samlesa 4.7.6 → 4.9.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/build/src/binding-artifact.js +5 -0
- package/build/src/binding-post.js +4 -0
- package/build/src/binding-redirect.js +3 -0
- package/build/src/binding-simplesign.js +1 -0
- package/build/src/entity.js +1 -0
- package/build/src/flow.js +4 -0
- package/build/src/libsaml.js +80 -60
- package/build/src/libsamlSoap.js +36 -25
- package/build/src/utility.js +140 -38
- package/package.json +1 -1
- package/types/src/binding-artifact.d.ts.map +1 -1
- package/types/src/binding-post.d.ts.map +1 -1
- package/types/src/binding-redirect.d.ts.map +1 -1
- package/types/src/binding-simplesign.d.ts.map +1 -1
- package/types/src/entity.d.ts.map +1 -1
- package/types/src/flow.d.ts.map +1 -1
- package/types/src/libsaml.d.ts +19 -13
- package/types/src/libsaml.d.ts.map +1 -1
- package/types/src/libsamlSoap.d.ts +1 -1
- package/types/src/libsamlSoap.d.ts.map +1 -1
- package/types/src/types.d.ts +4 -0
- package/types/src/types.d.ts.map +1 -1
- package/types/src/utility.d.ts +17 -2
- package/types/src/utility.d.ts.map +1 -1
|
@@ -268,6 +268,7 @@ function buildRawLoginRequest(referenceTagXPath, entity, customTagReplacement) {
|
|
|
268
268
|
rawSamlMessage: rawSamlRequest,
|
|
269
269
|
isBase64Output: false,
|
|
270
270
|
signingCert: metadata.sp.getX509Certificate('signing'),
|
|
271
|
+
allowCertificateUsageMismatch: spSetting.allowCertificateUsageMismatch,
|
|
271
272
|
signatureConfig: (spSetting.signatureConfig || {
|
|
272
273
|
prefix: 'ds',
|
|
273
274
|
location: {
|
|
@@ -307,6 +308,7 @@ function signSoapEnvelope(message, referenceTagXPath, signatureReference, signer
|
|
|
307
308
|
isBase64Output: false,
|
|
308
309
|
isMessageSigned: false,
|
|
309
310
|
signingCert,
|
|
311
|
+
allowCertificateUsageMismatch: signerSetting.allowCertificateUsageMismatch,
|
|
310
312
|
signatureConfig: {
|
|
311
313
|
prefix: 'ds',
|
|
312
314
|
location: {
|
|
@@ -343,6 +345,7 @@ async function parseArtifactResolveRequest(params) {
|
|
|
343
345
|
}
|
|
344
346
|
const verifiedSoap = await libsamlSoap.verifyAndDecryptSoapMessage(xml, {
|
|
345
347
|
metadata: requester.entityMeta,
|
|
348
|
+
allowCertificateUsageMismatch: responder.entitySetting.allowCertificateUsageMismatch,
|
|
346
349
|
});
|
|
347
350
|
if (!verifiedSoap.verified || verifiedSoap.type !== 'ArtifactResolve') {
|
|
348
351
|
fail('ERR_FAIL_TO_VERIFY_SIGNATURE');
|
|
@@ -403,6 +406,7 @@ async function parseArtifactResolveResponse(params) {
|
|
|
403
406
|
}
|
|
404
407
|
const verifiedSoap = await libsamlSoap.verifyAndDecryptSoapMessage(params.xml, {
|
|
405
408
|
metadata: params.responder.entityMeta,
|
|
409
|
+
allowCertificateUsageMismatch: params.requester.entitySetting.allowCertificateUsageMismatch,
|
|
406
410
|
});
|
|
407
411
|
if (!verifiedSoap.verified || verifiedSoap.type !== 'ArtifactResponse') {
|
|
408
412
|
fail('ERR_FAIL_TO_VERIFY_ETS_SIGNATURE');
|
|
@@ -470,6 +474,7 @@ async function parseResolvedLoginRequestXmlCandidate(params) {
|
|
|
470
474
|
const verificationOptions = {
|
|
471
475
|
metadata: params.sp.entityMeta,
|
|
472
476
|
signatureAlgorithm: params.sp.entitySetting.requestSignatureAlgorithm,
|
|
477
|
+
allowCertificateUsageMismatch: params.idp.entitySetting.allowCertificateUsageMismatch,
|
|
473
478
|
};
|
|
474
479
|
const signatureLooksPresent = /<[^>]*:?Signature\b/.test(samlContent);
|
|
475
480
|
if (params.idp.entityMeta.isWantAuthnRequestsSigned() || signatureLooksPresent) {
|
|
@@ -57,6 +57,7 @@ function base64LoginRequest(referenceTagXPath, entity, customTagReplacement) {
|
|
|
57
57
|
transformationAlgorithms,
|
|
58
58
|
rawSamlMessage: rawSamlRequest,
|
|
59
59
|
signingCert: metadata.sp.getX509Certificate('signing'),
|
|
60
|
+
allowCertificateUsageMismatch: spSetting.allowCertificateUsageMismatch,
|
|
60
61
|
signatureConfig: spSetting.signatureConfig || {
|
|
61
62
|
prefix: 'ds',
|
|
62
63
|
location: {
|
|
@@ -169,6 +170,7 @@ async function base64LoginResponse({ requestInfo = {}, entity, user = {}, custom
|
|
|
169
170
|
privateKeyPass,
|
|
170
171
|
signatureAlgorithm,
|
|
171
172
|
signingCert: metadata.idp.getX509Certificate('signing'),
|
|
173
|
+
allowCertificateUsageMismatch: idpSetting.allowCertificateUsageMismatch,
|
|
172
174
|
isBase64Output: false,
|
|
173
175
|
};
|
|
174
176
|
// step: sign assertion ? -> encrypted ? -> sign message ?
|
|
@@ -281,6 +283,7 @@ function base64LogoutRequest(user, referenceTagXPath, entity, customTagReplaceme
|
|
|
281
283
|
transformationAlgorithms,
|
|
282
284
|
rawSamlMessage: rawSamlRequest,
|
|
283
285
|
signingCert: metadata.init.getX509Certificate('signing'),
|
|
286
|
+
allowCertificateUsageMismatch: initSetting.allowCertificateUsageMismatch,
|
|
284
287
|
signatureConfig: initSetting.signatureConfig || {
|
|
285
288
|
prefix: 'ds',
|
|
286
289
|
location: {
|
|
@@ -345,6 +348,7 @@ function base64LogoutResponse(requestInfo, entity, customTagReplacement) {
|
|
|
345
348
|
signatureAlgorithm,
|
|
346
349
|
rawSamlMessage: rawSamlResponse,
|
|
347
350
|
signingCert: metadata.init.getX509Certificate('signing'),
|
|
351
|
+
allowCertificateUsageMismatch: initSetting.allowCertificateUsageMismatch,
|
|
348
352
|
signatureConfig: {
|
|
349
353
|
prefix: 'ds',
|
|
350
354
|
location: {
|
|
@@ -164,6 +164,7 @@ function loginRequestRedirectURLArt(entity, customTagReplacement) {
|
|
|
164
164
|
isBase64Output: false,
|
|
165
165
|
rawSamlMessage: rawSamlRequest,
|
|
166
166
|
signingCert: metadata.sp.getX509Certificate('signing'),
|
|
167
|
+
allowCertificateUsageMismatch: spSetting.allowCertificateUsageMismatch,
|
|
167
168
|
signatureConfig: spSetting.signatureConfig || {
|
|
168
169
|
prefix: 'ds',
|
|
169
170
|
location: {
|
|
@@ -193,6 +194,7 @@ function loginRequestRedirectURLArt(entity, customTagReplacement) {
|
|
|
193
194
|
transformationAlgorithms,
|
|
194
195
|
rawSamlMessage: soapTemplate,
|
|
195
196
|
signingCert: metadata.sp.getX509Certificate('signing'),
|
|
197
|
+
allowCertificateUsageMismatch: spSetting.allowCertificateUsageMismatch,
|
|
196
198
|
signatureConfig: {
|
|
197
199
|
prefix: 'ds',
|
|
198
200
|
location: { reference: "//*[local-name()='Header']", action: 'after' },
|
|
@@ -276,6 +278,7 @@ function loginResponseRedirectURL(requestInfo, entity, user = {}, relayState, cu
|
|
|
276
278
|
privateKeyPass,
|
|
277
279
|
signatureAlgorithm,
|
|
278
280
|
signingCert: metadata.idp.getX509Certificate('signing'),
|
|
281
|
+
allowCertificateUsageMismatch: idpSetting.allowCertificateUsageMismatch,
|
|
279
282
|
isBase64Output: false,
|
|
280
283
|
};
|
|
281
284
|
// step: sign assertion ? -> encrypted ? -> sign message ?
|
|
@@ -163,6 +163,7 @@ async function base64LoginResponse(requestInfo = {}, entity, user = {}, relaySta
|
|
|
163
163
|
privateKeyPass,
|
|
164
164
|
signatureAlgorithm,
|
|
165
165
|
signingCert: metadata.idp.getX509Certificate('signing'),
|
|
166
|
+
allowCertificateUsageMismatch: idpSetting.allowCertificateUsageMismatch,
|
|
166
167
|
isBase64Output: false,
|
|
167
168
|
};
|
|
168
169
|
// step: sign assertion ? -> encrypted ? -> sign message ?
|
package/build/src/entity.js
CHANGED
|
@@ -18,6 +18,7 @@ const messageSigningOrders = messageConfigurations.signingOrder;
|
|
|
18
18
|
const defaultEntitySetting = {
|
|
19
19
|
strictSecurity: true,
|
|
20
20
|
allowLegacySha1: false,
|
|
21
|
+
allowCertificateUsageMismatch: false,
|
|
21
22
|
wantLogoutResponseSigned: false,
|
|
22
23
|
messageSigningOrder: messageSigningOrders.SIGN_THEN_ENCRYPT,
|
|
23
24
|
wantLogoutRequestSigned: false,
|
package/build/src/flow.js
CHANGED
|
@@ -281,6 +281,7 @@ async function redirectFlow(options) {
|
|
|
281
281
|
const verified = libsaml.verifyMessageSignature(targetEntityMetadata, octetString, base64Signature, sigAlg, {
|
|
282
282
|
strictSecurity: self?.entitySetting?.strictSecurity,
|
|
283
283
|
allowLegacySha1: self?.entitySetting?.allowLegacySha1,
|
|
284
|
+
allowCertificateUsageMismatch: self?.entitySetting?.allowCertificateUsageMismatch,
|
|
284
285
|
});
|
|
285
286
|
if (!verified) {
|
|
286
287
|
// Fail to verify message signature
|
|
@@ -311,6 +312,7 @@ async function postFlow(options) {
|
|
|
311
312
|
const verificationOptions = {
|
|
312
313
|
metadata: from.entityMeta,
|
|
313
314
|
signatureAlgorithm: from.entitySetting.requestSignatureAlgorithm,
|
|
315
|
+
allowCertificateUsageMismatch: self?.entitySetting?.allowCertificateUsageMismatch,
|
|
314
316
|
};
|
|
315
317
|
/** 断言是否加密应根据响应里面的字段判断*/
|
|
316
318
|
let decryptRequired = from.entitySetting.isAssertionEncrypted;
|
|
@@ -418,6 +420,7 @@ async function postArtifactFlow(options) {
|
|
|
418
420
|
const verificationOptions = {
|
|
419
421
|
metadata: from.entityMeta,
|
|
420
422
|
signatureAlgorithm: from.entitySetting.requestSignatureAlgorithm,
|
|
423
|
+
allowCertificateUsageMismatch: self?.entitySetting?.allowCertificateUsageMismatch,
|
|
421
424
|
};
|
|
422
425
|
/** 断言是否加密应根据响应里面的字段判断*/
|
|
423
426
|
let decryptRequired = from.entitySetting.isAssertionEncrypted;
|
|
@@ -524,6 +527,7 @@ async function postSimpleSignFlow(options) {
|
|
|
524
527
|
const verified = libsaml.verifyMessageSignature(targetEntityMetadata, octetString, base64Signature, sigAlg, {
|
|
525
528
|
strictSecurity: self?.entitySetting?.strictSecurity,
|
|
526
529
|
allowLegacySha1: self?.entitySetting?.allowLegacySha1,
|
|
530
|
+
allowCertificateUsageMismatch: self?.entitySetting?.allowCertificateUsageMismatch,
|
|
527
531
|
});
|
|
528
532
|
if (!verified) {
|
|
529
533
|
// Fail to verify message signature
|
package/build/src/libsaml.js
CHANGED
|
@@ -3,9 +3,8 @@
|
|
|
3
3
|
* @author tngan
|
|
4
4
|
* @desc A simple library including some common functions
|
|
5
5
|
*/
|
|
6
|
-
import { X509Certificate } from 'node:crypto';
|
|
7
6
|
import xml from 'xml';
|
|
8
|
-
import utility, { inflateString, isString, normalizeCertificates } from './utility.js';
|
|
7
|
+
import utility, { inflateString, isString, normalizeCertificates, } from './utility.js';
|
|
9
8
|
;
|
|
10
9
|
import * as crypto from 'node:crypto';
|
|
11
10
|
import { algorithms, namespace, wording } from './urn.js';
|
|
@@ -28,21 +27,34 @@ const signatureAlgorithms = algorithms.signature;
|
|
|
28
27
|
const digestAlgorithms = algorithms.signatureToDigestMap;
|
|
29
28
|
const certUse = wording.certUse;
|
|
30
29
|
const urlParams = wording.urlParams;
|
|
31
|
-
function
|
|
32
|
-
|
|
30
|
+
function validateCertificateForUse(certificate, expectedUse, options = {}) {
|
|
31
|
+
return utility.getPublicKeyPemFromCertificate(certificate, {
|
|
32
|
+
...options,
|
|
33
|
+
expectedUse,
|
|
34
|
+
}).toString();
|
|
35
|
+
}
|
|
36
|
+
function resolvePublicKeysFromCertificates(certificates, expectedUse, missingCertificateError, options = {}) {
|
|
37
|
+
const normalizedCertificates = normalizeCertificates(certificates);
|
|
38
|
+
if (normalizedCertificates.length === 0) {
|
|
39
|
+
throw new Error(missingCertificateError);
|
|
40
|
+
}
|
|
41
|
+
return normalizedCertificates.map((certificate) => validateCertificateForUse(certificate, expectedUse, options));
|
|
42
|
+
}
|
|
43
|
+
function resolveSignaturePublicKeys(metadata, options = {}) {
|
|
33
44
|
const metadataCerts = normalizeCertificates(metadata.getX509Certificate(certUse.signing));
|
|
34
|
-
if (
|
|
35
|
-
throw new Error('
|
|
45
|
+
if (metadataCerts.length === 0) {
|
|
46
|
+
throw new Error('ERR_METADATA_MISSING_SIGNING_CERT');
|
|
36
47
|
}
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
|
|
40
|
-
|
|
41
|
-
|
|
42
|
-
|
|
43
|
-
|
|
48
|
+
return resolvePublicKeysFromCertificates(metadataCerts, 'signing', 'ERR_METADATA_MISSING_SIGNING_CERT', options);
|
|
49
|
+
}
|
|
50
|
+
function resolveKeyFilePublicKeys(keyFile, options = {}) {
|
|
51
|
+
return resolvePublicKeysFromCertificates(fs.readFileSync(keyFile).toString(), 'signing', 'ERR_KEYFILE_MISSING_SIGNING_CERT', options);
|
|
52
|
+
}
|
|
53
|
+
function validateConfiguredCertificateUse(certificates, expectedUse, options = {}) {
|
|
54
|
+
const normalizedCertificates = normalizeCertificates(certificates);
|
|
55
|
+
for (const certificate of normalizedCertificates) {
|
|
56
|
+
validateCertificateForUse(certificate, expectedUse, options);
|
|
44
57
|
}
|
|
45
|
-
return metadataCerts.map((cert) => utility.getPublicKeyPemFromCertificate(cert).toString());
|
|
46
58
|
}
|
|
47
59
|
function verifyXmlSignatureWithPublicKeys(signatureNode, xmlCandidates, publicKeys, signatureAlgorithm) {
|
|
48
60
|
let lastError = null;
|
|
@@ -153,6 +165,26 @@ const libSaml = () => {
|
|
|
153
165
|
}
|
|
154
166
|
return false;
|
|
155
167
|
}
|
|
168
|
+
function resolveAllowCertificateUsageMismatch(securityOptions, self) {
|
|
169
|
+
if (securityOptions?.allowCertificateUsageMismatch !== undefined) {
|
|
170
|
+
return securityOptions.allowCertificateUsageMismatch === true;
|
|
171
|
+
}
|
|
172
|
+
const envAllowMismatch = getEnvironmentBoolean('SAMLIFY_ALLOW_CERTIFICATE_USAGE_MISMATCH');
|
|
173
|
+
if (envAllowMismatch !== undefined) {
|
|
174
|
+
return envAllowMismatch;
|
|
175
|
+
}
|
|
176
|
+
const entitySetting = self?.entitySetting;
|
|
177
|
+
if (entitySetting?.allowCertificateUsageMismatch !== undefined) {
|
|
178
|
+
return entitySetting.allowCertificateUsageMismatch === true;
|
|
179
|
+
}
|
|
180
|
+
return false;
|
|
181
|
+
}
|
|
182
|
+
function certificateValidationOptions(expectedUse, securityOptions, self) {
|
|
183
|
+
return {
|
|
184
|
+
expectedUse,
|
|
185
|
+
allowCertificateUsageMismatch: resolveAllowCertificateUsageMismatch(securityOptions, self),
|
|
186
|
+
};
|
|
187
|
+
}
|
|
156
188
|
/**
|
|
157
189
|
* @desc Default login request template
|
|
158
190
|
* @type {LoginRequestTemplate}
|
|
@@ -417,7 +449,12 @@ xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="{ID}"
|
|
|
417
449
|
const { rawSamlMessage, referenceTagXPath, privateKey, privateKeyPass, signatureAlgorithm = signatureAlgorithms.RSA_SHA256, transformationAlgorithms = [
|
|
418
450
|
'http://www.w3.org/2000/09/xmldsig#enveloped-signature',
|
|
419
451
|
'http://www.w3.org/2001/10/xml-exc-c14n#',
|
|
420
|
-
], signingCert, signatureConfig, isBase64Output = true, isMessageSigned = false, } = opts;
|
|
452
|
+
], signingCert, allowCertificateUsageMismatch, signatureConfig, isBase64Output = true, isMessageSigned = false, } = opts;
|
|
453
|
+
const normalizedSigningCert = normalizeCertificates(signingCert)[0];
|
|
454
|
+
if (!normalizedSigningCert) {
|
|
455
|
+
throw new Error('ERR_METADATA_MISSING_SIGNING_CERT');
|
|
456
|
+
}
|
|
457
|
+
const keyInfo = this.getKeyInfo(normalizedSigningCert, signatureConfig, certificateValidationOptions('signing', { allowCertificateUsageMismatch }));
|
|
421
458
|
const sig = new SignedXml();
|
|
422
459
|
// Add assertion sections as reference
|
|
423
460
|
const digestAlgorithm = getDigestMethod(signatureAlgorithm);
|
|
@@ -437,8 +474,8 @@ xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="{ID}"
|
|
|
437
474
|
});
|
|
438
475
|
}
|
|
439
476
|
sig.signatureAlgorithm = signatureAlgorithm;
|
|
440
|
-
sig.publicCert =
|
|
441
|
-
sig.getKeyInfoContent =
|
|
477
|
+
sig.publicCert = keyInfo.getKey();
|
|
478
|
+
sig.getKeyInfoContent = keyInfo.getKeyInfo;
|
|
442
479
|
sig.privateKey = utility.readPrivateKey(privateKey, privateKeyPass, true);
|
|
443
480
|
// Read the target canonicalization algorithm.
|
|
444
481
|
const targetAlgo = transformationAlgorithms[1];
|
|
@@ -459,34 +496,7 @@ xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="{ID}"
|
|
|
459
496
|
},
|
|
460
497
|
// Certificate validation helper.
|
|
461
498
|
validateCertificate(certificateBase64, expectedIssuer) {
|
|
462
|
-
|
|
463
|
-
const cert = new X509Certificate(Buffer.from(certificateBase64, 'base64'));
|
|
464
|
-
// Check certificate validity period.
|
|
465
|
-
const now = new Date();
|
|
466
|
-
if (new Date(cert.validFrom) > now || new Date(cert.validTo) < now) {
|
|
467
|
-
throw new Error('Certificate has expired or is not yet valid');
|
|
468
|
-
}
|
|
469
|
-
// Check issuer when an expected issuer is provided.
|
|
470
|
-
if (expectedIssuer && !cert.subject.includes(expectedIssuer)) {
|
|
471
|
-
throw new Error('Certificate issuer does not match expected value');
|
|
472
|
-
}
|
|
473
|
-
// Check public key type. RSA and EC are preferred.
|
|
474
|
-
if (!['rsa', 'ec'].includes(cert.publicKey.type.toLowerCase())) {
|
|
475
|
-
throw new Error('Certificate uses unsupported public key type');
|
|
476
|
-
}
|
|
477
|
-
return {
|
|
478
|
-
isValid: true,
|
|
479
|
-
subject: cert.subject,
|
|
480
|
-
issuer: cert.issuer,
|
|
481
|
-
publicKey: cert.publicKey
|
|
482
|
-
};
|
|
483
|
-
}
|
|
484
|
-
catch (error) {
|
|
485
|
-
return {
|
|
486
|
-
isValid: false,
|
|
487
|
-
error: error.message
|
|
488
|
-
};
|
|
489
|
-
}
|
|
499
|
+
return utility.validateCertificate(certificateBase64, { expectedIssuer });
|
|
490
500
|
},
|
|
491
501
|
/**
|
|
492
502
|
* Verify SAML signatures across message, assertion, and encryption combinations.
|
|
@@ -611,10 +621,10 @@ xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="{ID}"
|
|
|
611
621
|
throw new Error('ERR_UNDEFINED_SIGNATURE_VERIFIER_OPTIONS');
|
|
612
622
|
}
|
|
613
623
|
if (opts.keyFile) {
|
|
614
|
-
publicKeys =
|
|
624
|
+
publicKeys = resolveKeyFilePublicKeys(opts.keyFile, certificateValidationOptions('signing', opts, self));
|
|
615
625
|
}
|
|
616
626
|
else if (opts.metadata) {
|
|
617
|
-
publicKeys = resolveSignaturePublicKeys(
|
|
627
|
+
publicKeys = resolveSignaturePublicKeys(opts.metadata, certificateValidationOptions('signing', opts, self));
|
|
618
628
|
}
|
|
619
629
|
// Verify the outer message signature.
|
|
620
630
|
const verifyResult = verifyXmlSignatureWithPublicKeys(signatureNode, [decryptedDoc.toString(), xml], publicKeys, opts.signatureAlgorithm);
|
|
@@ -645,10 +655,10 @@ xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="{ID}"
|
|
|
645
655
|
throw new Error('ERR_UNDEFINED_SIGNATURE_VERIFIER_OPTIONS');
|
|
646
656
|
}
|
|
647
657
|
if (opts.keyFile) {
|
|
648
|
-
publicKeys =
|
|
658
|
+
publicKeys = resolveKeyFilePublicKeys(opts.keyFile, certificateValidationOptions('signing', opts, self));
|
|
649
659
|
}
|
|
650
660
|
else if (opts.metadata) {
|
|
651
|
-
publicKeys = resolveSignaturePublicKeys(
|
|
661
|
+
publicKeys = resolveSignaturePublicKeys(opts.metadata, certificateValidationOptions('signing', opts, self));
|
|
652
662
|
}
|
|
653
663
|
MessageSignatureStatus = verifyXmlSignatureWithPublicKeys(signatureNode, [doc.toString()], publicKeys, signatureAlgorithm).verified;
|
|
654
664
|
if (!MessageSignatureStatus) {
|
|
@@ -670,10 +680,10 @@ xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="{ID}"
|
|
|
670
680
|
throw new Error('ERR_UNDEFINED_SIGNATURE_VERIFIER_OPTIONS');
|
|
671
681
|
}
|
|
672
682
|
if (opts.keyFile) {
|
|
673
|
-
publicKeys =
|
|
683
|
+
publicKeys = resolveKeyFilePublicKeys(opts.keyFile, certificateValidationOptions('signing', opts, self));
|
|
674
684
|
}
|
|
675
685
|
else if (opts.metadata) {
|
|
676
|
-
publicKeys = resolveSignaturePublicKeys(
|
|
686
|
+
publicKeys = resolveSignaturePublicKeys(opts.metadata, certificateValidationOptions('signing', opts, self));
|
|
677
687
|
}
|
|
678
688
|
// Locate the assertion node with exact matching.
|
|
679
689
|
const assertionNode = select("/*[local-name() = 'Response' or local-name() = 'AuthnRequest']/*[local-name() = 'Assertion']", doc)[0];
|
|
@@ -815,10 +825,10 @@ xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="{ID}"
|
|
|
815
825
|
throw new Error('ERR_UNDEFINED_SIGNATURE_VERIFIER_OPTIONS');
|
|
816
826
|
}
|
|
817
827
|
if (opts.keyFile) {
|
|
818
|
-
publicKeys =
|
|
828
|
+
publicKeys = resolveKeyFilePublicKeys(opts.keyFile, certificateValidationOptions('signing', opts));
|
|
819
829
|
}
|
|
820
830
|
if (opts.metadata) {
|
|
821
|
-
publicKeys = resolveSignaturePublicKeys(
|
|
831
|
+
publicKeys = resolveSignaturePublicKeys(opts.metadata, certificateValidationOptions('signing', opts));
|
|
822
832
|
}
|
|
823
833
|
const verifyResult = verifyXmlSignatureWithPublicKeys(signatureNode, [xml], publicKeys, opts.signatureAlgorithm);
|
|
824
834
|
const verified = verifyResult.verified;
|
|
@@ -927,6 +937,7 @@ xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="{ID}"
|
|
|
927
937
|
try {
|
|
928
938
|
const signCerts = normalizeCertificates(metadata.getX509Certificate('signing'));
|
|
929
939
|
const algorithm = getSigningAlgorithm(verifyAlgorithm, securityOptions);
|
|
940
|
+
const validationOptions = certificateValidationOptions('signing', securityOptions);
|
|
930
941
|
if (signCerts.length === 0) {
|
|
931
942
|
throw new Error('ERR_METADATA_MISSING_SIGNING_CERT');
|
|
932
943
|
}
|
|
@@ -934,7 +945,7 @@ xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="{ID}"
|
|
|
934
945
|
let lastError = null;
|
|
935
946
|
for (const signCert of signCerts) {
|
|
936
947
|
try {
|
|
937
|
-
const publicKeyPem =
|
|
948
|
+
const publicKeyPem = validateCertificateForUse(signCert, 'signing', validationOptions);
|
|
938
949
|
const verifier = crypto.createVerify(algorithm);
|
|
939
950
|
verifier.update(octetString, 'utf8');
|
|
940
951
|
if (verifier.verify(publicKeyPem, signatureBuffer)) {
|
|
@@ -960,14 +971,19 @@ xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="{ID}"
|
|
|
960
971
|
* @param {string} x509Certificate certificate
|
|
961
972
|
* @return {string} public key
|
|
962
973
|
*/
|
|
963
|
-
getKeyInfo(x509Certificate, signatureConfig = {}) {
|
|
974
|
+
getKeyInfo(x509Certificate, signatureConfig = {}, validationOptions = { expectedUse: 'signing' }) {
|
|
975
|
+
const normalizedCertificate = normalizeCertificates(x509Certificate)[0];
|
|
976
|
+
if (!normalizedCertificate) {
|
|
977
|
+
throw new Error('ERR_METADATA_MISSING_SIGNING_CERT');
|
|
978
|
+
}
|
|
979
|
+
const expectedUse = validationOptions.expectedUse ?? 'signing';
|
|
964
980
|
const prefix = signatureConfig.prefix ? `${signatureConfig.prefix}:` : '';
|
|
965
981
|
return {
|
|
966
982
|
getKeyInfo: () => {
|
|
967
|
-
return `<${prefix}X509Data><${prefix}X509Certificate>${
|
|
983
|
+
return `<${prefix}X509Data><${prefix}X509Certificate>${normalizedCertificate}</${prefix}X509Certificate></${prefix}X509Data>`;
|
|
968
984
|
},
|
|
969
985
|
getKey: () => {
|
|
970
|
-
return
|
|
986
|
+
return validateCertificateForUse(normalizedCertificate, expectedUse, validationOptions);
|
|
971
987
|
},
|
|
972
988
|
};
|
|
973
989
|
},
|
|
@@ -1003,7 +1019,9 @@ xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="{ID}"
|
|
|
1003
1019
|
if (!encryptPem) {
|
|
1004
1020
|
throw new Error('ERR_METADATA_MISSING_ENCRYPTION_CERT');
|
|
1005
1021
|
}
|
|
1006
|
-
const publicKeyPem =
|
|
1022
|
+
const publicKeyPem = validateCertificateForUse(encryptPem, 'encryption', certificateValidationOptions('encryption', {
|
|
1023
|
+
allowCertificateUsageMismatch: sourceEntitySetting.allowCertificateUsageMismatch,
|
|
1024
|
+
}, sourceEntity));
|
|
1007
1025
|
xmlenc.encrypt(rawAssertionNode.toString(), {
|
|
1008
1026
|
// use xml-encryption module
|
|
1009
1027
|
rsa_pub: Buffer.from(publicKeyPem), // public key from certificate
|
|
@@ -1058,6 +1076,7 @@ xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="{ID}"
|
|
|
1058
1076
|
// Wrap asynchronous decryption in a Promise.
|
|
1059
1077
|
let decryptedResult;
|
|
1060
1078
|
try {
|
|
1079
|
+
validateConfiguredCertificateUse(here?.entityMeta?.getX509Certificate?.(certUse.encrypt), 'encryption', certificateValidationOptions('encryption', opts, here));
|
|
1061
1080
|
const decryptResult = await xmlenc.decrypt(encAssertionXml, {
|
|
1062
1081
|
key: utility.readPrivateKey(hereSetting.encPrivateKey, hereSetting.encPrivateKeyPass),
|
|
1063
1082
|
warnInsecureAlgorithm: true,
|
|
@@ -1090,10 +1109,10 @@ xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="{ID}"
|
|
|
1090
1109
|
throw new Error('ERR_UNDEFINED_SIGNATURE_VERIFIER_OPTIONS');
|
|
1091
1110
|
}
|
|
1092
1111
|
if (opts.keyFile) {
|
|
1093
|
-
publicKeys =
|
|
1112
|
+
publicKeys = resolveKeyFilePublicKeys(opts.keyFile, certificateValidationOptions('signing', opts, here));
|
|
1094
1113
|
}
|
|
1095
1114
|
else if (opts.metadata) {
|
|
1096
|
-
publicKeys = resolveSignaturePublicKeys(
|
|
1115
|
+
publicKeys = resolveSignaturePublicKeys(opts.metadata, certificateValidationOptions('signing', opts, here));
|
|
1097
1116
|
}
|
|
1098
1117
|
// Detect unsafe signature algorithms.
|
|
1099
1118
|
let checkSafeResult = checkUnsafeSignatureAlgorithm(opts.signatureAlgorithm || '');
|
|
@@ -1148,6 +1167,7 @@ xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="{ID}"
|
|
|
1148
1167
|
}
|
|
1149
1168
|
const encAssertionNode = encryptedAssertions[0];
|
|
1150
1169
|
// Prepare the decryption key.
|
|
1170
|
+
validateConfiguredCertificateUse(self?.entityMeta?.getX509Certificate?.(certUse.encrypt), 'encryption', certificateValidationOptions('encryption', undefined, self));
|
|
1151
1171
|
const privateKey = utility.readPrivateKey(self.entitySetting.encPrivateKey, self.entitySetting.encPrivateKeyPass);
|
|
1152
1172
|
// Decrypt the assertion.
|
|
1153
1173
|
const decryptedAssertion = await new Promise((resolve, reject) => {
|
package/build/src/libsamlSoap.js
CHANGED
|
@@ -3,7 +3,6 @@ import { DOMParser } from '@xmldom/xmldom';
|
|
|
3
3
|
import { select } from 'xpath';
|
|
4
4
|
import { SignedXml } from 'xml-crypto-next';
|
|
5
5
|
import utility, { normalizeCertificates } from './utility.js';
|
|
6
|
-
import libsaml from './libsaml.js';
|
|
7
6
|
import { wording } from './urn.js';
|
|
8
7
|
import { getContext } from './api.js';
|
|
9
8
|
function toNodeArray(result) {
|
|
@@ -75,27 +74,31 @@ function serializeWithInheritedNamespaces(node) {
|
|
|
75
74
|
}
|
|
76
75
|
const certUse = wording.certUse;
|
|
77
76
|
const docParser = new DOMParser();
|
|
78
|
-
function
|
|
77
|
+
function certificateValidationOptions(opts) {
|
|
78
|
+
return {
|
|
79
|
+
expectedUse: 'signing',
|
|
80
|
+
allowCertificateUsageMismatch: opts.allowCertificateUsageMismatch === true,
|
|
81
|
+
};
|
|
82
|
+
}
|
|
83
|
+
function publicKeysFromCertificates(certificates, missingCertificateError, opts) {
|
|
84
|
+
const normalizedCertificates = normalizeCertificates(certificates);
|
|
85
|
+
if (normalizedCertificates.length === 0) {
|
|
86
|
+
throw new Error(missingCertificateError);
|
|
87
|
+
}
|
|
88
|
+
return normalizedCertificates.map((certificate) => utility.getPublicKeyPemFromCertificate(certificate, certificateValidationOptions(opts)).toString());
|
|
89
|
+
}
|
|
90
|
+
function resolvePublicCertificates(opts) {
|
|
79
91
|
if (!opts.keyFile && !opts.metadata) {
|
|
80
92
|
throw new Error('ERR_UNDEFINED_SIGNATURE_VERIFIER_OPTIONS');
|
|
81
93
|
}
|
|
82
94
|
if (opts.keyFile) {
|
|
83
|
-
return
|
|
95
|
+
return publicKeysFromCertificates(fs.readFileSync(opts.keyFile).toString(), 'ERR_KEYFILE_MISSING_SIGNING_CERT', opts);
|
|
84
96
|
}
|
|
85
|
-
const certificateNode = toNodeArray(select(".//*[local-name(.)='X509Certificate']", signatureNode));
|
|
86
97
|
const metadataCerts = normalizeCertificates(opts.metadata.getX509Certificate(certUse.signing));
|
|
87
|
-
if (
|
|
88
|
-
throw new Error('
|
|
89
|
-
}
|
|
90
|
-
if (certificateNode.length > 0) {
|
|
91
|
-
const x509CertificateData = certificateNode[0].firstChild?.nodeValue || '';
|
|
92
|
-
const x509Certificate = utility.normalizeCerString(x509CertificateData);
|
|
93
|
-
if (metadataCerts.length > 0 && !metadataCerts.includes(x509Certificate)) {
|
|
94
|
-
throw new Error('ERROR_UNMATCH_CERTIFICATE_DECLARATION_IN_METADATA');
|
|
95
|
-
}
|
|
96
|
-
return [libsaml.getKeyInfo(x509Certificate).getKey()];
|
|
98
|
+
if (metadataCerts.length === 0) {
|
|
99
|
+
throw new Error('ERR_METADATA_MISSING_SIGNING_CERT');
|
|
97
100
|
}
|
|
98
|
-
return metadataCerts
|
|
101
|
+
return publicKeysFromCertificates(metadataCerts, 'ERR_METADATA_MISSING_SIGNING_CERT', opts);
|
|
99
102
|
}
|
|
100
103
|
function uniqueXmlCandidates(candidates) {
|
|
101
104
|
return candidates.filter((candidate, index, list) => typeof candidate === 'string' &&
|
|
@@ -115,21 +118,29 @@ function extractResolvedMessages(rootNode) {
|
|
|
115
118
|
}
|
|
116
119
|
function verifySignature(xml, signatureNodes, opts) {
|
|
117
120
|
for (const signatureNode of signatureNodes) {
|
|
118
|
-
const publicKeys = resolvePublicCertificates(
|
|
121
|
+
const publicKeys = resolvePublicCertificates(opts);
|
|
119
122
|
let verifiedSig = null;
|
|
120
123
|
let lastError = null;
|
|
124
|
+
const parentXml = signatureNode?.parentNode ? serializeWithInheritedNamespaces(signatureNode.parentNode) : '';
|
|
125
|
+
const rawParentXml = signatureNode?.parentNode?.toString?.() || '';
|
|
126
|
+
const xmlCandidates = uniqueXmlCandidates([xml, parentXml, rawParentXml]);
|
|
121
127
|
for (const publicKey of publicKeys) {
|
|
122
|
-
|
|
123
|
-
|
|
124
|
-
|
|
125
|
-
|
|
126
|
-
|
|
127
|
-
|
|
128
|
-
|
|
128
|
+
for (const xmlCandidate of xmlCandidates) {
|
|
129
|
+
try {
|
|
130
|
+
const sig = new SignedXml();
|
|
131
|
+
sig.publicCert = publicKey;
|
|
132
|
+
sig.loadSignature(signatureNode);
|
|
133
|
+
if (sig.checkSignature(xmlCandidate)) {
|
|
134
|
+
verifiedSig = sig;
|
|
135
|
+
break;
|
|
136
|
+
}
|
|
137
|
+
}
|
|
138
|
+
catch (error) {
|
|
139
|
+
lastError = error;
|
|
129
140
|
}
|
|
130
141
|
}
|
|
131
|
-
|
|
132
|
-
|
|
142
|
+
if (verifiedSig) {
|
|
143
|
+
break;
|
|
133
144
|
}
|
|
134
145
|
}
|
|
135
146
|
if (!verifiedSig) {
|
package/build/src/utility.js
CHANGED
|
@@ -6,6 +6,76 @@
|
|
|
6
6
|
import { createPrivateKey, X509Certificate } from 'node:crypto';
|
|
7
7
|
import { deflateRawSync, inflateRawSync } from 'node:zlib';
|
|
8
8
|
const BASE64_STR = 'base64';
|
|
9
|
+
const certificateUsageRequirements = {
|
|
10
|
+
signing: new Set([
|
|
11
|
+
'1.3.6.1.5.5.7.3.3',
|
|
12
|
+
'1.3.6.1.5.5.7.3.36',
|
|
13
|
+
'codesigning',
|
|
14
|
+
'documentsigning',
|
|
15
|
+
'digitalsignature',
|
|
16
|
+
]),
|
|
17
|
+
encryption: new Set([
|
|
18
|
+
'1.3.6.1.5.5.7.3.4',
|
|
19
|
+
'emailprotection',
|
|
20
|
+
'keyencipherment',
|
|
21
|
+
'dataencipherment',
|
|
22
|
+
]),
|
|
23
|
+
};
|
|
24
|
+
function normalizeCertificateInput(certificate) {
|
|
25
|
+
const cleanCert = certificate
|
|
26
|
+
.toString()
|
|
27
|
+
.replace(/-----BEGIN CERTIFICATE-----/g, '')
|
|
28
|
+
.replace(/-----END CERTIFICATE-----/g, '')
|
|
29
|
+
.replace(/\r\n/g, '')
|
|
30
|
+
.replace(/\n/g, '')
|
|
31
|
+
.replace(/\r/g, '')
|
|
32
|
+
.replace(/ /g, '')
|
|
33
|
+
.trim();
|
|
34
|
+
const pemCert = `-----BEGIN CERTIFICATE-----\n${cleanCert}\n-----END CERTIFICATE-----`;
|
|
35
|
+
return { cleanCert, pemCert };
|
|
36
|
+
}
|
|
37
|
+
function normalizeUsageValue(value) {
|
|
38
|
+
return value.trim().toLowerCase();
|
|
39
|
+
}
|
|
40
|
+
function certificateMatchesExpectedUse(cert, expectedUse) {
|
|
41
|
+
const usages = Array.isArray(cert.keyUsage)
|
|
42
|
+
? cert.keyUsage.map(normalizeUsageValue)
|
|
43
|
+
: [];
|
|
44
|
+
if (usages.length === 0) {
|
|
45
|
+
// 证书未声明 EKU/用途限制时,视为不受用途约束,放行使用。
|
|
46
|
+
return true;
|
|
47
|
+
}
|
|
48
|
+
return usages.some((usage) => certificateUsageRequirements[expectedUse].has(usage));
|
|
49
|
+
}
|
|
50
|
+
function describeCertificateUse(expectedUse) {
|
|
51
|
+
const normalizedUse = String(expectedUse ?? '').trim().toLowerCase();
|
|
52
|
+
if (normalizedUse === 'signing') {
|
|
53
|
+
return 'signing(签名)';
|
|
54
|
+
}
|
|
55
|
+
if (normalizedUse === 'encryption') {
|
|
56
|
+
return 'encryption(加密)';
|
|
57
|
+
}
|
|
58
|
+
return normalizedUse || 'unknown';
|
|
59
|
+
}
|
|
60
|
+
function createCertificateValidationError(validation, options = {}) {
|
|
61
|
+
const errorCode = validation.error || 'ERR_INVALID_CERTIFICATE';
|
|
62
|
+
const certificateKeyUsage = Array.isArray(validation.keyUsage)
|
|
63
|
+
? validation.keyUsage.map((usage) => String(usage).trim()).filter(Boolean)
|
|
64
|
+
: [];
|
|
65
|
+
const error = new Error(errorCode);
|
|
66
|
+
error.code = errorCode;
|
|
67
|
+
error.expectedUse = options.expectedUse ?? null;
|
|
68
|
+
error.certificateKeyUsage = certificateKeyUsage;
|
|
69
|
+
error.certificateSubject = validation.subject ?? null;
|
|
70
|
+
error.certificateIssuer = validation.issuer ?? null;
|
|
71
|
+
error.certificateValidFrom = validation.validFrom ?? null;
|
|
72
|
+
error.certificateValidTo = validation.validTo ?? null;
|
|
73
|
+
if (errorCode === 'ERR_CERTIFICATE_USAGE_MISMATCH') {
|
|
74
|
+
const actualUsageText = certificateKeyUsage.length > 0 ? certificateKeyUsage.join(', ') : 'unknown';
|
|
75
|
+
error.message = `${errorCode}: certificate keyUsage=${actualUsageText}, expectedUse=${describeCertificateUse(options.expectedUse)}`;
|
|
76
|
+
}
|
|
77
|
+
return error;
|
|
78
|
+
}
|
|
9
79
|
/**
|
|
10
80
|
* @desc Mimic lodash.zipObject
|
|
11
81
|
* @param arr1 {string[]}
|
|
@@ -177,20 +247,12 @@ function applyDefault(obj1, obj2) {
|
|
|
177
247
|
* @param {string} x509 certificate
|
|
178
248
|
* @return {string} public key fetched from the certificate
|
|
179
249
|
*/
|
|
180
|
-
function getPublicKeyPemFromCertificate(x509CertificateString) {
|
|
181
|
-
|
|
182
|
-
|
|
183
|
-
|
|
184
|
-
|
|
185
|
-
|
|
186
|
-
.replace(/\n/g, '')
|
|
187
|
-
.replace(/\r/g, '')
|
|
188
|
-
.replace(/ /g, '')
|
|
189
|
-
.trim();
|
|
190
|
-
// 将 Base64 字符串转换为 PEM 格式(添加头尾标记)
|
|
191
|
-
const pemCert = `-----BEGIN CERTIFICATE-----\n${cleanCert}\n-----END CERTIFICATE-----`;
|
|
192
|
-
// 解析 X.509 证书
|
|
193
|
-
const cert2 = new X509Certificate(pemCert);
|
|
250
|
+
function getPublicKeyPemFromCertificate(x509CertificateString, options = {}) {
|
|
251
|
+
const validation = validateCertificate(x509CertificateString, options);
|
|
252
|
+
if (!validation.isValid) {
|
|
253
|
+
throw createCertificateValidationError(validation, options);
|
|
254
|
+
}
|
|
255
|
+
const cert2 = validation.certificate || new X509Certificate(normalizeCertificateInput(x509CertificateString).pemCert);
|
|
194
256
|
const publicKeyObject = cert2.publicKey;
|
|
195
257
|
// 导出为 PEM 格式
|
|
196
258
|
return publicKeyObject.export({
|
|
@@ -358,6 +420,9 @@ export function normalizeCertificates(metadataCert) {
|
|
|
358
420
|
// 扁平化嵌套数组
|
|
359
421
|
certArray = flattenDeep(metadataCert);
|
|
360
422
|
}
|
|
423
|
+
else if (Buffer.isBuffer(metadataCert)) {
|
|
424
|
+
certArray = [metadataCert.toString()];
|
|
425
|
+
}
|
|
361
426
|
else if (typeof metadataCert === 'string') {
|
|
362
427
|
// 单个字符串转为数组
|
|
363
428
|
certArray = [metadataCert];
|
|
@@ -374,6 +439,9 @@ export function normalizeCertificates(metadataCert) {
|
|
|
374
439
|
if (cert === null || cert === undefined) {
|
|
375
440
|
return false;
|
|
376
441
|
}
|
|
442
|
+
if (Buffer.isBuffer(cert)) {
|
|
443
|
+
return cert.toString().trim().length > 0;
|
|
444
|
+
}
|
|
377
445
|
if (typeof cert !== 'string') {
|
|
378
446
|
console.warn(`normalizeCertificates: 跳过非字符串证书类型 ${typeof cert}`);
|
|
379
447
|
return false;
|
|
@@ -385,8 +453,9 @@ export function normalizeCertificates(metadataCert) {
|
|
|
385
453
|
return true;
|
|
386
454
|
})
|
|
387
455
|
.map((cert) => {
|
|
456
|
+
const certString = Buffer.isBuffer(cert) ? cert.toString() : cert;
|
|
388
457
|
// 清理证书字符串:移除 PEM 头尾、换行符、空格等
|
|
389
|
-
return
|
|
458
|
+
return certString
|
|
390
459
|
.replace(/-----BEGIN CERTIFICATE-----/g, '')
|
|
391
460
|
.replace(/-----END CERTIFICATE-----/g, '')
|
|
392
461
|
.replace(/\r\n/g, '')
|
|
@@ -410,51 +479,84 @@ export function normalizeCertificates(metadataCert) {
|
|
|
410
479
|
* @param {string} certificateBase64 - Base64 编码的证书(不含 PEM 头尾)
|
|
411
480
|
* @returns {{ isValid: boolean; error?: string }} 验证结果
|
|
412
481
|
*/
|
|
413
|
-
export function validateCertificate(certificateBase64) {
|
|
482
|
+
export function validateCertificate(certificateBase64, options = {}) {
|
|
414
483
|
try {
|
|
415
|
-
|
|
416
|
-
const cleanCert = certificateBase64
|
|
417
|
-
.replace(/-----BEGIN CERTIFICATE-----/g, '')
|
|
418
|
-
.replace(/-----END CERTIFICATE-----/g, '')
|
|
419
|
-
.replace(/\r\n/g, '')
|
|
420
|
-
.replace(/\n/g, '')
|
|
421
|
-
.replace(/\r/g, '')
|
|
422
|
-
.replace(/ /g, '')
|
|
423
|
-
.trim();
|
|
484
|
+
const { cleanCert, pemCert } = normalizeCertificateInput(certificateBase64);
|
|
424
485
|
// 验证 Base64 格式
|
|
425
486
|
const base64Regex = /^[A-Za-z0-9+/]+=*$/;
|
|
426
|
-
if (!base64Regex.test(cleanCert)) {
|
|
487
|
+
if (cleanCert.length === 0 || !base64Regex.test(cleanCert)) {
|
|
427
488
|
return {
|
|
428
489
|
isValid: false,
|
|
429
|
-
error: '
|
|
490
|
+
error: 'ERR_INVALID_CERTIFICATE'
|
|
430
491
|
};
|
|
431
492
|
}
|
|
432
|
-
// 转换为 PEM 格式
|
|
433
|
-
const pemCert = `-----BEGIN CERTIFICATE-----\n${cleanCert}\n-----END CERTIFICATE-----`;
|
|
434
|
-
// 尝试解析证书
|
|
435
493
|
const cert = new X509Certificate(pemCert);
|
|
436
|
-
|
|
437
|
-
|
|
438
|
-
|
|
494
|
+
const certificateDetails = {
|
|
495
|
+
subject: cert.subject,
|
|
496
|
+
issuer: cert.issuer,
|
|
497
|
+
validFrom: cert.validFrom,
|
|
498
|
+
validTo: cert.validTo,
|
|
499
|
+
keyUsage: Array.isArray(cert.keyUsage) ? cert.keyUsage.slice() : [],
|
|
500
|
+
};
|
|
501
|
+
const now = options.validationDate ?? new Date();
|
|
502
|
+
const validFrom = new Date(cert.validFrom);
|
|
503
|
+
const validTo = new Date(cert.validTo);
|
|
504
|
+
if (Number.isNaN(validFrom.getTime()) || Number.isNaN(validTo.getTime())) {
|
|
505
|
+
return {
|
|
506
|
+
isValid: false,
|
|
507
|
+
error: 'ERR_INVALID_CERTIFICATE'
|
|
508
|
+
};
|
|
509
|
+
}
|
|
510
|
+
if (validFrom > now) {
|
|
439
511
|
return {
|
|
440
512
|
isValid: false,
|
|
441
|
-
error: '
|
|
513
|
+
error: 'ERR_CERTIFICATE_NOT_YET_VALID',
|
|
514
|
+
...certificateDetails
|
|
442
515
|
};
|
|
443
516
|
}
|
|
517
|
+
if (validTo < now) {
|
|
518
|
+
return {
|
|
519
|
+
isValid: false,
|
|
520
|
+
error: 'ERR_CERTIFICATE_EXPIRED',
|
|
521
|
+
...certificateDetails
|
|
522
|
+
};
|
|
523
|
+
}
|
|
524
|
+
if (options.expectedIssuer && !cert.issuer.includes(options.expectedIssuer)) {
|
|
525
|
+
return {
|
|
526
|
+
isValid: false,
|
|
527
|
+
error: 'ERR_CERTIFICATE_ISSUER_MISMATCH',
|
|
528
|
+
...certificateDetails
|
|
529
|
+
};
|
|
530
|
+
}
|
|
531
|
+
if (options.expectedUse && !options.allowCertificateUsageMismatch) {
|
|
532
|
+
if (!certificateMatchesExpectedUse(cert, options.expectedUse)) {
|
|
533
|
+
return {
|
|
534
|
+
isValid: false,
|
|
535
|
+
error: 'ERR_CERTIFICATE_USAGE_MISMATCH',
|
|
536
|
+
...certificateDetails
|
|
537
|
+
};
|
|
538
|
+
}
|
|
539
|
+
}
|
|
444
540
|
// 检查公钥类型
|
|
445
541
|
const keyType = cert.publicKey.asymmetricKeyType;
|
|
446
|
-
if (keyType && !['rsa', 'ec'].includes(keyType)) {
|
|
542
|
+
if (keyType && !['rsa', 'ec', 'ed25519', 'ed448'].includes(keyType)) {
|
|
447
543
|
return {
|
|
448
544
|
isValid: false,
|
|
449
|
-
error: '
|
|
545
|
+
error: 'ERR_UNSUPPORTED_CERTIFICATE_KEY_TYPE',
|
|
546
|
+
...certificateDetails
|
|
450
547
|
};
|
|
451
548
|
}
|
|
452
|
-
return {
|
|
549
|
+
return {
|
|
550
|
+
isValid: true,
|
|
551
|
+
publicKey: cert.publicKey,
|
|
552
|
+
certificate: cert,
|
|
553
|
+
...certificateDetails,
|
|
554
|
+
};
|
|
453
555
|
}
|
|
454
556
|
catch (error) {
|
|
455
557
|
return {
|
|
456
558
|
isValid: false,
|
|
457
|
-
error: error instanceof Error ? error.message : '
|
|
559
|
+
error: error instanceof Error ? error.message : 'ERR_INVALID_CERTIFICATE'
|
|
458
560
|
};
|
|
459
561
|
}
|
|
460
562
|
}
|
package/package.json
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"binding-artifact.d.ts","sourceRoot":"","sources":["../../src/binding-artifact.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAGH,OAAO,KAAK,EAAE,cAAc,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AAapE,OAAO,KAAK,EACV,yBAAyB,EACzB,2BAA2B,IAAI,gBAAgB,EAC/C,0BAA0B,IAAI,eAAe,EAC9C,MAAM,YAAY,CAAC;AACpB,OAAO,EACL,kBAAkB,IAAI,sBAAsB,EAE7C,MAAM,eAAe,CAAC;AAOvB,KAAK,mBAAmB,GAAG,gBAAgB,GAAG,eAAe,CAAC;AAU9D,MAAM,WAAW,sBAAuB,SAAQ,cAAc;IAC5D,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,sBAAuB,SAAQ,cAAc;IAC5D,QAAQ,EAAE,MAAM,CAAC;IACjB,cAAc,EAAE,MAAM,CAAC;IACvB,IAAI,EAAE,iBAAiB,CAAC;CACzB;
|
|
1
|
+
{"version":3,"file":"binding-artifact.d.ts","sourceRoot":"","sources":["../../src/binding-artifact.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAGH,OAAO,KAAK,EAAE,cAAc,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AAapE,OAAO,KAAK,EACV,yBAAyB,EACzB,2BAA2B,IAAI,gBAAgB,EAC/C,0BAA0B,IAAI,eAAe,EAC9C,MAAM,YAAY,CAAC;AACpB,OAAO,EACL,kBAAkB,IAAI,sBAAsB,EAE7C,MAAM,eAAe,CAAC;AAOvB,KAAK,mBAAmB,GAAG,gBAAgB,GAAG,eAAe,CAAC;AAU9D,MAAM,WAAW,sBAAuB,SAAQ,cAAc;IAC5D,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,sBAAuB,SAAQ,cAAc;IAC5D,QAAQ,EAAE,MAAM,CAAC;IACjB,cAAc,EAAE,MAAM,CAAC;IACvB,IAAI,EAAE,iBAAiB,CAAC;CACzB;AA8WD,iBAAS,4BAA4B,CAAC,MAAM,EAAE;IAC5C,SAAS,EAAE,mBAAmB,CAAC;IAC/B,SAAS,EAAE,mBAAmB,CAAC;IAC/B,QAAQ,EAAE,MAAM,CAAC;CAClB,GAAG,sBAAsB,CA6BzB;AAED,iBAAe,2BAA2B,CAAC,MAAM,EAAE;IACjD,SAAS,EAAE,mBAAmB,CAAC;IAC/B,SAAS,EAAE,mBAAmB,CAAC;IAC/B,GAAG,EAAE,MAAM,CAAC;CACb;;;;;;GA0CA;AAED,iBAAS,6BAA6B,CAAC,MAAM,EAAE;IAC7C,SAAS,EAAE,mBAAmB,CAAC;IAC/B,SAAS,EAAE,mBAAmB,CAAC;IAC/B,YAAY,EAAE,MAAM,CAAC;IACrB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;;;EAkCA;AAUD,iBAAe,4BAA4B,CAAC,MAAM,EAAE;IAClD,SAAS,EAAE,mBAAmB,CAAC;IAC/B,SAAS,EAAE,mBAAmB,CAAC;IAC/B,GAAG,EAAE,MAAM,CAAC;IACZ,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB;;;;;GAgDA;AAED,iBAAS,kBAAkB,CACzB,iBAAiB,EAAE,MAAM,EACzB,MAAM,EAAE;IACN,GAAG,EAAE,gBAAgB,CAAC;IACtB,EAAE,EAAE,eAAe,CAAC;CACrB,EACD,oBAAoB,CAAC,EAAE,CAAC,QAAQ,EAAE,MAAM,KAAK,cAAc,GAC1D,sBAAsB,CAaxB;AAED,iBAAe,mBAAmB,CAAC,MAAM,EAAE,yBAAyB,GAAG,OAAO,CAAC,sBAAsB,CAAC,CAarG;AAwFD,iBAAe,iBAAiB,CAAC,MAAM,EAAE;IACvC,GAAG,EAAE,gBAAgB,CAAC;IACtB,EAAE,EAAE,eAAe,CAAC;IACpB,OAAO,EAAE,gBAAgB,CAAC;CAC3B;;;;;;;;;GAyCA;AAqCD,iBAAe,kBAAkB,CAAC,MAAM,EAAE;IACxC,GAAG,EAAE,gBAAgB,CAAC;IACtB,EAAE,EAAE,eAAe,CAAC;IACpB,OAAO,EAAE,gBAAgB,CAAC;CAC3B;;;;;;;;;;GA0BA;AAED,eAAO,MAAM,kBAAkB,+BAAyB,CAAC;AAEzD,QAAA,MAAM,eAAe;;;;;;;;;;CAUpB,CAAC;AAEF,eAAe,eAAe,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"binding-post.d.ts","sourceRoot":"","sources":["../../src/binding-post.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAIH,OAAO,KAAK,EAAC,cAAc,EAAC,MAAM,aAAa,CAAC;AAQhD,OAAO,EAAC,yBAAyB,EAAC,MAAM,YAAY,CAAC;AAMrD;;;;;GAKG;AACH,iBAAS,kBAAkB,CAAC,iBAAiB,EAAE,MAAM,EAAE,MAAM,EAAE,GAAG,EAAE,oBAAoB,CAAC,EAAE,CAAC,QAAQ,EAAE,MAAM,KAAK,cAAc,GAAG,cAAc,
|
|
1
|
+
{"version":3,"file":"binding-post.d.ts","sourceRoot":"","sources":["../../src/binding-post.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAIH,OAAO,KAAK,EAAC,cAAc,EAAC,MAAM,aAAa,CAAC;AAQhD,OAAO,EAAC,yBAAyB,EAAC,MAAM,YAAY,CAAC;AAMrD;;;;;GAKG;AACH,iBAAS,kBAAkB,CAAC,iBAAiB,EAAE,MAAM,EAAE,MAAM,EAAE,GAAG,EAAE,oBAAoB,CAAC,EAAE,CAAC,QAAQ,EAAE,MAAM,KAAK,cAAc,GAAG,cAAc,CAuE/I;AAGD;;;;;;;;;GASG;AACH,iBAAe,mBAAmB,CAAC,EAC/B,WAAgB,EAChB,MAAM,EACN,IAAS,EACT,oBAAoB,EACpB,eAAuB,EACvB,kBAAuB,EACvB,OAAO,EACP,kBAAiC,GACpC,EAAE,yBAAyB,GAAG,OAAO,CAAC,cAAc,CAAC,CA+JrD;AAED;;;;;;;GAOG;AACH,iBAAS,mBAAmB,CAAC,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE,iBAAiB,EAAE,MAAM,EAAE,MAAM,KAAA,EAAE,oBAAoB,CAAC,EAAE,CAAC,QAAQ,EAAE,MAAM,KAAK,cAAc,GAAG,cAAc,CA4D1K;AAED;;;;;;GAMG;AACH,iBAAS,oBAAoB,CAAC,WAAW,EAAE,GAAG,EAAE,MAAM,EAAE,GAAG,EAAE,oBAAoB,EAAE,CAAC,QAAQ,EAAE,MAAM,KAAK,cAAc,GAAG,cAAc,CA8DvI;AAED,QAAA,MAAM,WAAW;;;;;CAKhB,CAAC;AAEF,eAAe,WAAW,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"binding-redirect.d.ts","sourceRoot":"","sources":["../../src/binding-redirect.ts"],"names":[],"mappings":"AAOA,OAAO,KAAK,EAAC,cAAc,EAAC,MAAM,aAAa,CAAC;AAChD,OAAO,EAAC,gBAAgB,IAAI,GAAG,EAAC,MAAM,iBAAiB,CAAC;AACxD,OAAO,EAAC,eAAe,IAAI,EAAE,EAAC,MAAM,gBAAgB,CAAC;AAQrD,MAAM,WAAW,mBAAmB;IAChC,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,OAAO,CAAC;IAClB,OAAO,EAAE,MAAM,CAAC;IAChB,aAAa,EAAE,GAAG,CAAC;IACnB,UAAU,CAAC,EAAE,MAAM,CAAC;CACvB;AAqED;;;;;GAKG;AAEH,iBAAS,uBAAuB,CAAC,MAAM,EAAE;IACrC,GAAG,EAAE,GAAG,CAAC;IACT,EAAE,EAAE,EAAE,CAAC;IACP,IAAI,CAAC,EAAE,OAAO,CAAA;CACjB,EAAE,oBAAoB,CAAC,EAAE,CAAC,QAAQ,EAAE,MAAM,KAAK,cAAc,GAAG,GAAG,CAgDnE;AACD;;;;;GAKG;AAEH,iBAAS,0BAA0B,CAAC,MAAM,EAAE;IACxC,GAAG,EAAE,GAAG,CAAC;IACT,EAAE,EAAE,EAAE,CAAC;IAAC,UAAU,CAAC,EAAE,MAAM,CAAA;CAC9B,EAAE,oBAAoB,CAAC,EAAE,CAAC,QAAQ,EAAE,MAAM,KAAK,cAAc,GAAG,GAAG,
|
|
1
|
+
{"version":3,"file":"binding-redirect.d.ts","sourceRoot":"","sources":["../../src/binding-redirect.ts"],"names":[],"mappings":"AAOA,OAAO,KAAK,EAAC,cAAc,EAAC,MAAM,aAAa,CAAC;AAChD,OAAO,EAAC,gBAAgB,IAAI,GAAG,EAAC,MAAM,iBAAiB,CAAC;AACxD,OAAO,EAAC,eAAe,IAAI,EAAE,EAAC,MAAM,gBAAgB,CAAC;AAQrD,MAAM,WAAW,mBAAmB;IAChC,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,OAAO,CAAC;IAClB,OAAO,EAAE,MAAM,CAAC;IAChB,aAAa,EAAE,GAAG,CAAC;IACnB,UAAU,CAAC,EAAE,MAAM,CAAC;CACvB;AAqED;;;;;GAKG;AAEH,iBAAS,uBAAuB,CAAC,MAAM,EAAE;IACrC,GAAG,EAAE,GAAG,CAAC;IACT,EAAE,EAAE,EAAE,CAAC;IACP,IAAI,CAAC,EAAE,OAAO,CAAA;CACjB,EAAE,oBAAoB,CAAC,EAAE,CAAC,QAAQ,EAAE,MAAM,KAAK,cAAc,GAAG,GAAG,CAgDnE;AACD;;;;;GAKG;AAEH,iBAAS,0BAA0B,CAAC,MAAM,EAAE;IACxC,GAAG,EAAE,GAAG,CAAC;IACT,EAAE,EAAE,EAAE,CAAC;IAAC,UAAU,CAAC,EAAE,MAAM,CAAA;CAC9B,EAAE,oBAAoB,CAAC,EAAE,CAAC,QAAQ,EAAE,MAAM,KAAK,cAAc,GAAG,GAAG,CAuGnE;AAID;;;;;;;;GAQG;AACH,iBAAS,wBAAwB,CAAC,WAAW,EAAE,GAAG,EAAE,MAAM,EAAE,GAAG,EAAE,IAAI,GAAE,GAAQ,EAAE,UAAU,CAAC,EAAE,MAAM,EAAE,oBAAoB,CAAC,EAAE,CAAC,QAAQ,EAAE,MAAM,KAAK,cAAc,EAAE,kBAAkB,UAAK,GAAG,cAAc,CAoG1M;AAED;;;;;;GAMG;AACH,iBAAS,wBAAwB,CAAC,IAAI,KAAA,EAAE,MAAM,KAAA,EAAE,UAAU,CAAC,EAAE,MAAM,EAAE,oBAAoB,CAAC,EAAE,CAAC,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,KAAK,cAAc,GAAG,cAAc,CAwC9J;AAED;;;;;GAKG;AACF,iBAAS,yBAAyB,CAAC,WAAW,EAAE,GAAG,EAAE,MAAM,EAAE,GAAG,EAAE,UAAU,CAAC,EAAE,MAAM,EAAE,oBAAoB,CAAC,EAAE,CAAC,QAAQ,EAAE,MAAM,KAAK,cAAc,GAAG,cAAc,CAyCnK;AAED,QAAA,MAAM,eAAe;;;;;;CAMpB,CAAC;AAEF,eAAe,eAAe,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"binding-simplesign.d.ts","sourceRoot":"","sources":["../../src/binding-simplesign.ts"],"names":[],"mappings":"AAAA;;;;EAIE;AAGF,OAAQ,KAAK,EAAE,cAAc,EAAE,yBAAyB,EAAE,MAAM,aAAa,CAAC;AAO9E,MAAM,WAAW,qBAAqB;IACpC,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,aAAa,EAAE,GAAG,CAAC;IACnB,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,wBAAwB;IACvC,EAAE,EAAE,MAAM,CAAC;IACX,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,GAAG,CAAC;IACf,MAAM,EAAE,MAAM,CAAC;CAChB;AAiDD;;;;;EAKE;AACF,iBAAS,kBAAkB,CAAC,MAAM,EAAE,GAAG,EAAE,oBAAoB,CAAC,EAAE,CAAC,QAAQ,EAAE,MAAM,KAAK,cAAc,GAAG,yBAAyB,CAkD/H;AACD;;;;;;;;GAQG;AACH,iBAAe,mBAAmB,CAAC,WAAW,EAAE,GAAG,YAAK,EAAE,MAAM,EAAE,GAAG,EAAE,IAAI,GAAE,GAAQ,EAAE,UAAU,CAAC,EAAE,MAAM,EAAE,oBAAoB,CAAC,EAAE,CAAC,QAAQ,EAAE,MAAM,KAAK,cAAc,EAAE,kBAAkB,GAAC,EAAO,GAAG,OAAO,CAAC,wBAAwB,CAAC,
|
|
1
|
+
{"version":3,"file":"binding-simplesign.d.ts","sourceRoot":"","sources":["../../src/binding-simplesign.ts"],"names":[],"mappings":"AAAA;;;;EAIE;AAGF,OAAQ,KAAK,EAAE,cAAc,EAAE,yBAAyB,EAAE,MAAM,aAAa,CAAC;AAO9E,MAAM,WAAW,qBAAqB;IACpC,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,aAAa,EAAE,GAAG,CAAC;IACnB,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,wBAAwB;IACvC,EAAE,EAAE,MAAM,CAAC;IACX,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,GAAG,CAAC;IACf,MAAM,EAAE,MAAM,CAAC;CAChB;AAiDD;;;;;EAKE;AACF,iBAAS,kBAAkB,CAAC,MAAM,EAAE,GAAG,EAAE,oBAAoB,CAAC,EAAE,CAAC,QAAQ,EAAE,MAAM,KAAK,cAAc,GAAG,yBAAyB,CAkD/H;AACD;;;;;;;;GAQG;AACH,iBAAe,mBAAmB,CAAC,WAAW,EAAE,GAAG,YAAK,EAAE,MAAM,EAAE,GAAG,EAAE,IAAI,GAAE,GAAQ,EAAE,UAAU,CAAC,EAAE,MAAM,EAAE,oBAAoB,CAAC,EAAE,CAAC,QAAQ,EAAE,MAAM,KAAK,cAAc,EAAE,kBAAkB,GAAC,EAAO,GAAG,OAAO,CAAC,wBAAwB,CAAC,CAmGtO;AAED,QAAA,MAAM,iBAAiB;;;CAGpB,CAAC;AAEJ,eAAe,iBAAiB,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"entity.d.ts","sourceRoot":"","sources":["../../src/entity.ts"],"names":[],"mappings":"AAQA,OAAoB,EAAE,WAAW,IAAI,sBAAsB,EAAE,MAAM,mBAAmB,CAAC;AACvF,OAAmB,EAAE,UAAU,IAAI,qBAAqB,EAAE,MAAM,kBAAkB,CAAC;AAGnF,OAAQ,KAAK,EAAE,sBAAsB,EAAE,qBAAqB,EAAE,aAAa,EAAE,MAAM,YAAY,CAAC;AAChG,OAAO,EAAQ,KAAK,UAAU,EAAE,MAAM,WAAW,CAAC;AAClD,OAAO,EACH,0BAA0B,IAAI,eAAe,EAIhD,MAAM,YAAY,CAAC;
|
|
1
|
+
{"version":3,"file":"entity.d.ts","sourceRoot":"","sources":["../../src/entity.ts"],"names":[],"mappings":"AAQA,OAAoB,EAAE,WAAW,IAAI,sBAAsB,EAAE,MAAM,mBAAmB,CAAC;AACvF,OAAmB,EAAE,UAAU,IAAI,qBAAqB,EAAE,MAAM,kBAAkB,CAAC;AAGnF,OAAQ,KAAK,EAAE,sBAAsB,EAAE,qBAAqB,EAAE,aAAa,EAAE,MAAM,YAAY,CAAC;AAChG,OAAO,EAAQ,KAAK,UAAU,EAAE,MAAM,WAAW,CAAC;AAClD,OAAO,EACH,0BAA0B,IAAI,eAAe,EAIhD,MAAM,YAAY,CAAC;AAuBpB,MAAM,WAAW,gBAAgB;IAC/B,KAAK,CAAC,EAAE,GAAG,CAAC;IACZ,IAAI,CAAC,EAAE,GAAG,CAAC;IACX,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED,MAAM,WAAW,cAAc;IAC7B,OAAO,EAAE,MAAM,CAAC;IAChB,EAAE,EAAE,MAAM,CAAC;CACZ;AAED,MAAM,WAAW,kBAAmB,SAAQ,cAAc;IACxD,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,cAAc,EAAE,MAAM,CAAC;IACvB,IAAI,EAAE,MAAM,CAAC;CACd;AAED,MAAM,WAAW,wBAAyB,SAAQ,kBAAkB;IAClE,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,WAAW,yBAA0B,SAAQ,cAAc;IAC/D,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,WAAW;IAC1B,WAAW,EAAE,MAAM,CAAC;IACpB,OAAO,EAAE,GAAG,CAAC;IACb,MAAM,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,MAAM,iBAAiB,GAAG,CAAC,sBAAsB,GAAG,qBAAqB,CAAC,GAC5E;IAAE,QAAQ,CAAC,EAAE,MAAM,GAAG,MAAM,CAAA;CAAE,CAAC;AAEnC,MAAM,CAAC,OAAO,OAAO,MAAM;IACzB,aAAa,EAAE,aAAa,CAAC;IAC7B,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,sBAAsB,GAAG,qBAAqB,CAAC;IAE3D;;;MAGE;gBACU,aAAa,EAAE,iBAAiB,EAAE,UAAU,EAAE,KAAK,GAAG,IAAI;IA0BtE;;;MAGE;IACF,gBAAgB;IAGhB;;;MAGE;IACF,WAAW,IAAI,MAAM;IAIrB;;;MAGE;IACF,cAAc,CAAC,UAAU,EAAE,MAAM;IAIjC;;;;MAIE;IACF,YAAY,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,EAAE,EAAE,SAAS,EAAE,MAAM,GAAG,OAAO;IAgBlE;;;;;;MAME;IACF,mBAAmB,CAAC,YAAY,KAAA,EAAE,OAAO,KAAA,EAAE,IAAI,KAAA,EAAE,UAAU,SAAK,EAAE,oBAAoB,CAAC,KAAA,GAAG,cAAc,GAAG,kBAAkB;IAqB7H;;;OAGG;IAIK,oBAAoB,CAAG,MAAM,EAAE;QACjC,EAAE,EAAE,eAAe,CAAC;QACpB,WAAW,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;QAClC,OAAO,CAAC,EAAE,MAAM,CAAC;QACjB,UAAU,CAAC,EAAE,MAAM,CAAC;QACpB,oBAAoB,CAAC,EAAE,CAAC,QAAQ,EAAE,MAAM,KAAK,cAAc,GAAG,kBAAkB,CAAC;KACpF,GAAG,OAAO,CAAC,cAAc,GAAG,kBAAkB,CAAC;IAyBlD;;;;;;MAME;IACF,kBAAkB,CAAC,IAAI,KAAA,EAAE,OAAO,KAAA,EAAE,OAAO,EAAE,gBAAgB;IAY3D;;;;;;MAME;IACF,mBAAmB,CAAC,IAAI,KAAA,EAAE,OAAO,KAAA,EAAE,OAAO,EAAE,gBAAgB;CAY7D"}
|
package/types/src/flow.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"flow.d.ts","sourceRoot":"","sources":["../../src/flow.ts"],"names":[],"mappings":"AAqBA,MAAM,WAAW,UAAU;IACvB,WAAW,EAAE,MAAM,CAAC;IACpB,OAAO,EAAE,GAAG,CAAC;IACb,MAAM,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;CAC1B;
|
|
1
|
+
{"version":3,"file":"flow.d.ts","sourceRoot":"","sources":["../../src/flow.ts"],"names":[],"mappings":"AAqBA,MAAM,WAAW,UAAU;IACvB,WAAW,EAAE,MAAM,CAAC;IACpB,OAAO,EAAE,GAAG,CAAC;IACb,MAAM,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;CAC1B;AAgsBD,wBAAgB,WAAW,CAAC,OAAO,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,OAAO,GAAG,OAAO,CAAC,MAAM,CAAC,CA8BhG;AAED,wBAAgB,IAAI,CAAC,OAAO,KAAA,GAAG,OAAO,CAAC,UAAU,CAAC,CA0BjD"}
|
package/types/src/libsaml.d.ts
CHANGED
|
@@ -1,3 +1,4 @@
|
|
|
1
|
+
import { type CertificateValidationOptions } from './utility.js';
|
|
1
2
|
import * as crypto from 'node:crypto';
|
|
2
3
|
import type { MetadataInterface } from './metadata.js';
|
|
3
4
|
/**
|
|
@@ -8,10 +9,11 @@ import type { MetadataInterface } from './metadata.js';
|
|
|
8
9
|
export interface SignatureConstructor {
|
|
9
10
|
rawSamlMessage: string;
|
|
10
11
|
referenceTagXPath?: string;
|
|
11
|
-
privateKey: string;
|
|
12
|
+
privateKey: string | Buffer;
|
|
12
13
|
privateKeyPass?: string;
|
|
13
14
|
signatureAlgorithm: string;
|
|
14
15
|
signingCert: string | Buffer;
|
|
16
|
+
allowCertificateUsageMismatch?: boolean;
|
|
15
17
|
isBase64Output?: boolean;
|
|
16
18
|
signatureConfig?: any;
|
|
17
19
|
isMessageSigned?: boolean;
|
|
@@ -23,10 +25,12 @@ export interface SignatureVerifierOptions {
|
|
|
23
25
|
signatureAlgorithm?: string;
|
|
24
26
|
strictSecurity?: boolean;
|
|
25
27
|
allowLegacySha1?: boolean;
|
|
28
|
+
allowCertificateUsageMismatch?: boolean;
|
|
26
29
|
}
|
|
27
30
|
export interface SignatureSecurityOptions {
|
|
28
31
|
strictSecurity?: boolean;
|
|
29
32
|
allowLegacySha1?: boolean;
|
|
33
|
+
allowCertificateUsageMismatch?: boolean;
|
|
30
34
|
}
|
|
31
35
|
export interface ExtractorResult {
|
|
32
36
|
[key: string]: any;
|
|
@@ -79,7 +83,10 @@ export interface LibSamlInterface {
|
|
|
79
83
|
createKeySection: (use: KeyUse, cert: string | Buffer) => {};
|
|
80
84
|
constructMessageSignature: (octetString: string, key: string, passphrase?: string, isBase64?: boolean, signingAlgorithm?: string, securityOptions?: SignatureSecurityOptions) => string;
|
|
81
85
|
verifyMessageSignature: (metadata: any, octetString: string, signature: string | Buffer, verifyAlgorithm?: string, securityOptions?: SignatureSecurityOptions) => boolean;
|
|
82
|
-
getKeyInfo: (x509Certificate: string, signatureConfig?: any) =>
|
|
86
|
+
getKeyInfo: (x509Certificate: string | Buffer, signatureConfig?: any, validationOptions?: CertificateValidationOptions) => {
|
|
87
|
+
getKeyInfo: () => string;
|
|
88
|
+
getKey: () => string;
|
|
89
|
+
};
|
|
83
90
|
encryptAssertion: (sourceEntity: any, targetEntity: any, entireXML: string) => Promise<string>;
|
|
84
91
|
decryptAssertion: (here: any, entireXML: string) => Promise<[string, any]>;
|
|
85
92
|
getSigningScheme: (sigAlg: string) => string | null;
|
|
@@ -173,6 +180,7 @@ declare const _default: {
|
|
|
173
180
|
privateKeyPass?: string;
|
|
174
181
|
signatureAlgorithm: string;
|
|
175
182
|
signingCert: any;
|
|
183
|
+
allowCertificateUsageMismatch?: boolean;
|
|
176
184
|
isBase64Output?: boolean;
|
|
177
185
|
rawSamlMessage: any;
|
|
178
186
|
transformationAlgorithms?: string[] | undefined;
|
|
@@ -187,16 +195,14 @@ declare const _default: {
|
|
|
187
195
|
}): string;
|
|
188
196
|
validateCertificate(certificateBase64: string, expectedIssuer?: string): {
|
|
189
197
|
isValid: boolean;
|
|
190
|
-
|
|
191
|
-
|
|
192
|
-
|
|
193
|
-
|
|
194
|
-
|
|
195
|
-
|
|
196
|
-
|
|
197
|
-
|
|
198
|
-
issuer?: undefined;
|
|
199
|
-
publicKey?: undefined;
|
|
198
|
+
error?: string;
|
|
199
|
+
subject?: string;
|
|
200
|
+
issuer?: string;
|
|
201
|
+
publicKey?: any;
|
|
202
|
+
certificate?: crypto.X509Certificate;
|
|
203
|
+
validFrom?: string;
|
|
204
|
+
validTo?: string;
|
|
205
|
+
keyUsage?: string[];
|
|
200
206
|
};
|
|
201
207
|
/**
|
|
202
208
|
* Verify SAML signatures across message, assertion, and encryption combinations.
|
|
@@ -238,7 +244,7 @@ declare const _default: {
|
|
|
238
244
|
* @param {string} x509Certificate certificate
|
|
239
245
|
* @return {string} public key
|
|
240
246
|
*/
|
|
241
|
-
getKeyInfo(x509Certificate: string, signatureConfig?: any): {
|
|
247
|
+
getKeyInfo(x509Certificate: string | Buffer, signatureConfig?: any, validationOptions?: CertificateValidationOptions): {
|
|
242
248
|
getKeyInfo: () => string;
|
|
243
249
|
getKey: () => string;
|
|
244
250
|
};
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"libsaml.d.ts","sourceRoot":"","sources":["../../src/libsaml.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"libsaml.d.ts","sourceRoot":"","sources":["../../src/libsaml.ts"],"names":[],"mappings":"AAMA,OAAgB,EAMd,KAAK,4BAA4B,EAClC,MAAM,cAAc,CAAC;AACtB,OAAQ,KAAK,MAAM,MAAM,aAAa,CAAA;AAItC,OAAO,KAAK,EAAC,iBAAiB,EAAC,MAAM,eAAe,CAAC;AAkIrD;;;;GAIG;AAGH,MAAM,WAAW,oBAAoB;IACnC,cAAc,EAAE,MAAM,CAAC;IACvB,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,UAAU,EAAE,MAAM,GAAG,MAAM,CAAC;IAC5B,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,kBAAkB,EAAE,MAAM,CAAC;IAC3B,WAAW,EAAE,MAAM,GAAG,MAAM,CAAC;IAC7B,6BAA6B,CAAC,EAAE,OAAO,CAAC;IACxC,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB,eAAe,CAAC,EAAE,GAAG,CAAC;IACtB,eAAe,CAAC,EAAE,OAAO,CAAC;IAC1B,wBAAwB,CAAC,EAAE,MAAM,EAAE,CAAC;CACrC;AAED,MAAM,WAAW,wBAAwB;IACvC,QAAQ,CAAC,EAAE,iBAAiB,CAAC;IAC7B,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB,eAAe,CAAC,EAAE,OAAO,CAAC;IAC1B,6BAA6B,CAAC,EAAE,OAAO,CAAC;CACzC;AAED,MAAM,WAAW,wBAAwB;IACvC,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB,eAAe,CAAC,EAAE,OAAO,CAAC;IAC1B,6BAA6B,CAAC,EAAE,OAAO,CAAC;CACzC;AAED,MAAM,WAAW,eAAe;IAC9B,CAAC,GAAG,EAAE,MAAM,GAAG,GAAG,CAAC;IAEnB,SAAS,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;IAC9B,MAAM,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;IAC3B,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,QAAQ,CAAC,EAAE,OAAO,CAAC;CACpB;AAED,MAAM,WAAW,sBAAsB;IACrC,IAAI,EAAE,MAAM,CAAC;IACb,UAAU,EAAE,MAAM,CAAC;IACnB,YAAY,EAAE,MAAM,CAAC;IACrB,QAAQ,EAAE,MAAM,CAAC;IACjB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,IAAI,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;CAC1B;AAED,MAAM,WAAW,gCAAgC;IAC/C,0BAA0B,CAAC,EAAE,0BAA0B,CAAC;IACxD,iBAAiB,CAAC,EAAE,iBAAiB,CAAC;CACvC;AAED,MAAM,WAAW,gBAAgB;IAC/B,OAAO,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,qBAAsB,SAAQ,gBAAgB;IAC7D,UAAU,CAAC,EAAE,sBAAsB,EAAE,CAAC;IACtC,mBAAmB,CAAC,EAAE,gCAAgC,CAAC;CACxD;AAED,MAAM,WAAW,0BAA2B,SAAQ,gBAAgB;CACnE;AAED,MAAM,WAAW,iBAAkB,SAAQ,gBAAgB;CAC1D;AAED,MAAM,WAAW,oBAAqB,SAAQ,gBAAgB;CAC7D;AAED,MAAM,WAAW,qBAAsB,SAAQ,gBAAgB;CAC9D;AAED,MAAM,WAAW,sBAAuB,SAAQ,gBAAgB;CAC/D;AAED,MAAM,MAAM,MAAM,GAAG,SAAS,GAAG,YAAY,CAAC;AAE9C,MAAM,WAAW,YAAY;IAC3B,CAAC,GAAG,EAAE,MAAM,GAAG,GAAG,CAAC;CACpB;AAED,MAAM,WAAW,gBAAgB;IAC/B,mBAAmB,EAAE,CAAC,IAAI,EAAE,MAAM,KAAK,MAAM,CAAC;IAC9C,WAAW,EAAE,CAAC,KAAK,KAAA,EAAE,YAAY,CAAC,EAAE,OAAO,KAAK,MAAM,CAAC;IACvD,kBAAkB,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,SAAS,EAAE,GAAG,KAAK,MAAM,CAAC;IAC/D,yBAAyB,EAAE,CAAC,UAAU,EAAE,sBAAsB,EAAE,EAAE,iBAAiB,EAAE,iBAAiB,EAAE,0BAA0B,EAAE,0BAA0B,KAAK,MAAM,CAAC;IAC1K,sBAAsB,EAAE,CAAC,IAAI,EAAE,oBAAoB,KAAK,MAAM,CAAC;IAC/D,eAAe,EAAE,CAAC,GAAG,EAAE,MAAM,EAAE,IAAI,EAAE,wBAAwB,KAAK,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;IACjF,gBAAgB,EAAE,CAAC,GAAG,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,MAAM,KAAK,EAAE,CAAC;IAC7D,yBAAyB,EAAE,CAAC,WAAW,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,EAAE,UAAU,CAAC,EAAE,MAAM,EAAE,QAAQ,CAAC,EAAE,OAAO,EAAE,gBAAgB,CAAC,EAAE,MAAM,EAAE,eAAe,CAAC,EAAE,wBAAwB,KAAK,MAAM,CAAC;IAExL,sBAAsB,EAAE,CAAC,QAAQ,KAAA,EAAE,WAAW,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,MAAM,EAAE,eAAe,CAAC,EAAE,MAAM,EAAE,eAAe,CAAC,EAAE,wBAAwB,KAAK,OAAO,CAAC;IACrK,UAAU,EAAE,CAAC,eAAe,EAAE,MAAM,GAAG,MAAM,EAAE,eAAe,CAAC,EAAE,GAAG,EAAE,iBAAiB,CAAC,EAAE,4BAA4B,KAAK;QACzH,UAAU,EAAE,MAAM,MAAM,CAAC;QACzB,MAAM,EAAE,MAAM,MAAM,CAAC;KACtB,CAAC;IACF,gBAAgB,EAAE,CAAC,YAAY,KAAA,EAAE,YAAY,KAAA,EAAE,SAAS,EAAE,MAAM,KAAK,OAAO,CAAC,MAAM,CAAC,CAAC;IACrF,gBAAgB,EAAE,CAAC,IAAI,KAAA,EAAE,SAAS,EAAE,MAAM,KAAK,OAAO,CAAC,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC,CAAC;IAEtE,gBAAgB,EAAE,CAAC,MAAM,EAAE,MAAM,KAAK,MAAM,GAAG,IAAI,CAAC;IACpD,eAAe,EAAE,CAAC,MAAM,EAAE,MAAM,KAAK,MAAM,GAAG,IAAI,CAAC;IAEnD,2BAA2B,EAAE,oBAAoB,CAAC;IAClD,4BAA4B,EAAE,qBAAqB,CAAC;IACpD,iCAAiC,EAAE,0BAA0B,CAAC;IAC9D,wBAAwB,EAAE,iBAAiB,CAAC;IAC5C,4BAA4B,EAAE,qBAAqB,CAAC;IACpD,6BAA6B,EAAE,sBAAsB,CAAC;CACvD;;6CA6S4C,OAAO,KAAG,MAAM;gCAhSxB,MAAM;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;wDAgBkB,MAAM;;;;IA6T/D;;;;;OAKG;+BACwB,MAAM,aAAa,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,MAAM;IAS9E;;;;;;OAMG;IACH,eAAe;6CAC0B,GAAG,EAAE,GAAG,MAAM;IA0CvD;;;OAGG;iCAC0B;QAC3B,eAAe,CAAC,EAAE,OAAO,CAAC;QAC1B,UAAU,EAAE,MAAM,GAAG,MAAM,CAAC;QAC5B,cAAc,CAAC,EAAE,MAAM,CAAC;QACxB,kBAAkB,EAAE,MAAM,CAAC;QAC3B,WAAW,EAAE,GAAG,CAAC;QACjB,6BAA6B,CAAC,EAAE,OAAO,CAAC;QACxC,cAAc,CAAC,EAAE,OAAO,CAAC;QACzB,cAAc,EAAE,GAAG,CAAC;QACpB,wBAAwB,CAAC,EAAE,MAAM,EAAE,GAAG,SAAS,CAAC;QAChD,iBAAiB,EAAE,MAAM,CAAC;QAC1B,eAAe,EAAE;YAAE,MAAM,EAAE,MAAM,CAAC;YAAC,QAAQ,EAAE;gBAAE,SAAS,EAAE,MAAM,CAAC;gBAAC,MAAM,EAAE,MAAM,CAAA;aAAE,CAAA;SAAE,CAAA;KACrF,GAAG,MAAM;2CAoE6B,MAAM,mBAAmB,MAAM;;;;;;;;;;;IAKtE;;;;;;OAMG;yBAEwB,MAAM,QAAQ,wBAAwB,QAAQ,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC;6BAwUlE,MAAM,QAAQ,wBAAwB;IAyJ/D;;;;;OAKG;0BACmB,MAAM,cAAc,MAAM,GAAG,MAAM,GAAG,YAAY;IAsBxE;;;;;;;;OAQG;2CAGY,MAAM,OAChB,MAAM,eACE,MAAM,aACR,OAAO,qBACC,MAAM,oBACP,wBAAwB,GAC3C,MAAM,GAAG,MAAM;IAyBd;;;;;;;OAOG;qCAES,GAAG,eACF,MAAM,aACR,MAAM,GAAG,MAAM,oBACR,MAAM,oBACN,wBAAwB;IAoC5C;;;;SAIK;gCAEgB,MAAM,GAAG,MAAM,oBACf,GAAG,sBACD,4BAA4B;;;;IAiBjD;;;;;;OAMG;iEAEgD,MAAM;IAqEzD;;OAEG;IACH;;OAEG;gDAC0C,MAAM,SAAS,wBAAwB;;;;;;IA2GpF;;;;;OAKG;+BAC8B,GAAG,aAAa,MAAM,GAAG,OAAO,CAAC,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAmFnF;;OAEG;sBACqB,MAAM,SAAQ,OAAO;;AA8BjD,wBAAyB"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"libsamlSoap.d.ts","sourceRoot":"","sources":["../../src/libsamlSoap.ts"],"names":[],"mappings":"AAKA,
|
|
1
|
+
{"version":3,"file":"libsamlSoap.d.ts","sourceRoot":"","sources":["../../src/libsamlSoap.ts"],"names":[],"mappings":"AAKA,OAAO,KAAK,EAAE,wBAAwB,EAAE,MAAM,cAAc,CAAC;AA2F7D,MAAM,WAAW,mBAAmB;IAClC,QAAQ,EAAE,OAAO,CAAC;IAClB,WAAW,EAAE,MAAM,CAAC;IACpB,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,EAAE,iBAAiB,GAAG,kBAAkB,CAAC;IAC7C,eAAe,EAAE,MAAM,GAAG,IAAI,CAAC;IAC/B,yBAAyB,CAAC,EAAE,MAAM,EAAE,CAAC;IACrC,mBAAmB,CAAC,EAAE,OAAO,CAAC;CAC/B;AAkKD,iBAAe,2BAA2B,CAAC,GAAG,EAAE,MAAM,EAAE,IAAI,EAAE,wBAAwB,GAAG,OAAO,CAAC,mBAAmB,CAAC,CAoCpH;;;;AAED,wBAEE"}
|
package/types/src/types.d.ts
CHANGED
|
@@ -147,6 +147,7 @@ export interface MetadataIdpOptions {
|
|
|
147
147
|
encryptCert?: string | Buffer | (string | Buffer)[];
|
|
148
148
|
strictSecurity?: boolean;
|
|
149
149
|
allowLegacySha1?: boolean;
|
|
150
|
+
allowCertificateUsageMismatch?: boolean;
|
|
150
151
|
wantAuthnRequestsSigned?: boolean;
|
|
151
152
|
nameIDFormat?: string[];
|
|
152
153
|
singleSignOnService?: SSOService[];
|
|
@@ -162,6 +163,7 @@ export interface MetadataSpOptions {
|
|
|
162
163
|
encryptCert?: string | Buffer | (string | Buffer)[];
|
|
163
164
|
strictSecurity?: boolean;
|
|
164
165
|
allowLegacySha1?: boolean;
|
|
166
|
+
allowCertificateUsageMismatch?: boolean;
|
|
165
167
|
authnRequestsSigned?: boolean;
|
|
166
168
|
wantAssertionsSigned?: boolean;
|
|
167
169
|
wantMessageSigned?: boolean;
|
|
@@ -193,6 +195,7 @@ export type ServiceProviderSettings = {
|
|
|
193
195
|
metadata?: string | Buffer;
|
|
194
196
|
strictSecurity?: boolean;
|
|
195
197
|
allowLegacySha1?: boolean;
|
|
198
|
+
allowCertificateUsageMismatch?: boolean;
|
|
196
199
|
entityID?: string;
|
|
197
200
|
authnRequestsSigned?: boolean;
|
|
198
201
|
wantAssertionsSigned?: boolean;
|
|
@@ -232,6 +235,7 @@ export type IdentityProviderSettings = {
|
|
|
232
235
|
metadata?: string | Buffer;
|
|
233
236
|
strictSecurity?: boolean;
|
|
234
237
|
allowLegacySha1?: boolean;
|
|
238
|
+
allowCertificateUsageMismatch?: boolean;
|
|
235
239
|
/** signature algorithm */
|
|
236
240
|
requestSignatureAlgorithm?: string;
|
|
237
241
|
/** template of login response */
|
package/types/src/types.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/types.ts"],"names":[],"mappings":"AAAA,OAAQ,KAAK,EAAE,qBAAqB,EAAE,MAAM,cAAc,CAAC;AAC3D,OAAO,EAAC,gBAAgB,EAAC,MAAM,iBAAiB,CAAC;AACjD,OAAO,EAAC,eAAe,EAAC,MAAM,gBAAgB,CAAC;AAC/C,OAAO,EAAC,cAAc,EAAC,MAAM,aAAa,CAAC;AAC3C,OAAO,EAAE,gBAAgB,IAAI,2BAA2B,EAAE,MAAM,iBAAiB,CAAC;AAClF,OAAO,EAAE,WAAW,IAAI,wBAAwB,EAAE,MAAM,mBAAmB,CAAC;AAE5E,OAAO,EAAE,eAAe,IAAI,0BAA0B,EAAE,MAAM,gBAAgB,CAAC;AAC/E,OAAO,EAAE,UAAU,IAAI,uBAAuB,EAAE,MAAM,kBAAkB,CAAC;AAEzE,MAAM,MAAM,YAAY,GAAG,MAAM,GAAG,MAAM,CAAC;AAC3C,MAAM,WAAY,yBAAyB;IACvC,WAAW,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IAClC,MAAM,EAAE;QACJ,GAAG,EAAE,gBAAgB,CAAC;QACtB,EAAE,EAAE,eAAe,CAAC;KACvB,CAAC;IACF,IAAI,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IAC3B,oBAAoB,CAAC,EAAE,CAAC,QAAQ,EAAE,MAAM,KAAK,cAAc,CAAC;IAC5D,eAAe,CAAC,EAAE,OAAO,CAAC;IAC1B,kBAAkB,CAAC,EAAE,GAAG,EAAE,CAAC;IAC3B,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,kBAAkB,CAAC,EAAE,MAAM,CAAC;CAC/B;AACD,KAAK,UAAU,GAAG;IACd,SAAS,CAAC,EAAE,IAAI,GAAG,KAAK,GAAG,MAAM,GAAG,OAAO,CAAC;IAC9C,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE,MAAM,CAAC;CAClB,CAAC;AAEF,MAAM,MAAM,WAAW,GAAG;IACxB,KAAK,EAAE,MAAM,CAAC;IACd,qCAAqC;IACrC,IAAI,CAAC,EAAE,MAAM,CAAC;CACf,CAAC;AAGF,MAAM,MAAM,kBAAkB,GAAG;IAC/B,IAAI,EAAE,MAAM,CAAC;IACb,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,UAAU,CAAC,EAAE,OAAO,CAAC;IACrB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,cAAc,CAAC,EAAE,MAAM,EAAE,CAAC;CAC3B,CAAC;AAGF,MAAM,MAAM,yBAAyB,GAAG;IACtC,SAAS,EAAE,OAAO,CAAC;IACnB,WAAW,EAAE,WAAW,EAAE,CAAC;IAC3B,kBAAkB,EAAE,WAAW,EAAE,CAAC;IAClC,mBAAmB,EAAE,kBAAkB,EAAE,CAAC;CAC3C,CAAC;AAGF,MAAM,MAAM,WAAW,GAAG,yBAAyB,EAAE,CAAC;AAMtD;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,WAAW,CAAC,EAAE,MAAM,EAAE,CAAC;IACvB,OAAO,CAAC,EAAE,KAAK,CAAC;QACd,UAAU,EAAE,MAAM,CAAC;QACnB,IAAI,CAAC,EAAE,MAAM,CAAC;QACd,GAAG,CAAC,EAAE,MAAM,CAAC;KACd,CAAC,CAAC;CACJ;AAED;;GAEG;AACH,MAAM,WAAW,2BAA2B;IAC1C,UAAU,CAAC,EAAE,OAAO,GAAG,SAAS,GAAG,SAAS,GAAG,QAAQ,CAAC;IACxD,SAAS,CAAC,EAAE,MAAM,EAAE,CAAC;IACrB,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAC;CACrB;AAED;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,OAAO,EAAE,OAAO,CAAC;CAClB;AAED;;GAEG;AACH,MAAM,WAAW,sBAAsB;IACrC,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAC;CACrB;AAED;;GAEG;AACH,MAAM,WAAW,6BAA6B;IAC5C,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,YAAY,EAAE,MAAM,CAAC;IACrB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB;AAED;;GAEG;AACH,MAAM,WAAW,kBAAkB;IACjC,IAAI,EAAE;QACJ,UAAU,CAAC,EAAE,MAAM,CAAC;QACpB,KAAK,EAAE,MAAM,CAAC;KACf,CAAC;IACF,WAAW,CAAC,EAAE;QACZ,UAAU,CAAC,EAAE,MAAM,CAAC;QACpB,KAAK,EAAE,MAAM,CAAC;KACf,CAAC;IACF,GAAG,CAAC,EAAE;QACJ,UAAU,CAAC,EAAE,MAAM,CAAC;QACpB,KAAK,EAAE,MAAM,CAAC;KACf,CAAC;CACH;AAED;;GAEG;AACH,MAAM,WAAW,mBAAmB;IAClC,WAAW,EAAE,WAAW,GAAG,SAAS,GAAG,gBAAgB,GAAG,SAAS,GAAG,OAAO,CAAC;IAC9E,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,eAAe,CAAC,EAAE,MAAM,CAAC;CAC1B;AAED;;GAEG;AACH,MAAM,WAAW,0BAA0B;IACzC,OAAO,CAAC,EAAE,aAAa,CAAC;IACxB,qBAAqB,CAAC,EAAE,2BAA2B,CAAC;IACpD,UAAU,CAAC,EAAE,OAAO,CAAC;IACrB,SAAS,CAAC,EAAE,OAAO,CAAC;IACpB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,8BAA8B,CAAC,EAAE,MAAM,CAAC;IACxC,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB;AAED;;GAEG;AACH,MAAM,WAAW,wBAAwB;IACvC,UAAU,CAAC,EAAE,gBAAgB,CAAC;IAC9B,gBAAgB,CAAC,EAAE,sBAAsB,CAAC;CAC3C;AAED;;GAEG;AACH,MAAM,WAAW,sBAAsB;IACrC,YAAY,CAAC,EAAE,kBAAkB,CAAC;IAClC,aAAa,CAAC,EAAE,mBAAmB,EAAE,CAAC;CACvC;AAED,MAAM,WAAW,kBAAkB;IACjC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,WAAW,CAAC,EAAE,MAAM,GAAG,MAAM,GAAG,CAAC,MAAM,GAAG,MAAM,CAAC,EAAE,CAAC;IACpD,WAAW,CAAC,EAAE,MAAM,GAAG,MAAM,GAAG,CAAC,MAAM,GAAG,MAAM,CAAC,EAAE,CAAC;IACpD,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB,eAAe,CAAC,EAAE,OAAO,CAAC;IAC1B,uBAAuB,CAAC,EAAE,OAAO,CAAC;IAClC,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;IACxB,mBAAmB,CAAC,EAAE,UAAU,EAAE,CAAC;IACnC,mBAAmB,CAAC,EAAE,UAAU,EAAE,CAAC;IACnC,yBAAyB,CAAC,EAAC,UAAU,EAAE,CAAC;IACxC,yBAAyB,CAAC,EAAE,MAAM,CAAC;IAEnC,oBAAoB,CAAC,EAAE,sBAAsB,CAAC;CAC/C;AAED,MAAM,MAAM,sBAAsB,GAC9B,kBAAkB,GAClB,YAAY,CAAC;AAEjB,MAAM,WAAW,iBAAiB;IAChC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,WAAW,CAAC,EAAE,MAAM,GAAG,MAAM,GAAG,CAAC,MAAM,GAAG,MAAM,CAAC,EAAE,CAAC;IACpD,WAAW,CAAC,EAAE,MAAM,GAAG,MAAM,GAAG,CAAC,MAAM,GAAG,MAAM,CAAC,EAAE,CAAC;IACpD,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB,eAAe,CAAC,EAAE,OAAO,CAAC;IAC1B,mBAAmB,CAAC,EAAE,OAAO,CAAC;IAC9B,oBAAoB,CAAC,EAAE,OAAO,CAAC;IAC/B,iBAAiB,CAAC,EAAE,OAAO,CAAC;IAC5B,eAAe,CAAC,EAAE;QAAE,CAAC,GAAG,EAAE,MAAM,GAAG,GAAG,CAAA;KAAE,CAAC;IACzC,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;IACxB,mBAAmB,CAAC,EAAE,UAAU,EAAE,CAAC;IACnC,mBAAmB,CAAC,EAAE,UAAU,EAAE,CAAC;IACnC,wBAAwB,CAAC,EAAE,UAAU,EAAE,CAAC;IACxC,yBAAyB,CAAC,EAAE,yBAAyB,EAAE,CAAC;IACxD,yBAAyB,CAAC,EAAC,UAAU,EAAE,CAAC;IACxC,aAAa,CAAC,EAAE,MAAM,EAAE,CAAC;IAEzB,oBAAoB,CAAC,EAAE,sBAAsB,CAAC;CAC/C;AAED,MAAM,MAAM,qBAAqB,GAC7B,iBAAiB,GACjB,YAAY,CAAC;AAEjB,MAAM,MAAM,aAAa,GAAG,uBAAuB,GAAG,wBAAwB,CAAC;AAE/E,MAAM,WAAW,eAAe;IAC9B,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,QAAQ,CAAC,EAAE;QACT,SAAS,CAAC,EAAE,MAAM,CAAC;QACnB,MAAM,CAAC,EAAE,QAAQ,GAAG,SAAS,GAAG,QAAQ,GAAG,OAAO,CAAC;KACpD,CAAC;CACH;AAED,MAAM,WAAW,oBAAoB;IACnC,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,MAAM,uBAAuB,GAAG;IACpC,QAAQ,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;IAC3B,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB,eAAe,CAAC,EAAE,OAAO,CAAC;IAC1B,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,mBAAmB,CAAC,EAAE,OAAO,CAAC;IAC9B,oBAAoB,CAAC,EAAE,OAAO,CAAC;IAC/B,iBAAiB,CAAC,EAAE,OAAO,CAAC;IAC5B,wBAAwB,CAAC,EAAE,OAAO,CAAC;IACnC,uBAAuB,CAAC,EAAE,OAAO,CAAC;IAClC,UAAU,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;IAC7B,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,oBAAoB,CAAC,EAAE,OAAO,CAAC;IAC/B,yBAAyB,CAAC,EAAE,MAAM,CAAC;IACnC,aAAa,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;IAChC,iBAAiB,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;IACpC,uBAAuB,CAAC,EAAE,MAAM,CAAC;IACjC,sBAAsB,CAAC,EAAE,MAAM,CAAC;IAChC,mBAAmB,CAAC,EAAE,MAAM,GAAG,QAAQ,GAAG,QAAQ,GAAG,QAAQ,CAAC;IAC9D,iBAAiB,CAAC,EAAE,MAAM,GAAG,QAAQ,GAAG,QAAQ,GAAG,QAAQ,GAAG,QAAQ,CAAC;IACvE,6CAA6C;IAC7C,uBAAuB,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;IAC1C,wBAAwB,CAAC,EAAE,UAAU,EAAE,CAAC;IACxC,mBAAmB,CAAC,EAAE,UAAU,EAAE,CAAC;IACnC,eAAe,CAAC,EAAE,eAAe,CAAC;IAClC,oBAAoB,CAAC,EAAE,oBAAoB,CAAC;IAC5C,qBAAqB,CAAC,EAAE,oBAAoB,CAAC;IAC7C,WAAW,CAAC,EAAE,MAAM,GAAG,MAAM,GAAG,CAAC,MAAM,GAAG,MAAM,CAAC,EAAE,CAAC;IACpD,WAAW,CAAC,EAAE,MAAM,GAAG,MAAM,GAAG,CAAC,MAAM,GAAG,MAAM,CAAC,EAAE,CAAC;IACpD,wBAAwB,CAAC,EAAE,MAAM,EAAE,CAAC;IACpC,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;IACxB,WAAW,CAAC,EAAE,OAAO,CAAC;IAEtB,UAAU,CAAC,EAAE,MAAM,CAAC;IAEpB,WAAW,CAAC,EAAE,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAE/B,wBAAwB,CAAC,EAAE,0BAA0B,CAAC;IACtD,sBAAsB,CAAC,EAAE,wBAAwB,CAAC;IAClD,+BAA+B,CAAC,EAAE,6BAA6B,CAAC;IAChE,oBAAoB,CAAC,EAAE,sBAAsB,CAAC;CAC/C,CAAC;AAEF,MAAM,MAAM,wBAAwB,GAAG;IACrC,QAAQ,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;IAC3B,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB,eAAe,CAAC,EAAE,OAAO,CAAC;
|
|
1
|
+
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/types.ts"],"names":[],"mappings":"AAAA,OAAQ,KAAK,EAAE,qBAAqB,EAAE,MAAM,cAAc,CAAC;AAC3D,OAAO,EAAC,gBAAgB,EAAC,MAAM,iBAAiB,CAAC;AACjD,OAAO,EAAC,eAAe,EAAC,MAAM,gBAAgB,CAAC;AAC/C,OAAO,EAAC,cAAc,EAAC,MAAM,aAAa,CAAC;AAC3C,OAAO,EAAE,gBAAgB,IAAI,2BAA2B,EAAE,MAAM,iBAAiB,CAAC;AAClF,OAAO,EAAE,WAAW,IAAI,wBAAwB,EAAE,MAAM,mBAAmB,CAAC;AAE5E,OAAO,EAAE,eAAe,IAAI,0BAA0B,EAAE,MAAM,gBAAgB,CAAC;AAC/E,OAAO,EAAE,UAAU,IAAI,uBAAuB,EAAE,MAAM,kBAAkB,CAAC;AAEzE,MAAM,MAAM,YAAY,GAAG,MAAM,GAAG,MAAM,CAAC;AAC3C,MAAM,WAAY,yBAAyB;IACvC,WAAW,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IAClC,MAAM,EAAE;QACJ,GAAG,EAAE,gBAAgB,CAAC;QACtB,EAAE,EAAE,eAAe,CAAC;KACvB,CAAC;IACF,IAAI,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IAC3B,oBAAoB,CAAC,EAAE,CAAC,QAAQ,EAAE,MAAM,KAAK,cAAc,CAAC;IAC5D,eAAe,CAAC,EAAE,OAAO,CAAC;IAC1B,kBAAkB,CAAC,EAAE,GAAG,EAAE,CAAC;IAC3B,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,kBAAkB,CAAC,EAAE,MAAM,CAAC;CAC/B;AACD,KAAK,UAAU,GAAG;IACd,SAAS,CAAC,EAAE,IAAI,GAAG,KAAK,GAAG,MAAM,GAAG,OAAO,CAAC;IAC9C,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE,MAAM,CAAC;CAClB,CAAC;AAEF,MAAM,MAAM,WAAW,GAAG;IACxB,KAAK,EAAE,MAAM,CAAC;IACd,qCAAqC;IACrC,IAAI,CAAC,EAAE,MAAM,CAAC;CACf,CAAC;AAGF,MAAM,MAAM,kBAAkB,GAAG;IAC/B,IAAI,EAAE,MAAM,CAAC;IACb,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,UAAU,CAAC,EAAE,OAAO,CAAC;IACrB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,cAAc,CAAC,EAAE,MAAM,EAAE,CAAC;CAC3B,CAAC;AAGF,MAAM,MAAM,yBAAyB,GAAG;IACtC,SAAS,EAAE,OAAO,CAAC;IACnB,WAAW,EAAE,WAAW,EAAE,CAAC;IAC3B,kBAAkB,EAAE,WAAW,EAAE,CAAC;IAClC,mBAAmB,EAAE,kBAAkB,EAAE,CAAC;CAC3C,CAAC;AAGF,MAAM,MAAM,WAAW,GAAG,yBAAyB,EAAE,CAAC;AAMtD;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,WAAW,CAAC,EAAE,MAAM,EAAE,CAAC;IACvB,OAAO,CAAC,EAAE,KAAK,CAAC;QACd,UAAU,EAAE,MAAM,CAAC;QACnB,IAAI,CAAC,EAAE,MAAM,CAAC;QACd,GAAG,CAAC,EAAE,MAAM,CAAC;KACd,CAAC,CAAC;CACJ;AAED;;GAEG;AACH,MAAM,WAAW,2BAA2B;IAC1C,UAAU,CAAC,EAAE,OAAO,GAAG,SAAS,GAAG,SAAS,GAAG,QAAQ,CAAC;IACxD,SAAS,CAAC,EAAE,MAAM,EAAE,CAAC;IACrB,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAC;CACrB;AAED;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,OAAO,EAAE,OAAO,CAAC;CAClB;AAED;;GAEG;AACH,MAAM,WAAW,sBAAsB;IACrC,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAC;CACrB;AAED;;GAEG;AACH,MAAM,WAAW,6BAA6B;IAC5C,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,YAAY,EAAE,MAAM,CAAC;IACrB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB;AAED;;GAEG;AACH,MAAM,WAAW,kBAAkB;IACjC,IAAI,EAAE;QACJ,UAAU,CAAC,EAAE,MAAM,CAAC;QACpB,KAAK,EAAE,MAAM,CAAC;KACf,CAAC;IACF,WAAW,CAAC,EAAE;QACZ,UAAU,CAAC,EAAE,MAAM,CAAC;QACpB,KAAK,EAAE,MAAM,CAAC;KACf,CAAC;IACF,GAAG,CAAC,EAAE;QACJ,UAAU,CAAC,EAAE,MAAM,CAAC;QACpB,KAAK,EAAE,MAAM,CAAC;KACf,CAAC;CACH;AAED;;GAEG;AACH,MAAM,WAAW,mBAAmB;IAClC,WAAW,EAAE,WAAW,GAAG,SAAS,GAAG,gBAAgB,GAAG,SAAS,GAAG,OAAO,CAAC;IAC9E,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,eAAe,CAAC,EAAE,MAAM,CAAC;CAC1B;AAED;;GAEG;AACH,MAAM,WAAW,0BAA0B;IACzC,OAAO,CAAC,EAAE,aAAa,CAAC;IACxB,qBAAqB,CAAC,EAAE,2BAA2B,CAAC;IACpD,UAAU,CAAC,EAAE,OAAO,CAAC;IACrB,SAAS,CAAC,EAAE,OAAO,CAAC;IACpB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,8BAA8B,CAAC,EAAE,MAAM,CAAC;IACxC,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB;AAED;;GAEG;AACH,MAAM,WAAW,wBAAwB;IACvC,UAAU,CAAC,EAAE,gBAAgB,CAAC;IAC9B,gBAAgB,CAAC,EAAE,sBAAsB,CAAC;CAC3C;AAED;;GAEG;AACH,MAAM,WAAW,sBAAsB;IACrC,YAAY,CAAC,EAAE,kBAAkB,CAAC;IAClC,aAAa,CAAC,EAAE,mBAAmB,EAAE,CAAC;CACvC;AAED,MAAM,WAAW,kBAAkB;IACjC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,WAAW,CAAC,EAAE,MAAM,GAAG,MAAM,GAAG,CAAC,MAAM,GAAG,MAAM,CAAC,EAAE,CAAC;IACpD,WAAW,CAAC,EAAE,MAAM,GAAG,MAAM,GAAG,CAAC,MAAM,GAAG,MAAM,CAAC,EAAE,CAAC;IACpD,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB,eAAe,CAAC,EAAE,OAAO,CAAC;IAC1B,6BAA6B,CAAC,EAAE,OAAO,CAAC;IACxC,uBAAuB,CAAC,EAAE,OAAO,CAAC;IAClC,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;IACxB,mBAAmB,CAAC,EAAE,UAAU,EAAE,CAAC;IACnC,mBAAmB,CAAC,EAAE,UAAU,EAAE,CAAC;IACnC,yBAAyB,CAAC,EAAC,UAAU,EAAE,CAAC;IACxC,yBAAyB,CAAC,EAAE,MAAM,CAAC;IAEnC,oBAAoB,CAAC,EAAE,sBAAsB,CAAC;CAC/C;AAED,MAAM,MAAM,sBAAsB,GAC9B,kBAAkB,GAClB,YAAY,CAAC;AAEjB,MAAM,WAAW,iBAAiB;IAChC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,WAAW,CAAC,EAAE,MAAM,GAAG,MAAM,GAAG,CAAC,MAAM,GAAG,MAAM,CAAC,EAAE,CAAC;IACpD,WAAW,CAAC,EAAE,MAAM,GAAG,MAAM,GAAG,CAAC,MAAM,GAAG,MAAM,CAAC,EAAE,CAAC;IACpD,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB,eAAe,CAAC,EAAE,OAAO,CAAC;IAC1B,6BAA6B,CAAC,EAAE,OAAO,CAAC;IACxC,mBAAmB,CAAC,EAAE,OAAO,CAAC;IAC9B,oBAAoB,CAAC,EAAE,OAAO,CAAC;IAC/B,iBAAiB,CAAC,EAAE,OAAO,CAAC;IAC5B,eAAe,CAAC,EAAE;QAAE,CAAC,GAAG,EAAE,MAAM,GAAG,GAAG,CAAA;KAAE,CAAC;IACzC,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;IACxB,mBAAmB,CAAC,EAAE,UAAU,EAAE,CAAC;IACnC,mBAAmB,CAAC,EAAE,UAAU,EAAE,CAAC;IACnC,wBAAwB,CAAC,EAAE,UAAU,EAAE,CAAC;IACxC,yBAAyB,CAAC,EAAE,yBAAyB,EAAE,CAAC;IACxD,yBAAyB,CAAC,EAAC,UAAU,EAAE,CAAC;IACxC,aAAa,CAAC,EAAE,MAAM,EAAE,CAAC;IAEzB,oBAAoB,CAAC,EAAE,sBAAsB,CAAC;CAC/C;AAED,MAAM,MAAM,qBAAqB,GAC7B,iBAAiB,GACjB,YAAY,CAAC;AAEjB,MAAM,MAAM,aAAa,GAAG,uBAAuB,GAAG,wBAAwB,CAAC;AAE/E,MAAM,WAAW,eAAe;IAC9B,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,QAAQ,CAAC,EAAE;QACT,SAAS,CAAC,EAAE,MAAM,CAAC;QACnB,MAAM,CAAC,EAAE,QAAQ,GAAG,SAAS,GAAG,QAAQ,GAAG,OAAO,CAAC;KACpD,CAAC;CACH;AAED,MAAM,WAAW,oBAAoB;IACnC,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,MAAM,uBAAuB,GAAG;IACpC,QAAQ,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;IAC3B,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB,eAAe,CAAC,EAAE,OAAO,CAAC;IAC1B,6BAA6B,CAAC,EAAE,OAAO,CAAC;IACxC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,mBAAmB,CAAC,EAAE,OAAO,CAAC;IAC9B,oBAAoB,CAAC,EAAE,OAAO,CAAC;IAC/B,iBAAiB,CAAC,EAAE,OAAO,CAAC;IAC5B,wBAAwB,CAAC,EAAE,OAAO,CAAC;IACnC,uBAAuB,CAAC,EAAE,OAAO,CAAC;IAClC,UAAU,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;IAC7B,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,oBAAoB,CAAC,EAAE,OAAO,CAAC;IAC/B,yBAAyB,CAAC,EAAE,MAAM,CAAC;IACnC,aAAa,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;IAChC,iBAAiB,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;IACpC,uBAAuB,CAAC,EAAE,MAAM,CAAC;IACjC,sBAAsB,CAAC,EAAE,MAAM,CAAC;IAChC,mBAAmB,CAAC,EAAE,MAAM,GAAG,QAAQ,GAAG,QAAQ,GAAG,QAAQ,CAAC;IAC9D,iBAAiB,CAAC,EAAE,MAAM,GAAG,QAAQ,GAAG,QAAQ,GAAG,QAAQ,GAAG,QAAQ,CAAC;IACvE,6CAA6C;IAC7C,uBAAuB,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;IAC1C,wBAAwB,CAAC,EAAE,UAAU,EAAE,CAAC;IACxC,mBAAmB,CAAC,EAAE,UAAU,EAAE,CAAC;IACnC,eAAe,CAAC,EAAE,eAAe,CAAC;IAClC,oBAAoB,CAAC,EAAE,oBAAoB,CAAC;IAC5C,qBAAqB,CAAC,EAAE,oBAAoB,CAAC;IAC7C,WAAW,CAAC,EAAE,MAAM,GAAG,MAAM,GAAG,CAAC,MAAM,GAAG,MAAM,CAAC,EAAE,CAAC;IACpD,WAAW,CAAC,EAAE,MAAM,GAAG,MAAM,GAAG,CAAC,MAAM,GAAG,MAAM,CAAC,EAAE,CAAC;IACpD,wBAAwB,CAAC,EAAE,MAAM,EAAE,CAAC;IACpC,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;IACxB,WAAW,CAAC,EAAE,OAAO,CAAC;IAEtB,UAAU,CAAC,EAAE,MAAM,CAAC;IAEpB,WAAW,CAAC,EAAE,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAE/B,wBAAwB,CAAC,EAAE,0BAA0B,CAAC;IACtD,sBAAsB,CAAC,EAAE,wBAAwB,CAAC;IAClD,+BAA+B,CAAC,EAAE,6BAA6B,CAAC;IAChE,oBAAoB,CAAC,EAAE,sBAAsB,CAAC;CAC/C,CAAC;AAEF,MAAM,MAAM,wBAAwB,GAAG;IACrC,QAAQ,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;IAC3B,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB,eAAe,CAAC,EAAE,OAAO,CAAC;IAC1B,6BAA6B,CAAC,EAAE,OAAO,CAAC;IAExC,0BAA0B;IAC1B,yBAAyB,CAAC,EAAE,MAAM,CAAC;IAEnC,iCAAiC;IACjC,qBAAqB,CAAC,EAAE,qBAAqB,CAAC;IAE9C,iCAAiC;IACjC,qBAAqB,CAAC,EAAE,oBAAoB,CAAC;IAE7C,yDAAyD;IACzD,UAAU,CAAC,EAAE,MAAM,MAAM,CAAC;IAE1B,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,UAAU,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;IAC7B,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,WAAW,CAAC,EAAE,MAAM,GAAG,MAAM,GAAG,CAAC,MAAM,GAAG,MAAM,CAAC,EAAE,CAAC;IACpD,WAAW,CAAC,EAAE,MAAM,GAAG,MAAM,GAAG,CAAC,MAAM,GAAG,MAAM,CAAC,EAAE,CAAC;IACpD,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;IACxB,mBAAmB,CAAC,EAAE,UAAU,EAAE,CAAC;IACnC,mBAAmB,CAAC,EAAE,UAAU,EAAE,CAAC;IACnC,oBAAoB,CAAC,EAAE,OAAO,CAAC;IAC/B,aAAa,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;IAChC,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,uBAAuB,CAAC,EAAE,MAAM,CAAC;IACjC,sBAAsB,CAAC,EAAE,MAAM,CAAC;IAChC,mBAAmB,CAAC,EAAE,MAAM,GAAG,QAAQ,GAAG,QAAQ,GAAG,QAAQ,CAAC;IAC9D,iBAAiB,CAAC,EAAE,MAAM,GAAG,QAAQ,GAAG,QAAQ,GAAG,QAAQ,GAAG,QAAQ,CAAC;IACvE,6CAA6C;IAC7C,uBAAuB,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;IAC1C,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAC7B,uBAAuB,CAAC,EAAE,OAAO,CAAC;IAClC,wBAAwB,CAAC,EAAE,OAAO,CAAC;IACnC,uBAAuB,CAAC,EAAE,OAAO,CAAC;IAClC,qCAAqC,CAAC,EAAE,OAAO,CAAC;IAChD,SAAS,CAAC,EAAE;QAAE,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAAA;KAAE,CAAC;IAEtC,wBAAwB,CAAC,EAAE,0BAA0B,CAAC;IACtD,sBAAsB,CAAC,EAAE,wBAAwB,CAAC;IAClD,+BAA+B,CAAC,EAAE,6BAA6B,CAAC;IAChE,oBAAoB,CAAC,EAAE,sBAAsB,CAAC;CAC/C,CAAC"}
|
package/types/src/utility.d.ts
CHANGED
|
@@ -3,6 +3,14 @@
|
|
|
3
3
|
* @author tngan
|
|
4
4
|
* @desc Library for some common functions (e.g. de/inflation, en/decoding)
|
|
5
5
|
*/
|
|
6
|
+
import { X509Certificate } from 'node:crypto';
|
|
7
|
+
export type CertificateUse = 'signing' | 'encryption';
|
|
8
|
+
export interface CertificateValidationOptions {
|
|
9
|
+
expectedUse?: CertificateUse;
|
|
10
|
+
allowCertificateUsageMismatch?: boolean;
|
|
11
|
+
expectedIssuer?: string;
|
|
12
|
+
validationDate?: Date;
|
|
13
|
+
}
|
|
6
14
|
/**
|
|
7
15
|
* @desc Mimic lodash.zipObject
|
|
8
16
|
* @param arr1 {string[]}
|
|
@@ -101,7 +109,7 @@ declare function applyDefault(obj1: any, obj2: any): any;
|
|
|
101
109
|
* @param {string} x509 certificate
|
|
102
110
|
* @return {string} public key fetched from the certificate
|
|
103
111
|
*/
|
|
104
|
-
declare function getPublicKeyPemFromCertificate(x509CertificateString: string): string;
|
|
112
|
+
declare function getPublicKeyPemFromCertificate(x509CertificateString: string | Buffer, options?: CertificateValidationOptions): string;
|
|
105
113
|
export declare function readPrivateKey(keyString: string | Buffer, passphrase?: string, isOutputString?: boolean): string | Buffer;
|
|
106
114
|
/**
|
|
107
115
|
* @desc Inline syntax sugar
|
|
@@ -134,9 +142,16 @@ export declare function normalizeCertificates(metadataCert: any): string[];
|
|
|
134
142
|
* @param {string} certificateBase64 - Base64 编码的证书(不含 PEM 头尾)
|
|
135
143
|
* @returns {{ isValid: boolean; error?: string }} 验证结果
|
|
136
144
|
*/
|
|
137
|
-
export declare function validateCertificate(certificateBase64: string): {
|
|
145
|
+
export declare function validateCertificate(certificateBase64: string | Buffer, options?: CertificateValidationOptions): {
|
|
138
146
|
isValid: boolean;
|
|
139
147
|
error?: string;
|
|
148
|
+
subject?: string;
|
|
149
|
+
issuer?: string;
|
|
150
|
+
publicKey?: any;
|
|
151
|
+
certificate?: X509Certificate;
|
|
152
|
+
validFrom?: string;
|
|
153
|
+
validTo?: string;
|
|
154
|
+
keyUsage?: string[];
|
|
140
155
|
};
|
|
141
156
|
/**
|
|
142
157
|
* @desc 日志脱敏函数,过滤敏感信息
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"utility.d.ts","sourceRoot":"","sources":["../../src/utility.ts"],"names":[],"mappings":"AAAA;;;;GAIG;
|
|
1
|
+
{"version":3,"file":"utility.d.ts","sourceRoot":"","sources":["../../src/utility.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAmB,eAAe,EAAC,MAAM,aAAa,CAAC;AAK9D,MAAM,MAAM,cAAc,GAAG,SAAS,GAAG,YAAY,CAAC;AAEtD,MAAM,WAAW,4BAA4B;IACzC,WAAW,CAAC,EAAE,cAAc,CAAC;IAC7B,6BAA6B,CAAC,EAAE,OAAO,CAAC;IACxC,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,cAAc,CAAC,EAAE,IAAI,CAAC;CACzB;AAiGD;;;;GAIG;AACH,wBAAgB,SAAS,CAAC,IAAI,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,GAAG,EAAE,EAAE,cAAc,UAAO,MAmB3E;AAED;;;;GAIG;AACH,wBAAgB,WAAW,CAAC,KAAK,EAAE,GAAG,EAAE,OAIvC;AAED;;;;GAIG;AACH,wBAAgB,IAAI,CAAC,KAAK,EAAE,GAAG,EAAE,OAEhC;AAED;;;;GAIG;AACH,wBAAgB,IAAI,CAAC,KAAK,EAAE,MAAM,EAAE,YAGnC;AAED;;;;;;GAMG;AACH,wBAAgB,GAAG,CAAC,GAAG,KAAA,EAAE,IAAI,KAAA,EAAE,YAAY,KAAA,OAG1C;AAED;;;GAGG;AACH,wBAAgB,QAAQ,CAAC,KAAK,EAAE,GAAG,mBAElC;AAED;;;;GAIG;AACH,iBAAS,YAAY,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM,EAAE,UAE/C;AAED;;;;;GAKG;AACH,wBAAgB,YAAY,CAAC,aAAa,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,OAAO,GAAG,MAAM,GAAG,MAAM,CAGtF;AAED;;;;GAIG;AACH,iBAAS,aAAa,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM,EAAE,CAKhD;AAED;;;;GAIG;AACH,wBAAgB,aAAa,CAAC,gBAAgB,EAAE,MAAM,GAAG,MAAM,CAc9D;AAYD;;;;GAIG;AACH,iBAAS,kBAAkB,CAAC,UAAU,EAAE,MAAM,GAAG,MAAM,UAEtD;AAED;;;;GAIG;AACH,iBAAS,kBAAkB,CAAC,SAAS,EAAE,MAAM,GAAG,MAAM,UAErD;AAED;;;;GAIG;AACH,iBAAS,UAAU,CAAC,GAAG,KAAA,UAEtB;AAED;;;;GAIG;AACH,iBAAS,WAAW,CAAC,GAAG,KAAA,EAAE,YAAY,SAAK,OAE1C;AAED;;;;;GAKG;AACH,iBAAS,YAAY,CAAC,IAAI,KAAA,EAAE,IAAI,KAAA,OAE/B;AAED;;;;GAIG;AACH,iBAAS,8BAA8B,CACnC,qBAAqB,EAAE,MAAM,GAAG,MAAM,EACtC,OAAO,GAAE,4BAAiC,UAe7C;AAsCD,wBAAgB,cAAc,CAC1B,SAAS,EAAE,MAAM,GAAG,MAAM,EAC1B,UAAU,CAAC,EAAE,MAAM,EACnB,cAAc,GAAE,OAAc,GAC/B,MAAM,GAAG,MAAM,CAyCjB;AASD;;GAEG;AACH,iBAAS,eAAe,CAAC,KAAK,KAAA,EAAE,cAAc,KAAA,OAE7C;AAED;;GAEG;AACH,wBAAgB,eAAe,CAAC,CAAC,EAAE,GAAG,WAErC;AAED,wBAAgB,YAAY,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,GAAG,CAAC,EAAE,CAGhD;AAED,wBAAgB,QAAQ,CAAC,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,IAAI,GAAG,SAAS,GAAG,KAAK,IAAI,MAAM,CAElF;AAED;;;;GAIG;AACH,wBAAgB,kBAAkB,CAAC,UAAU,EAAE,MAAM,GAAG;IAAE,KAAK,EAAE,OAAO,CAAC;IAAC,KAAK,CAAC,EAAE,MAAM,CAAA;CAAE,CA2BzF;AAgBD;;;;;GAKG;AACH,wBAAgB,qBAAqB,CAAC,YAAY,EAAE,GAAG,GAAG,MAAM,EAAE,CAkEjE;AAED;;;;GAIG;AACH,wBAAgB,mBAAmB,CAC/B,iBAAiB,EAAE,MAAM,GAAG,MAAM,EAClC,OAAO,GAAE,4BAAiC,GAC3C;IAAE,OAAO,EAAE,OAAO,CAAC;IAAC,KAAK,CAAC,EAAE,MAAM,CAAC;IAAC,OAAO,CAAC,EAAE,MAAM,CAAC;IAAC,MAAM,CAAC,EAAE,MAAM,CAAC;IAAC,SAAS,CAAC,EAAE,GAAG,CAAC;IAAC,WAAW,CAAC,EAAE,eAAe,CAAC;IAAC,SAAS,CAAC,EAAE,MAAM,CAAC;IAAC,OAAO,CAAC,EAAE,MAAM,CAAC;IAAC,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAA;CAAE,CAwFpL;AAED;;;;GAIG;AACH,wBAAgB,WAAW,CAAC,IAAI,EAAE,GAAG,GAAG,GAAG,CAoB1C;AAED,QAAA,MAAM,OAAO;;;;;;;;;;;;;;;;;;;CAmBZ,CAAC;AAEF,eAAe,OAAO,CAAC"}
|