 5秒超时
-        });
-        return response.data;
+function getAxiosErrorPayload(error) {
+    if (error?.response?.data) {
+        return error.response.data;
     }
-    catch (error) {
-        throw error.response.data;
+    if (error instanceof Error) {
+        return error;
     }
+    return new Error('ERR_SOAP_REQUEST_FAILED');
 }
-export async function sendArtifactResponse(url, soapRequest) {
+async function sendSoapRequest(url, soapRequest, soapAction) {
     try {
         const response = await axiosInstance.post(url, soapRequest, {
             headers: {
-                'Content-Type': 'text/xml',
-                'SOAPAction': '"ArtifactResponse"'
+                'Content-Type': 'text/xml; charset=utf-8',
+                SOAPAction: `"${soapAction}"`,
             },
-            timeout: 5000 // 5秒超时
         });
         return response.data;
     }
     catch (error) {
-        throw error.response.data;
+        throw getAxiosErrorPayload(error);
     }
 }
-/**
- * @desc   generate Art id
- *
- * @param entityIDString
- * @param endpointIndex
- */
+export async function sendArtifactResolve(url, soapRequest) {
+    return sendSoapRequest(url, soapRequest, 'ArtifactResolve');
+}
+export async function sendArtifactResponse(url, soapRequest) {
+    return sendSoapRequest(url, soapRequest, 'ArtifactResponse');
+}
 export function createArt(entityIDString, endpointIndex = 0) {
-    // 安全获取 sourceEntityId
-    let sourceEntityId;
-    if (typeof entityIDString === "string") {
-        sourceEntityId = entityIDString;
-    }
-    else {
-        // 确保只在非字符串类型上访问 entityMeta
-        sourceEntityId = entityIDString.entityMeta.getEntityID();
-    }
-    // 1. 固定类型代码 (0x0004 - 2字节)
-    const typeCode = Buffer.from([0x00, 0x04]);
-    // 2. 端点索引 (2字节，大端序)
-    if (endpointIndex < 0 || endpointIndex > 65535) {
-        throw new Error("Endpoint index must be between 0 and 65535");
-    }
-    const endpointBuf = Buffer.alloc(2);
-    endpointBuf.writeUInt16BE(endpointIndex);
-    // 3. Source ID - 实体ID的SHA-1哈希 (20字节)
-    const sourceId = crypto
-        .createHash("sha1")
-        .update(sourceEntityId)
-        .digest();
-    // 4. Message Handler - 20字节随机值
-    const messageHandler = crypto.randomBytes(20);
-    // 组合所有组件 (2+2+20+20 = 44字节)
-    const artifact = Buffer.concat([
-        typeCode,
-        endpointBuf,
-        sourceId,
-        messageHandler,
-    ]);
-    // 返回Base64编码的Artifact
+    const sourceEntityId = typeof entityIDString === 'string'
+        ? entityIDString
+        : entityIDString.entityMeta.getEntityID();
+    const artifact = generateArtifactId(sourceEntityId, endpointIndex);
+    const origin = parseArtifact(artifact);
     return {
-        artifact: artifact.toString("base64"),
+        artifact,
         origin: {
-            typeCode: typeCode.readUInt16BE(0), // 改为整数值
-            endpointIndex: endpointIndex, // 修复字段名并赋正确的值
-            sourceId: sourceId.toString("hex"), // 转为十六进制
-            messageHandle: messageHandler.toString("hex"), // 转为十六进制
+            typeCode: origin.typeCode,
+            endpointIndex: origin.endpointIndex,
+            sourceId: origin.sourceId,
+            messageHandle: origin.messageHandle,
         },
     };
 }
-/**
- * @desc   generate Art id
- * @param artifact
- */
 export function parseArt(artifact) {
-    // 解码 Base64
-    if (Object.prototype.toString.call(artifact) !== '[object String]') {
-        return;
-    }
-    const decoded = Buffer.from(artifact, 'base64');
-    // 确保长度正确（SAML 工件固定为 44 字节）
-    if (decoded.length !== 44) {
-        throw new Error(`Invalid artifact length: ${decoded.length}, expected 44 bytes`);
-    }
-    // 读取前 4 字节（TypeCode + EndpointIndex）
-    const typeCode = decoded.readUInt16BE(0);
-    const endpointIndex = decoded.readUInt16BE(2);
-    // 使用 Buffer.from() 替代 slice()
-    const sourceId = Buffer.from(decoded.buffer, // 底层 ArrayBuffer
-    decoded.byteOffset + 4, // 起始偏移量
-    20 // 长度
-    ).toString('hex');
-    const messageHandle = Buffer.from(decoded.buffer, // 底层 ArrayBuffer
-    decoded.byteOffset + 24, // 起始偏移量
-    20 // 长度
-    ).toString('hex');
-    return { typeCode, endpointIndex, sourceId, messageHandle };
+    return parseArtifact(artifact);
 }
-/**
-* 将对象转换为 ISO-8859-1 编码的 XML 字符串
-* @param {Object} data - 要转换的数据对象
-* @returns {Buffer} - ISO-8859-1 编码的 XML 数据 (Buffer)
-*/
 export function encodeXmlToIso88591(data) {
     try {
-        // 1. 创建 XML 构建器
         const builder = new Builder({
-            headless: false, // 包含 XML 声明
-            renderOpts: { 'pretty': false }, // 紧凑格式
+            headless: false,
+            renderOpts: { pretty: false },
             xmldec: {
                 version: '1.0',
                 encoding: 'ISO-8859-1',
-                standalone: true
-            }
+                standalone: true,
+            },
         });
-        // 2. 构建 XML 字符串 (UTF-8 格式)
         const utf8Xml = builder.buildObject(data);
-        // 3. 转换为 ISO-8859-1 编码的 Buffer
         return iconv.encode(utf8Xml, 'iso-8859-1');
     }
     catch (error) {
-        throw new Error(`XML 编码失败: ${error.message}`);
+        throw new Error(`XML 缂栫爜澶辫触: ${error.message}`);
     }
 }