samlesa 4.8.0 → 5.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/build/src/binding-artifact.js +5 -0
- package/build/src/binding-post.js +4 -0
- package/build/src/binding-redirect.js +3 -0
- package/build/src/binding-simplesign.js +1 -0
- package/build/src/entity.js +1 -0
- package/build/src/flow.js +27 -15
- package/build/src/libsaml.js +123 -99
- package/build/src/libsamlSoap.js +22 -16
- package/build/src/utility.js +140 -38
- package/package.json +1 -1
- package/types/src/binding-artifact.d.ts.map +1 -1
- package/types/src/binding-post.d.ts.map +1 -1
- package/types/src/binding-redirect.d.ts.map +1 -1
- package/types/src/binding-simplesign.d.ts.map +1 -1
- package/types/src/entity.d.ts.map +1 -1
- package/types/src/flow.d.ts.map +1 -1
- package/types/src/libsaml.d.ts +19 -13
- package/types/src/libsaml.d.ts.map +1 -1
- package/types/src/libsamlSoap.d.ts +1 -1
- package/types/src/libsamlSoap.d.ts.map +1 -1
- package/types/src/types.d.ts +4 -0
- package/types/src/types.d.ts.map +1 -1
- package/types/src/utility.d.ts +17 -2
- package/types/src/utility.d.ts.map +1 -1
|
@@ -268,6 +268,7 @@ function buildRawLoginRequest(referenceTagXPath, entity, customTagReplacement) {
|
|
|
268
268
|
rawSamlMessage: rawSamlRequest,
|
|
269
269
|
isBase64Output: false,
|
|
270
270
|
signingCert: metadata.sp.getX509Certificate('signing'),
|
|
271
|
+
allowCertificateUsageMismatch: spSetting.allowCertificateUsageMismatch,
|
|
271
272
|
signatureConfig: (spSetting.signatureConfig || {
|
|
272
273
|
prefix: 'ds',
|
|
273
274
|
location: {
|
|
@@ -307,6 +308,7 @@ function signSoapEnvelope(message, referenceTagXPath, signatureReference, signer
|
|
|
307
308
|
isBase64Output: false,
|
|
308
309
|
isMessageSigned: false,
|
|
309
310
|
signingCert,
|
|
311
|
+
allowCertificateUsageMismatch: signerSetting.allowCertificateUsageMismatch,
|
|
310
312
|
signatureConfig: {
|
|
311
313
|
prefix: 'ds',
|
|
312
314
|
location: {
|
|
@@ -343,6 +345,7 @@ async function parseArtifactResolveRequest(params) {
|
|
|
343
345
|
}
|
|
344
346
|
const verifiedSoap = await libsamlSoap.verifyAndDecryptSoapMessage(xml, {
|
|
345
347
|
metadata: requester.entityMeta,
|
|
348
|
+
allowCertificateUsageMismatch: responder.entitySetting.allowCertificateUsageMismatch,
|
|
346
349
|
});
|
|
347
350
|
if (!verifiedSoap.verified || verifiedSoap.type !== 'ArtifactResolve') {
|
|
348
351
|
fail('ERR_FAIL_TO_VERIFY_SIGNATURE');
|
|
@@ -403,6 +406,7 @@ async function parseArtifactResolveResponse(params) {
|
|
|
403
406
|
}
|
|
404
407
|
const verifiedSoap = await libsamlSoap.verifyAndDecryptSoapMessage(params.xml, {
|
|
405
408
|
metadata: params.responder.entityMeta,
|
|
409
|
+
allowCertificateUsageMismatch: params.requester.entitySetting.allowCertificateUsageMismatch,
|
|
406
410
|
});
|
|
407
411
|
if (!verifiedSoap.verified || verifiedSoap.type !== 'ArtifactResponse') {
|
|
408
412
|
fail('ERR_FAIL_TO_VERIFY_ETS_SIGNATURE');
|
|
@@ -470,6 +474,7 @@ async function parseResolvedLoginRequestXmlCandidate(params) {
|
|
|
470
474
|
const verificationOptions = {
|
|
471
475
|
metadata: params.sp.entityMeta,
|
|
472
476
|
signatureAlgorithm: params.sp.entitySetting.requestSignatureAlgorithm,
|
|
477
|
+
allowCertificateUsageMismatch: params.idp.entitySetting.allowCertificateUsageMismatch,
|
|
473
478
|
};
|
|
474
479
|
const signatureLooksPresent = /<[^>]*:?Signature\b/.test(samlContent);
|
|
475
480
|
if (params.idp.entityMeta.isWantAuthnRequestsSigned() || signatureLooksPresent) {
|
|
@@ -57,6 +57,7 @@ function base64LoginRequest(referenceTagXPath, entity, customTagReplacement) {
|
|
|
57
57
|
transformationAlgorithms,
|
|
58
58
|
rawSamlMessage: rawSamlRequest,
|
|
59
59
|
signingCert: metadata.sp.getX509Certificate('signing'),
|
|
60
|
+
allowCertificateUsageMismatch: spSetting.allowCertificateUsageMismatch,
|
|
60
61
|
signatureConfig: spSetting.signatureConfig || {
|
|
61
62
|
prefix: 'ds',
|
|
62
63
|
location: {
|
|
@@ -169,6 +170,7 @@ async function base64LoginResponse({ requestInfo = {}, entity, user = {}, custom
|
|
|
169
170
|
privateKeyPass,
|
|
170
171
|
signatureAlgorithm,
|
|
171
172
|
signingCert: metadata.idp.getX509Certificate('signing'),
|
|
173
|
+
allowCertificateUsageMismatch: idpSetting.allowCertificateUsageMismatch,
|
|
172
174
|
isBase64Output: false,
|
|
173
175
|
};
|
|
174
176
|
// step: sign assertion ? -> encrypted ? -> sign message ?
|
|
@@ -281,6 +283,7 @@ function base64LogoutRequest(user, referenceTagXPath, entity, customTagReplaceme
|
|
|
281
283
|
transformationAlgorithms,
|
|
282
284
|
rawSamlMessage: rawSamlRequest,
|
|
283
285
|
signingCert: metadata.init.getX509Certificate('signing'),
|
|
286
|
+
allowCertificateUsageMismatch: initSetting.allowCertificateUsageMismatch,
|
|
284
287
|
signatureConfig: initSetting.signatureConfig || {
|
|
285
288
|
prefix: 'ds',
|
|
286
289
|
location: {
|
|
@@ -345,6 +348,7 @@ function base64LogoutResponse(requestInfo, entity, customTagReplacement) {
|
|
|
345
348
|
signatureAlgorithm,
|
|
346
349
|
rawSamlMessage: rawSamlResponse,
|
|
347
350
|
signingCert: metadata.init.getX509Certificate('signing'),
|
|
351
|
+
allowCertificateUsageMismatch: initSetting.allowCertificateUsageMismatch,
|
|
348
352
|
signatureConfig: {
|
|
349
353
|
prefix: 'ds',
|
|
350
354
|
location: {
|
|
@@ -164,6 +164,7 @@ function loginRequestRedirectURLArt(entity, customTagReplacement) {
|
|
|
164
164
|
isBase64Output: false,
|
|
165
165
|
rawSamlMessage: rawSamlRequest,
|
|
166
166
|
signingCert: metadata.sp.getX509Certificate('signing'),
|
|
167
|
+
allowCertificateUsageMismatch: spSetting.allowCertificateUsageMismatch,
|
|
167
168
|
signatureConfig: spSetting.signatureConfig || {
|
|
168
169
|
prefix: 'ds',
|
|
169
170
|
location: {
|
|
@@ -193,6 +194,7 @@ function loginRequestRedirectURLArt(entity, customTagReplacement) {
|
|
|
193
194
|
transformationAlgorithms,
|
|
194
195
|
rawSamlMessage: soapTemplate,
|
|
195
196
|
signingCert: metadata.sp.getX509Certificate('signing'),
|
|
197
|
+
allowCertificateUsageMismatch: spSetting.allowCertificateUsageMismatch,
|
|
196
198
|
signatureConfig: {
|
|
197
199
|
prefix: 'ds',
|
|
198
200
|
location: { reference: "//*[local-name()='Header']", action: 'after' },
|
|
@@ -276,6 +278,7 @@ function loginResponseRedirectURL(requestInfo, entity, user = {}, relayState, cu
|
|
|
276
278
|
privateKeyPass,
|
|
277
279
|
signatureAlgorithm,
|
|
278
280
|
signingCert: metadata.idp.getX509Certificate('signing'),
|
|
281
|
+
allowCertificateUsageMismatch: idpSetting.allowCertificateUsageMismatch,
|
|
279
282
|
isBase64Output: false,
|
|
280
283
|
};
|
|
281
284
|
// step: sign assertion ? -> encrypted ? -> sign message ?
|
|
@@ -163,6 +163,7 @@ async function base64LoginResponse(requestInfo = {}, entity, user = {}, relaySta
|
|
|
163
163
|
privateKeyPass,
|
|
164
164
|
signatureAlgorithm,
|
|
165
165
|
signingCert: metadata.idp.getX509Certificate('signing'),
|
|
166
|
+
allowCertificateUsageMismatch: idpSetting.allowCertificateUsageMismatch,
|
|
166
167
|
isBase64Output: false,
|
|
167
168
|
};
|
|
168
169
|
// step: sign assertion ? -> encrypted ? -> sign message ?
|
package/build/src/entity.js
CHANGED
|
@@ -18,6 +18,7 @@ const messageSigningOrders = messageConfigurations.signingOrder;
|
|
|
18
18
|
const defaultEntitySetting = {
|
|
19
19
|
strictSecurity: true,
|
|
20
20
|
allowLegacySha1: false,
|
|
21
|
+
allowCertificateUsageMismatch: false,
|
|
21
22
|
wantLogoutResponseSigned: false,
|
|
22
23
|
messageSigningOrder: messageSigningOrders.SIGN_THEN_ENCRYPT,
|
|
23
24
|
wantLogoutRequestSigned: false,
|
package/build/src/flow.js
CHANGED
|
@@ -24,6 +24,25 @@ function getDefaultExtractorFields(parserType, assertion) {
|
|
|
24
24
|
throw new Error('ERR_UNDEFINED_PARSERTYPE');
|
|
25
25
|
}
|
|
26
26
|
}
|
|
27
|
+
function buildPostVerificationResult(parseResult, verificationResult, extra = {}) {
|
|
28
|
+
return {
|
|
29
|
+
...parseResult,
|
|
30
|
+
verificationResult: {
|
|
31
|
+
isMessageSigned: verificationResult?.isMessageSigned,
|
|
32
|
+
MessageSignatureStatus: verificationResult?.MessageSignatureStatus,
|
|
33
|
+
isAssertionSigned: verificationResult?.isAssertionSigned,
|
|
34
|
+
AssertionSignatureStatus: verificationResult?.AssertionSignatureStatus,
|
|
35
|
+
encrypted: verificationResult?.encrypted,
|
|
36
|
+
decrypted: verificationResult?.decrypted,
|
|
37
|
+
type: verificationResult?.type,
|
|
38
|
+
status: verificationResult?.status,
|
|
39
|
+
hasUnsafeSignatureAlgorithm: verificationResult?.hasUnsafeSignatureAlgorithm,
|
|
40
|
+
unsafeSignatureAlgorithm: verificationResult?.unsafeSignatureAlgorithm,
|
|
41
|
+
verificationStrategy: extra?.verificationStrategy,
|
|
42
|
+
verifiedAssertions: extra?.verifiedAssertions ?? null,
|
|
43
|
+
},
|
|
44
|
+
};
|
|
45
|
+
}
|
|
27
46
|
function collectServiceLocations(entityMeta, serviceKey) {
|
|
28
47
|
const serviceConfig = entityMeta?.meta?.[serviceKey];
|
|
29
48
|
if (!serviceConfig) {
|
|
@@ -281,6 +300,7 @@ async function redirectFlow(options) {
|
|
|
281
300
|
const verified = libsaml.verifyMessageSignature(targetEntityMetadata, octetString, base64Signature, sigAlg, {
|
|
282
301
|
strictSecurity: self?.entitySetting?.strictSecurity,
|
|
283
302
|
allowLegacySha1: self?.entitySetting?.allowLegacySha1,
|
|
303
|
+
allowCertificateUsageMismatch: self?.entitySetting?.allowCertificateUsageMismatch,
|
|
284
304
|
});
|
|
285
305
|
if (!verified) {
|
|
286
306
|
// Fail to verify message signature
|
|
@@ -311,6 +331,7 @@ async function postFlow(options) {
|
|
|
311
331
|
const verificationOptions = {
|
|
312
332
|
metadata: from.entityMeta,
|
|
313
333
|
signatureAlgorithm: from.entitySetting.requestSignatureAlgorithm,
|
|
334
|
+
allowCertificateUsageMismatch: self?.entitySetting?.allowCertificateUsageMismatch,
|
|
314
335
|
};
|
|
315
336
|
/** 断言是否加密应根据响应里面的字段判断*/
|
|
316
337
|
let decryptRequired = from.entitySetting.isAssertionEncrypted;
|
|
@@ -392,21 +413,10 @@ async function postFlow(options) {
|
|
|
392
413
|
if (validationError) {
|
|
393
414
|
return Promise.reject(validationError);
|
|
394
415
|
}
|
|
395
|
-
return Promise.resolve({
|
|
396
|
-
|
|
397
|
-
|
|
398
|
-
|
|
399
|
-
MessageSignatureStatus: verificationResult?.MessageSignatureStatus,
|
|
400
|
-
isAssertionSigned: verificationResult?.isAssertionSigned,
|
|
401
|
-
AssertionSignatureStatus: verificationResult?.AssertionSignatureStatus,
|
|
402
|
-
encrypted: verificationResult?.encrypted,
|
|
403
|
-
decrypted: verificationResult?.decrypted,
|
|
404
|
-
type: verificationResult?.type, // 添加类型字段
|
|
405
|
-
status: verificationResult?.status,
|
|
406
|
-
hasUnsafeSignatureAlgorithm: verificationResult?.hasUnsafeSignatureAlgorithm,
|
|
407
|
-
unsafeSignatureAlgorithm: verificationResult?.unsafeSignatureAlgorithm
|
|
408
|
-
},
|
|
409
|
-
});
|
|
416
|
+
return Promise.resolve(buildPostVerificationResult(parseResult, verificationResult, {
|
|
417
|
+
verificationStrategy: 'single-assertion',
|
|
418
|
+
verifiedAssertions: [parseResult],
|
|
419
|
+
}));
|
|
410
420
|
}
|
|
411
421
|
// proceed the post Artifact flow
|
|
412
422
|
async function postArtifactFlow(options) {
|
|
@@ -418,6 +428,7 @@ async function postArtifactFlow(options) {
|
|
|
418
428
|
const verificationOptions = {
|
|
419
429
|
metadata: from.entityMeta,
|
|
420
430
|
signatureAlgorithm: from.entitySetting.requestSignatureAlgorithm,
|
|
431
|
+
allowCertificateUsageMismatch: self?.entitySetting?.allowCertificateUsageMismatch,
|
|
421
432
|
};
|
|
422
433
|
/** 断言是否加密应根据响应里面的字段判断*/
|
|
423
434
|
let decryptRequired = from.entitySetting.isAssertionEncrypted;
|
|
@@ -524,6 +535,7 @@ async function postSimpleSignFlow(options) {
|
|
|
524
535
|
const verified = libsaml.verifyMessageSignature(targetEntityMetadata, octetString, base64Signature, sigAlg, {
|
|
525
536
|
strictSecurity: self?.entitySetting?.strictSecurity,
|
|
526
537
|
allowLegacySha1: self?.entitySetting?.allowLegacySha1,
|
|
538
|
+
allowCertificateUsageMismatch: self?.entitySetting?.allowCertificateUsageMismatch,
|
|
527
539
|
});
|
|
528
540
|
if (!verified) {
|
|
529
541
|
// Fail to verify message signature
|
package/build/src/libsaml.js
CHANGED
|
@@ -3,9 +3,8 @@
|
|
|
3
3
|
* @author tngan
|
|
4
4
|
* @desc A simple library including some common functions
|
|
5
5
|
*/
|
|
6
|
-
import { X509Certificate } from 'node:crypto';
|
|
7
6
|
import xml from 'xml';
|
|
8
|
-
import utility, { inflateString, isString, normalizeCertificates } from './utility.js';
|
|
7
|
+
import utility, { inflateString, isString, normalizeCertificates, } from './utility.js';
|
|
9
8
|
;
|
|
10
9
|
import * as crypto from 'node:crypto';
|
|
11
10
|
import { algorithms, namespace, wording } from './urn.js';
|
|
@@ -28,21 +27,34 @@ const signatureAlgorithms = algorithms.signature;
|
|
|
28
27
|
const digestAlgorithms = algorithms.signatureToDigestMap;
|
|
29
28
|
const certUse = wording.certUse;
|
|
30
29
|
const urlParams = wording.urlParams;
|
|
31
|
-
function
|
|
32
|
-
|
|
30
|
+
function validateCertificateForUse(certificate, expectedUse, options = {}) {
|
|
31
|
+
return utility.getPublicKeyPemFromCertificate(certificate, {
|
|
32
|
+
...options,
|
|
33
|
+
expectedUse,
|
|
34
|
+
}).toString();
|
|
35
|
+
}
|
|
36
|
+
function resolvePublicKeysFromCertificates(certificates, expectedUse, missingCertificateError, options = {}) {
|
|
37
|
+
const normalizedCertificates = normalizeCertificates(certificates);
|
|
38
|
+
if (normalizedCertificates.length === 0) {
|
|
39
|
+
throw new Error(missingCertificateError);
|
|
40
|
+
}
|
|
41
|
+
return normalizedCertificates.map((certificate) => validateCertificateForUse(certificate, expectedUse, options));
|
|
42
|
+
}
|
|
43
|
+
function resolveSignaturePublicKeys(metadata, options = {}) {
|
|
33
44
|
const metadataCerts = normalizeCertificates(metadata.getX509Certificate(certUse.signing));
|
|
34
|
-
if (
|
|
35
|
-
throw new Error('
|
|
45
|
+
if (metadataCerts.length === 0) {
|
|
46
|
+
throw new Error('ERR_METADATA_MISSING_SIGNING_CERT');
|
|
36
47
|
}
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
|
|
40
|
-
|
|
41
|
-
|
|
42
|
-
|
|
43
|
-
|
|
48
|
+
return resolvePublicKeysFromCertificates(metadataCerts, 'signing', 'ERR_METADATA_MISSING_SIGNING_CERT', options);
|
|
49
|
+
}
|
|
50
|
+
function resolveKeyFilePublicKeys(keyFile, options = {}) {
|
|
51
|
+
return resolvePublicKeysFromCertificates(fs.readFileSync(keyFile).toString(), 'signing', 'ERR_KEYFILE_MISSING_SIGNING_CERT', options);
|
|
52
|
+
}
|
|
53
|
+
function validateConfiguredCertificateUse(certificates, expectedUse, options = {}) {
|
|
54
|
+
const normalizedCertificates = normalizeCertificates(certificates);
|
|
55
|
+
for (const certificate of normalizedCertificates) {
|
|
56
|
+
validateCertificateForUse(certificate, expectedUse, options);
|
|
44
57
|
}
|
|
45
|
-
return metadataCerts.map((cert) => utility.getPublicKeyPemFromCertificate(cert).toString());
|
|
46
58
|
}
|
|
47
59
|
function verifyXmlSignatureWithPublicKeys(signatureNode, xmlCandidates, publicKeys, signatureAlgorithm) {
|
|
48
60
|
let lastError = null;
|
|
@@ -153,6 +165,26 @@ const libSaml = () => {
|
|
|
153
165
|
}
|
|
154
166
|
return false;
|
|
155
167
|
}
|
|
168
|
+
function resolveAllowCertificateUsageMismatch(securityOptions, self) {
|
|
169
|
+
if (securityOptions?.allowCertificateUsageMismatch !== undefined) {
|
|
170
|
+
return securityOptions.allowCertificateUsageMismatch === true;
|
|
171
|
+
}
|
|
172
|
+
const envAllowMismatch = getEnvironmentBoolean('SAMLIFY_ALLOW_CERTIFICATE_USAGE_MISMATCH');
|
|
173
|
+
if (envAllowMismatch !== undefined) {
|
|
174
|
+
return envAllowMismatch;
|
|
175
|
+
}
|
|
176
|
+
const entitySetting = self?.entitySetting;
|
|
177
|
+
if (entitySetting?.allowCertificateUsageMismatch !== undefined) {
|
|
178
|
+
return entitySetting.allowCertificateUsageMismatch === true;
|
|
179
|
+
}
|
|
180
|
+
return false;
|
|
181
|
+
}
|
|
182
|
+
function certificateValidationOptions(expectedUse, securityOptions, self) {
|
|
183
|
+
return {
|
|
184
|
+
expectedUse,
|
|
185
|
+
allowCertificateUsageMismatch: resolveAllowCertificateUsageMismatch(securityOptions, self),
|
|
186
|
+
};
|
|
187
|
+
}
|
|
156
188
|
/**
|
|
157
189
|
* @desc Default login request template
|
|
158
190
|
* @type {LoginRequestTemplate}
|
|
@@ -417,7 +449,12 @@ xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="{ID}"
|
|
|
417
449
|
const { rawSamlMessage, referenceTagXPath, privateKey, privateKeyPass, signatureAlgorithm = signatureAlgorithms.RSA_SHA256, transformationAlgorithms = [
|
|
418
450
|
'http://www.w3.org/2000/09/xmldsig#enveloped-signature',
|
|
419
451
|
'http://www.w3.org/2001/10/xml-exc-c14n#',
|
|
420
|
-
], signingCert, signatureConfig, isBase64Output = true, isMessageSigned = false, } = opts;
|
|
452
|
+
], signingCert, allowCertificateUsageMismatch, signatureConfig, isBase64Output = true, isMessageSigned = false, } = opts;
|
|
453
|
+
const normalizedSigningCert = normalizeCertificates(signingCert)[0];
|
|
454
|
+
if (!normalizedSigningCert) {
|
|
455
|
+
throw new Error('ERR_METADATA_MISSING_SIGNING_CERT');
|
|
456
|
+
}
|
|
457
|
+
const keyInfo = this.getKeyInfo(normalizedSigningCert, signatureConfig, certificateValidationOptions('signing', { allowCertificateUsageMismatch }));
|
|
421
458
|
const sig = new SignedXml();
|
|
422
459
|
// Add assertion sections as reference
|
|
423
460
|
const digestAlgorithm = getDigestMethod(signatureAlgorithm);
|
|
@@ -437,8 +474,8 @@ xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="{ID}"
|
|
|
437
474
|
});
|
|
438
475
|
}
|
|
439
476
|
sig.signatureAlgorithm = signatureAlgorithm;
|
|
440
|
-
sig.publicCert =
|
|
441
|
-
sig.getKeyInfoContent =
|
|
477
|
+
sig.publicCert = keyInfo.getKey();
|
|
478
|
+
sig.getKeyInfoContent = keyInfo.getKeyInfo;
|
|
442
479
|
sig.privateKey = utility.readPrivateKey(privateKey, privateKeyPass, true);
|
|
443
480
|
// Read the target canonicalization algorithm.
|
|
444
481
|
const targetAlgo = transformationAlgorithms[1];
|
|
@@ -459,34 +496,7 @@ xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="{ID}"
|
|
|
459
496
|
},
|
|
460
497
|
// Certificate validation helper.
|
|
461
498
|
validateCertificate(certificateBase64, expectedIssuer) {
|
|
462
|
-
|
|
463
|
-
const cert = new X509Certificate(Buffer.from(certificateBase64, 'base64'));
|
|
464
|
-
// Check certificate validity period.
|
|
465
|
-
const now = new Date();
|
|
466
|
-
if (new Date(cert.validFrom) > now || new Date(cert.validTo) < now) {
|
|
467
|
-
throw new Error('Certificate has expired or is not yet valid');
|
|
468
|
-
}
|
|
469
|
-
// Check issuer when an expected issuer is provided.
|
|
470
|
-
if (expectedIssuer && !cert.subject.includes(expectedIssuer)) {
|
|
471
|
-
throw new Error('Certificate issuer does not match expected value');
|
|
472
|
-
}
|
|
473
|
-
// Check public key type. RSA and EC are preferred.
|
|
474
|
-
if (!['rsa', 'ec'].includes(cert.publicKey.type.toLowerCase())) {
|
|
475
|
-
throw new Error('Certificate uses unsupported public key type');
|
|
476
|
-
}
|
|
477
|
-
return {
|
|
478
|
-
isValid: true,
|
|
479
|
-
subject: cert.subject,
|
|
480
|
-
issuer: cert.issuer,
|
|
481
|
-
publicKey: cert.publicKey
|
|
482
|
-
};
|
|
483
|
-
}
|
|
484
|
-
catch (error) {
|
|
485
|
-
return {
|
|
486
|
-
isValid: false,
|
|
487
|
-
error: error.message
|
|
488
|
-
};
|
|
489
|
-
}
|
|
499
|
+
return utility.validateCertificate(certificateBase64, { expectedIssuer });
|
|
490
500
|
},
|
|
491
501
|
/**
|
|
492
502
|
* Verify SAML signatures across message, assertion, and encryption combinations.
|
|
@@ -513,6 +523,7 @@ xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="{ID}"
|
|
|
513
523
|
const messageSignatureNode = toNodeArray(select(messageSignatureXpath, doc));
|
|
514
524
|
const assertionSignatureNode = toNodeArray(select(assertionSignatureXpath, doc));
|
|
515
525
|
const encryptedAssertions = toNodeArray(select(encryptedAssertionsXPath, doc));
|
|
526
|
+
const topLevelAssertionNodes = toNodeArray(select("/*[local-name() = 'Response' or local-name() = 'AuthnRequest']/*[local-name() = 'Assertion']", doc));
|
|
516
527
|
// Initialize verification state.
|
|
517
528
|
let isMessageSigned = messageSignatureNode.length > 0;
|
|
518
529
|
let isAssertionSigned = assertionSignatureNode.length > 0;
|
|
@@ -556,6 +567,9 @@ xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="{ID}"
|
|
|
556
567
|
type = 'Unknown';
|
|
557
568
|
}
|
|
558
569
|
}
|
|
570
|
+
if (type === 'Response' && topLevelAssertionNodes.length + encryptedAssertions.length > 1) {
|
|
571
|
+
throw new Error('ERR_MULTIPLE_ASSERTION');
|
|
572
|
+
}
|
|
559
573
|
let hasUnsafeSignatureAlgorithm = false;
|
|
560
574
|
let unsafeSignatureAlgorithm = '';
|
|
561
575
|
// Reject unsigned SAML responses that carry unsigned assertions.
|
|
@@ -583,6 +597,45 @@ xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="{ID}"
|
|
|
583
597
|
}
|
|
584
598
|
return signatureAlgorithm.value;
|
|
585
599
|
};
|
|
600
|
+
const resolveVerificationPublicKeys = () => {
|
|
601
|
+
if (!opts.keyFile && !opts.metadata) {
|
|
602
|
+
throw new Error('ERR_UNDEFINED_SIGNATURE_VERIFIER_OPTIONS');
|
|
603
|
+
}
|
|
604
|
+
if (opts.keyFile) {
|
|
605
|
+
return resolveKeyFilePublicKeys(opts.keyFile, certificateValidationOptions('signing', opts, self));
|
|
606
|
+
}
|
|
607
|
+
return resolveSignaturePublicKeys(opts.metadata, certificateValidationOptions('signing', opts, self));
|
|
608
|
+
};
|
|
609
|
+
const verifyAssertionNodeSignature = (assertionNode) => {
|
|
610
|
+
const signatureNode = toNodeArray(select("./*[local-name() = 'Signature']", assertionNode))[0];
|
|
611
|
+
if (!signatureNode) {
|
|
612
|
+
return {
|
|
613
|
+
signed: false,
|
|
614
|
+
verified: false,
|
|
615
|
+
};
|
|
616
|
+
}
|
|
617
|
+
const signatureAlgorithm = getSignatureAlgorithm(signatureNode);
|
|
618
|
+
const checkResult = checkUnsafeSignatureAlgorithm(signatureAlgorithm);
|
|
619
|
+
hasUnsafeSignatureAlgorithm = hasUnsafeSignatureAlgorithm || checkResult.hasUnsafeSignatureAlgorithm;
|
|
620
|
+
if (!unsafeSignatureAlgorithm && checkResult.unsafeSignatureAlgorithm) {
|
|
621
|
+
unsafeSignatureAlgorithm = checkResult.unsafeSignatureAlgorithm;
|
|
622
|
+
}
|
|
623
|
+
if (checkResult.hasUnsafeSignatureAlgorithm && !resolveAllowLegacySha1(opts, self)) {
|
|
624
|
+
throw new Error('ERR_UNSAFE_SIGNATURE_ALGORITHM');
|
|
625
|
+
}
|
|
626
|
+
const publicKeys = resolveVerificationPublicKeys();
|
|
627
|
+
const assertionDoc = dom.parseFromString(assertionNode.toString(), 'application/xml');
|
|
628
|
+
const fullDocumentXml = doc.toString();
|
|
629
|
+
const assertionXml = assertionDoc.toString();
|
|
630
|
+
const verificationCandidates = isInclusiveCanonicalizationSignature(signatureNode)
|
|
631
|
+
? [fullDocumentXml, assertionXml]
|
|
632
|
+
: [assertionXml, fullDocumentXml];
|
|
633
|
+
const verified = verifyXmlSignatureWithPublicKeys(signatureNode, verificationCandidates, publicKeys, signatureAlgorithm).verified;
|
|
634
|
+
return {
|
|
635
|
+
signed: true,
|
|
636
|
+
verified,
|
|
637
|
+
};
|
|
638
|
+
};
|
|
586
639
|
// Handle outer message signature with encrypted assertion.
|
|
587
640
|
if (isMessageSigned && encrypted) {
|
|
588
641
|
try {
|
|
@@ -611,10 +664,10 @@ xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="{ID}"
|
|
|
611
664
|
throw new Error('ERR_UNDEFINED_SIGNATURE_VERIFIER_OPTIONS');
|
|
612
665
|
}
|
|
613
666
|
if (opts.keyFile) {
|
|
614
|
-
publicKeys =
|
|
667
|
+
publicKeys = resolveKeyFilePublicKeys(opts.keyFile, certificateValidationOptions('signing', opts, self));
|
|
615
668
|
}
|
|
616
669
|
else if (opts.metadata) {
|
|
617
|
-
publicKeys = resolveSignaturePublicKeys(
|
|
670
|
+
publicKeys = resolveSignaturePublicKeys(opts.metadata, certificateValidationOptions('signing', opts, self));
|
|
618
671
|
}
|
|
619
672
|
// Verify the outer message signature.
|
|
620
673
|
const verifyResult = verifyXmlSignatureWithPublicKeys(signatureNode, [decryptedDoc.toString(), xml], publicKeys, opts.signatureAlgorithm);
|
|
@@ -640,16 +693,7 @@ xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="{ID}"
|
|
|
640
693
|
if (checkResult.hasUnsafeSignatureAlgorithm && !resolveAllowLegacySha1(opts, self)) {
|
|
641
694
|
throw new Error('ERR_UNSAFE_SIGNATURE_ALGORITHM');
|
|
642
695
|
}
|
|
643
|
-
|
|
644
|
-
if (!opts.keyFile && !opts.metadata) {
|
|
645
|
-
throw new Error('ERR_UNDEFINED_SIGNATURE_VERIFIER_OPTIONS');
|
|
646
|
-
}
|
|
647
|
-
if (opts.keyFile) {
|
|
648
|
-
publicKeys = [fs.readFileSync(opts.keyFile)];
|
|
649
|
-
}
|
|
650
|
-
else if (opts.metadata) {
|
|
651
|
-
publicKeys = resolveSignaturePublicKeys(signatureNode, opts.metadata);
|
|
652
|
-
}
|
|
696
|
+
const publicKeys = resolveVerificationPublicKeys();
|
|
653
697
|
MessageSignatureStatus = verifyXmlSignatureWithPublicKeys(signatureNode, [doc.toString()], publicKeys, signatureAlgorithm).verified;
|
|
654
698
|
if (!MessageSignatureStatus) {
|
|
655
699
|
throw new Error('ERR_FAILED_TO_VERIFY_MESSAGE_SIGNATURE');
|
|
@@ -657,38 +701,8 @@ xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="{ID}"
|
|
|
657
701
|
}
|
|
658
702
|
// Verify assertion signatures with exact algorithm resolution.
|
|
659
703
|
if (isAssertionSigned && !encrypted) {
|
|
660
|
-
const
|
|
661
|
-
|
|
662
|
-
const checkResult = checkUnsafeSignatureAlgorithm(signatureAlgorithm);
|
|
663
|
-
hasUnsafeSignatureAlgorithm = checkResult.hasUnsafeSignatureAlgorithm;
|
|
664
|
-
unsafeSignatureAlgorithm = checkResult.unsafeSignatureAlgorithm ?? "";
|
|
665
|
-
if (checkResult.hasUnsafeSignatureAlgorithm && !resolveAllowLegacySha1(opts, self)) {
|
|
666
|
-
throw new Error('ERR_UNSAFE_SIGNATURE_ALGORITHM');
|
|
667
|
-
}
|
|
668
|
-
let publicKeys = [];
|
|
669
|
-
if (!opts.keyFile && !opts.metadata) {
|
|
670
|
-
throw new Error('ERR_UNDEFINED_SIGNATURE_VERIFIER_OPTIONS');
|
|
671
|
-
}
|
|
672
|
-
if (opts.keyFile) {
|
|
673
|
-
publicKeys = [fs.readFileSync(opts.keyFile)];
|
|
674
|
-
}
|
|
675
|
-
else if (opts.metadata) {
|
|
676
|
-
publicKeys = resolveSignaturePublicKeys(signatureNode, opts.metadata);
|
|
677
|
-
}
|
|
678
|
-
// Locate the assertion node with exact matching.
|
|
679
|
-
const assertionNode = select("/*[local-name() = 'Response' or local-name() = 'AuthnRequest']/*[local-name() = 'Assertion']", doc)[0];
|
|
680
|
-
if (assertionNode) {
|
|
681
|
-
const assertionDoc = dom.parseFromString(assertionNode.toString(), 'application/xml');
|
|
682
|
-
const fullDocumentXml = doc.toString();
|
|
683
|
-
const assertionXml = assertionDoc.toString();
|
|
684
|
-
const verificationCandidates = isInclusiveCanonicalizationSignature(signatureNode)
|
|
685
|
-
? [fullDocumentXml, assertionXml]
|
|
686
|
-
: [assertionXml, fullDocumentXml];
|
|
687
|
-
AssertionSignatureStatus = verifyXmlSignatureWithPublicKeys(signatureNode, verificationCandidates, publicKeys, signatureAlgorithm).verified;
|
|
688
|
-
}
|
|
689
|
-
else {
|
|
690
|
-
AssertionSignatureStatus = false;
|
|
691
|
-
}
|
|
704
|
+
const assertionStatus = verifyAssertionNodeSignature(topLevelAssertionNodes[0]);
|
|
705
|
+
AssertionSignatureStatus = assertionStatus.verified;
|
|
692
706
|
if (!AssertionSignatureStatus) {
|
|
693
707
|
throw new Error('ERR_FAILED_TO_VERIFY_ASSERTION_SIGNATURE');
|
|
694
708
|
}
|
|
@@ -815,10 +829,10 @@ xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="{ID}"
|
|
|
815
829
|
throw new Error('ERR_UNDEFINED_SIGNATURE_VERIFIER_OPTIONS');
|
|
816
830
|
}
|
|
817
831
|
if (opts.keyFile) {
|
|
818
|
-
publicKeys =
|
|
832
|
+
publicKeys = resolveKeyFilePublicKeys(opts.keyFile, certificateValidationOptions('signing', opts));
|
|
819
833
|
}
|
|
820
834
|
if (opts.metadata) {
|
|
821
|
-
publicKeys = resolveSignaturePublicKeys(
|
|
835
|
+
publicKeys = resolveSignaturePublicKeys(opts.metadata, certificateValidationOptions('signing', opts));
|
|
822
836
|
}
|
|
823
837
|
const verifyResult = verifyXmlSignatureWithPublicKeys(signatureNode, [xml], publicKeys, opts.signatureAlgorithm);
|
|
824
838
|
const verified = verifyResult.verified;
|
|
@@ -927,6 +941,7 @@ xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="{ID}"
|
|
|
927
941
|
try {
|
|
928
942
|
const signCerts = normalizeCertificates(metadata.getX509Certificate('signing'));
|
|
929
943
|
const algorithm = getSigningAlgorithm(verifyAlgorithm, securityOptions);
|
|
944
|
+
const validationOptions = certificateValidationOptions('signing', securityOptions);
|
|
930
945
|
if (signCerts.length === 0) {
|
|
931
946
|
throw new Error('ERR_METADATA_MISSING_SIGNING_CERT');
|
|
932
947
|
}
|
|
@@ -934,7 +949,7 @@ xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="{ID}"
|
|
|
934
949
|
let lastError = null;
|
|
935
950
|
for (const signCert of signCerts) {
|
|
936
951
|
try {
|
|
937
|
-
const publicKeyPem =
|
|
952
|
+
const publicKeyPem = validateCertificateForUse(signCert, 'signing', validationOptions);
|
|
938
953
|
const verifier = crypto.createVerify(algorithm);
|
|
939
954
|
verifier.update(octetString, 'utf8');
|
|
940
955
|
if (verifier.verify(publicKeyPem, signatureBuffer)) {
|
|
@@ -960,14 +975,19 @@ xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="{ID}"
|
|
|
960
975
|
* @param {string} x509Certificate certificate
|
|
961
976
|
* @return {string} public key
|
|
962
977
|
*/
|
|
963
|
-
getKeyInfo(x509Certificate, signatureConfig = {}) {
|
|
978
|
+
getKeyInfo(x509Certificate, signatureConfig = {}, validationOptions = { expectedUse: 'signing' }) {
|
|
979
|
+
const normalizedCertificate = normalizeCertificates(x509Certificate)[0];
|
|
980
|
+
if (!normalizedCertificate) {
|
|
981
|
+
throw new Error('ERR_METADATA_MISSING_SIGNING_CERT');
|
|
982
|
+
}
|
|
983
|
+
const expectedUse = validationOptions.expectedUse ?? 'signing';
|
|
964
984
|
const prefix = signatureConfig.prefix ? `${signatureConfig.prefix}:` : '';
|
|
965
985
|
return {
|
|
966
986
|
getKeyInfo: () => {
|
|
967
|
-
return `<${prefix}X509Data><${prefix}X509Certificate>${
|
|
987
|
+
return `<${prefix}X509Data><${prefix}X509Certificate>${normalizedCertificate}</${prefix}X509Certificate></${prefix}X509Data>`;
|
|
968
988
|
},
|
|
969
989
|
getKey: () => {
|
|
970
|
-
return
|
|
990
|
+
return validateCertificateForUse(normalizedCertificate, expectedUse, validationOptions);
|
|
971
991
|
},
|
|
972
992
|
};
|
|
973
993
|
},
|
|
@@ -1003,7 +1023,9 @@ xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="{ID}"
|
|
|
1003
1023
|
if (!encryptPem) {
|
|
1004
1024
|
throw new Error('ERR_METADATA_MISSING_ENCRYPTION_CERT');
|
|
1005
1025
|
}
|
|
1006
|
-
const publicKeyPem =
|
|
1026
|
+
const publicKeyPem = validateCertificateForUse(encryptPem, 'encryption', certificateValidationOptions('encryption', {
|
|
1027
|
+
allowCertificateUsageMismatch: sourceEntitySetting.allowCertificateUsageMismatch,
|
|
1028
|
+
}, sourceEntity));
|
|
1007
1029
|
xmlenc.encrypt(rawAssertionNode.toString(), {
|
|
1008
1030
|
// use xml-encryption module
|
|
1009
1031
|
rsa_pub: Buffer.from(publicKeyPem), // public key from certificate
|
|
@@ -1058,6 +1080,7 @@ xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="{ID}"
|
|
|
1058
1080
|
// Wrap asynchronous decryption in a Promise.
|
|
1059
1081
|
let decryptedResult;
|
|
1060
1082
|
try {
|
|
1083
|
+
validateConfiguredCertificateUse(here?.entityMeta?.getX509Certificate?.(certUse.encrypt), 'encryption', certificateValidationOptions('encryption', opts, here));
|
|
1061
1084
|
const decryptResult = await xmlenc.decrypt(encAssertionXml, {
|
|
1062
1085
|
key: utility.readPrivateKey(hereSetting.encPrivateKey, hereSetting.encPrivateKeyPass),
|
|
1063
1086
|
warnInsecureAlgorithm: true,
|
|
@@ -1090,10 +1113,10 @@ xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="{ID}"
|
|
|
1090
1113
|
throw new Error('ERR_UNDEFINED_SIGNATURE_VERIFIER_OPTIONS');
|
|
1091
1114
|
}
|
|
1092
1115
|
if (opts.keyFile) {
|
|
1093
|
-
publicKeys =
|
|
1116
|
+
publicKeys = resolveKeyFilePublicKeys(opts.keyFile, certificateValidationOptions('signing', opts, here));
|
|
1094
1117
|
}
|
|
1095
1118
|
else if (opts.metadata) {
|
|
1096
|
-
publicKeys = resolveSignaturePublicKeys(
|
|
1119
|
+
publicKeys = resolveSignaturePublicKeys(opts.metadata, certificateValidationOptions('signing', opts, here));
|
|
1097
1120
|
}
|
|
1098
1121
|
// Detect unsafe signature algorithms.
|
|
1099
1122
|
let checkSafeResult = checkUnsafeSignatureAlgorithm(opts.signatureAlgorithm || '');
|
|
@@ -1144,10 +1167,11 @@ xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="{ID}"
|
|
|
1144
1167
|
throw new Error('ERR_ENCRYPTED_ASSERTION_NOT_FOUND');
|
|
1145
1168
|
}
|
|
1146
1169
|
if (encryptedAssertions.length > 1) {
|
|
1147
|
-
|
|
1170
|
+
throw new Error('ERR_MULTIPLE_ASSERTION');
|
|
1148
1171
|
}
|
|
1149
1172
|
const encAssertionNode = encryptedAssertions[0];
|
|
1150
1173
|
// Prepare the decryption key.
|
|
1174
|
+
validateConfiguredCertificateUse(self?.entityMeta?.getX509Certificate?.(certUse.encrypt), 'encryption', certificateValidationOptions('encryption', undefined, self));
|
|
1151
1175
|
const privateKey = utility.readPrivateKey(self.entitySetting.encPrivateKey, self.entitySetting.encPrivateKeyPass);
|
|
1152
1176
|
// Decrypt the assertion.
|
|
1153
1177
|
const decryptedAssertion = await new Promise((resolve, reject) => {
|
package/build/src/libsamlSoap.js
CHANGED
|
@@ -3,7 +3,6 @@ import { DOMParser } from '@xmldom/xmldom';
|
|
|
3
3
|
import { select } from 'xpath';
|
|
4
4
|
import { SignedXml } from 'xml-crypto-next';
|
|
5
5
|
import utility, { normalizeCertificates } from './utility.js';
|
|
6
|
-
import libsaml from './libsaml.js';
|
|
7
6
|
import { wording } from './urn.js';
|
|
8
7
|
import { getContext } from './api.js';
|
|
9
8
|
function toNodeArray(result) {
|
|
@@ -75,27 +74,31 @@ function serializeWithInheritedNamespaces(node) {
|
|
|
75
74
|
}
|
|
76
75
|
const certUse = wording.certUse;
|
|
77
76
|
const docParser = new DOMParser();
|
|
78
|
-
function
|
|
77
|
+
function certificateValidationOptions(opts) {
|
|
78
|
+
return {
|
|
79
|
+
expectedUse: 'signing',
|
|
80
|
+
allowCertificateUsageMismatch: opts.allowCertificateUsageMismatch === true,
|
|
81
|
+
};
|
|
82
|
+
}
|
|
83
|
+
function publicKeysFromCertificates(certificates, missingCertificateError, opts) {
|
|
84
|
+
const normalizedCertificates = normalizeCertificates(certificates);
|
|
85
|
+
if (normalizedCertificates.length === 0) {
|
|
86
|
+
throw new Error(missingCertificateError);
|
|
87
|
+
}
|
|
88
|
+
return normalizedCertificates.map((certificate) => utility.getPublicKeyPemFromCertificate(certificate, certificateValidationOptions(opts)).toString());
|
|
89
|
+
}
|
|
90
|
+
function resolvePublicCertificates(opts) {
|
|
79
91
|
if (!opts.keyFile && !opts.metadata) {
|
|
80
92
|
throw new Error('ERR_UNDEFINED_SIGNATURE_VERIFIER_OPTIONS');
|
|
81
93
|
}
|
|
82
94
|
if (opts.keyFile) {
|
|
83
|
-
return
|
|
95
|
+
return publicKeysFromCertificates(fs.readFileSync(opts.keyFile).toString(), 'ERR_KEYFILE_MISSING_SIGNING_CERT', opts);
|
|
84
96
|
}
|
|
85
|
-
const certificateNode = toNodeArray(select(".//*[local-name(.)='X509Certificate']", signatureNode));
|
|
86
97
|
const metadataCerts = normalizeCertificates(opts.metadata.getX509Certificate(certUse.signing));
|
|
87
|
-
if (
|
|
88
|
-
throw new Error('
|
|
89
|
-
}
|
|
90
|
-
if (certificateNode.length > 0) {
|
|
91
|
-
const x509CertificateData = certificateNode[0].firstChild?.nodeValue || '';
|
|
92
|
-
const x509Certificate = utility.normalizeCerString(x509CertificateData);
|
|
93
|
-
if (metadataCerts.length > 0 && !metadataCerts.includes(x509Certificate)) {
|
|
94
|
-
throw new Error('ERROR_UNMATCH_CERTIFICATE_DECLARATION_IN_METADATA');
|
|
95
|
-
}
|
|
96
|
-
return [libsaml.getKeyInfo(x509Certificate).getKey()];
|
|
98
|
+
if (metadataCerts.length === 0) {
|
|
99
|
+
throw new Error('ERR_METADATA_MISSING_SIGNING_CERT');
|
|
97
100
|
}
|
|
98
|
-
return metadataCerts
|
|
101
|
+
return publicKeysFromCertificates(metadataCerts, 'ERR_METADATA_MISSING_SIGNING_CERT', opts);
|
|
99
102
|
}
|
|
100
103
|
function uniqueXmlCandidates(candidates) {
|
|
101
104
|
return candidates.filter((candidate, index, list) => typeof candidate === 'string' &&
|
|
@@ -107,6 +110,9 @@ function extractResolvedMessages(rootNode) {
|
|
|
107
110
|
if (resolvedNodes.length === 0) {
|
|
108
111
|
return [];
|
|
109
112
|
}
|
|
113
|
+
if (resolvedNodes.length > 1) {
|
|
114
|
+
throw new Error('ERR_MULTIPLE_RESOLVED_MESSAGES');
|
|
115
|
+
}
|
|
110
116
|
const resolvedNode = resolvedNodes[0];
|
|
111
117
|
return uniqueXmlCandidates([
|
|
112
118
|
serializeWithInheritedNamespaces(resolvedNode),
|
|
@@ -115,7 +121,7 @@ function extractResolvedMessages(rootNode) {
|
|
|
115
121
|
}
|
|
116
122
|
function verifySignature(xml, signatureNodes, opts) {
|
|
117
123
|
for (const signatureNode of signatureNodes) {
|
|
118
|
-
const publicKeys = resolvePublicCertificates(
|
|
124
|
+
const publicKeys = resolvePublicCertificates(opts);
|
|
119
125
|
let verifiedSig = null;
|
|
120
126
|
let lastError = null;
|
|
121
127
|
const parentXml = signatureNode?.parentNode ? serializeWithInheritedNamespaces(signatureNode.parentNode) : '';
|
package/build/src/utility.js
CHANGED
|
@@ -6,6 +6,76 @@
|
|
|
6
6
|
import { createPrivateKey, X509Certificate } from 'node:crypto';
|
|
7
7
|
import { deflateRawSync, inflateRawSync } from 'node:zlib';
|
|
8
8
|
const BASE64_STR = 'base64';
|
|
9
|
+
const certificateUsageRequirements = {
|
|
10
|
+
signing: new Set([
|
|
11
|
+
'1.3.6.1.5.5.7.3.3',
|
|
12
|
+
'1.3.6.1.5.5.7.3.36',
|
|
13
|
+
'codesigning',
|
|
14
|
+
'documentsigning',
|
|
15
|
+
'digitalsignature',
|
|
16
|
+
]),
|
|
17
|
+
encryption: new Set([
|
|
18
|
+
'1.3.6.1.5.5.7.3.4',
|
|
19
|
+
'emailprotection',
|
|
20
|
+
'keyencipherment',
|
|
21
|
+
'dataencipherment',
|
|
22
|
+
]),
|
|
23
|
+
};
|
|
24
|
+
function normalizeCertificateInput(certificate) {
|
|
25
|
+
const cleanCert = certificate
|
|
26
|
+
.toString()
|
|
27
|
+
.replace(/-----BEGIN CERTIFICATE-----/g, '')
|
|
28
|
+
.replace(/-----END CERTIFICATE-----/g, '')
|
|
29
|
+
.replace(/\r\n/g, '')
|
|
30
|
+
.replace(/\n/g, '')
|
|
31
|
+
.replace(/\r/g, '')
|
|
32
|
+
.replace(/ /g, '')
|
|
33
|
+
.trim();
|
|
34
|
+
const pemCert = `-----BEGIN CERTIFICATE-----\n${cleanCert}\n-----END CERTIFICATE-----`;
|
|
35
|
+
return { cleanCert, pemCert };
|
|
36
|
+
}
|
|
37
|
+
function normalizeUsageValue(value) {
|
|
38
|
+
return value.trim().toLowerCase();
|
|
39
|
+
}
|
|
40
|
+
function certificateMatchesExpectedUse(cert, expectedUse) {
|
|
41
|
+
const usages = Array.isArray(cert.keyUsage)
|
|
42
|
+
? cert.keyUsage.map(normalizeUsageValue)
|
|
43
|
+
: [];
|
|
44
|
+
if (usages.length === 0) {
|
|
45
|
+
// 证书未声明 EKU/用途限制时,视为不受用途约束,放行使用。
|
|
46
|
+
return true;
|
|
47
|
+
}
|
|
48
|
+
return usages.some((usage) => certificateUsageRequirements[expectedUse].has(usage));
|
|
49
|
+
}
|
|
50
|
+
function describeCertificateUse(expectedUse) {
|
|
51
|
+
const normalizedUse = String(expectedUse ?? '').trim().toLowerCase();
|
|
52
|
+
if (normalizedUse === 'signing') {
|
|
53
|
+
return 'signing(签名)';
|
|
54
|
+
}
|
|
55
|
+
if (normalizedUse === 'encryption') {
|
|
56
|
+
return 'encryption(加密)';
|
|
57
|
+
}
|
|
58
|
+
return normalizedUse || 'unknown';
|
|
59
|
+
}
|
|
60
|
+
function createCertificateValidationError(validation, options = {}) {
|
|
61
|
+
const errorCode = validation.error || 'ERR_INVALID_CERTIFICATE';
|
|
62
|
+
const certificateKeyUsage = Array.isArray(validation.keyUsage)
|
|
63
|
+
? validation.keyUsage.map((usage) => String(usage).trim()).filter(Boolean)
|
|
64
|
+
: [];
|
|
65
|
+
const error = new Error(errorCode);
|
|
66
|
+
error.code = errorCode;
|
|
67
|
+
error.expectedUse = options.expectedUse ?? null;
|
|
68
|
+
error.certificateKeyUsage = certificateKeyUsage;
|
|
69
|
+
error.certificateSubject = validation.subject ?? null;
|
|
70
|
+
error.certificateIssuer = validation.issuer ?? null;
|
|
71
|
+
error.certificateValidFrom = validation.validFrom ?? null;
|
|
72
|
+
error.certificateValidTo = validation.validTo ?? null;
|
|
73
|
+
if (errorCode === 'ERR_CERTIFICATE_USAGE_MISMATCH') {
|
|
74
|
+
const actualUsageText = certificateKeyUsage.length > 0 ? certificateKeyUsage.join(', ') : 'unknown';
|
|
75
|
+
error.message = `${errorCode}: certificate keyUsage=${actualUsageText}, expectedUse=${describeCertificateUse(options.expectedUse)}`;
|
|
76
|
+
}
|
|
77
|
+
return error;
|
|
78
|
+
}
|
|
9
79
|
/**
|
|
10
80
|
* @desc Mimic lodash.zipObject
|
|
11
81
|
* @param arr1 {string[]}
|
|
@@ -177,20 +247,12 @@ function applyDefault(obj1, obj2) {
|
|
|
177
247
|
* @param {string} x509 certificate
|
|
178
248
|
* @return {string} public key fetched from the certificate
|
|
179
249
|
*/
|
|
180
|
-
function getPublicKeyPemFromCertificate(x509CertificateString) {
|
|
181
|
-
|
|
182
|
-
|
|
183
|
-
|
|
184
|
-
|
|
185
|
-
|
|
186
|
-
.replace(/\n/g, '')
|
|
187
|
-
.replace(/\r/g, '')
|
|
188
|
-
.replace(/ /g, '')
|
|
189
|
-
.trim();
|
|
190
|
-
// 将 Base64 字符串转换为 PEM 格式(添加头尾标记)
|
|
191
|
-
const pemCert = `-----BEGIN CERTIFICATE-----\n${cleanCert}\n-----END CERTIFICATE-----`;
|
|
192
|
-
// 解析 X.509 证书
|
|
193
|
-
const cert2 = new X509Certificate(pemCert);
|
|
250
|
+
function getPublicKeyPemFromCertificate(x509CertificateString, options = {}) {
|
|
251
|
+
const validation = validateCertificate(x509CertificateString, options);
|
|
252
|
+
if (!validation.isValid) {
|
|
253
|
+
throw createCertificateValidationError(validation, options);
|
|
254
|
+
}
|
|
255
|
+
const cert2 = validation.certificate || new X509Certificate(normalizeCertificateInput(x509CertificateString).pemCert);
|
|
194
256
|
const publicKeyObject = cert2.publicKey;
|
|
195
257
|
// 导出为 PEM 格式
|
|
196
258
|
return publicKeyObject.export({
|
|
@@ -358,6 +420,9 @@ export function normalizeCertificates(metadataCert) {
|
|
|
358
420
|
// 扁平化嵌套数组
|
|
359
421
|
certArray = flattenDeep(metadataCert);
|
|
360
422
|
}
|
|
423
|
+
else if (Buffer.isBuffer(metadataCert)) {
|
|
424
|
+
certArray = [metadataCert.toString()];
|
|
425
|
+
}
|
|
361
426
|
else if (typeof metadataCert === 'string') {
|
|
362
427
|
// 单个字符串转为数组
|
|
363
428
|
certArray = [metadataCert];
|
|
@@ -374,6 +439,9 @@ export function normalizeCertificates(metadataCert) {
|
|
|
374
439
|
if (cert === null || cert === undefined) {
|
|
375
440
|
return false;
|
|
376
441
|
}
|
|
442
|
+
if (Buffer.isBuffer(cert)) {
|
|
443
|
+
return cert.toString().trim().length > 0;
|
|
444
|
+
}
|
|
377
445
|
if (typeof cert !== 'string') {
|
|
378
446
|
console.warn(`normalizeCertificates: 跳过非字符串证书类型 ${typeof cert}`);
|
|
379
447
|
return false;
|
|
@@ -385,8 +453,9 @@ export function normalizeCertificates(metadataCert) {
|
|
|
385
453
|
return true;
|
|
386
454
|
})
|
|
387
455
|
.map((cert) => {
|
|
456
|
+
const certString = Buffer.isBuffer(cert) ? cert.toString() : cert;
|
|
388
457
|
// 清理证书字符串:移除 PEM 头尾、换行符、空格等
|
|
389
|
-
return
|
|
458
|
+
return certString
|
|
390
459
|
.replace(/-----BEGIN CERTIFICATE-----/g, '')
|
|
391
460
|
.replace(/-----END CERTIFICATE-----/g, '')
|
|
392
461
|
.replace(/\r\n/g, '')
|
|
@@ -410,51 +479,84 @@ export function normalizeCertificates(metadataCert) {
|
|
|
410
479
|
* @param {string} certificateBase64 - Base64 编码的证书(不含 PEM 头尾)
|
|
411
480
|
* @returns {{ isValid: boolean; error?: string }} 验证结果
|
|
412
481
|
*/
|
|
413
|
-
export function validateCertificate(certificateBase64) {
|
|
482
|
+
export function validateCertificate(certificateBase64, options = {}) {
|
|
414
483
|
try {
|
|
415
|
-
|
|
416
|
-
const cleanCert = certificateBase64
|
|
417
|
-
.replace(/-----BEGIN CERTIFICATE-----/g, '')
|
|
418
|
-
.replace(/-----END CERTIFICATE-----/g, '')
|
|
419
|
-
.replace(/\r\n/g, '')
|
|
420
|
-
.replace(/\n/g, '')
|
|
421
|
-
.replace(/\r/g, '')
|
|
422
|
-
.replace(/ /g, '')
|
|
423
|
-
.trim();
|
|
484
|
+
const { cleanCert, pemCert } = normalizeCertificateInput(certificateBase64);
|
|
424
485
|
// 验证 Base64 格式
|
|
425
486
|
const base64Regex = /^[A-Za-z0-9+/]+=*$/;
|
|
426
|
-
if (!base64Regex.test(cleanCert)) {
|
|
487
|
+
if (cleanCert.length === 0 || !base64Regex.test(cleanCert)) {
|
|
427
488
|
return {
|
|
428
489
|
isValid: false,
|
|
429
|
-
error: '
|
|
490
|
+
error: 'ERR_INVALID_CERTIFICATE'
|
|
430
491
|
};
|
|
431
492
|
}
|
|
432
|
-
// 转换为 PEM 格式
|
|
433
|
-
const pemCert = `-----BEGIN CERTIFICATE-----\n${cleanCert}\n-----END CERTIFICATE-----`;
|
|
434
|
-
// 尝试解析证书
|
|
435
493
|
const cert = new X509Certificate(pemCert);
|
|
436
|
-
|
|
437
|
-
|
|
438
|
-
|
|
494
|
+
const certificateDetails = {
|
|
495
|
+
subject: cert.subject,
|
|
496
|
+
issuer: cert.issuer,
|
|
497
|
+
validFrom: cert.validFrom,
|
|
498
|
+
validTo: cert.validTo,
|
|
499
|
+
keyUsage: Array.isArray(cert.keyUsage) ? cert.keyUsage.slice() : [],
|
|
500
|
+
};
|
|
501
|
+
const now = options.validationDate ?? new Date();
|
|
502
|
+
const validFrom = new Date(cert.validFrom);
|
|
503
|
+
const validTo = new Date(cert.validTo);
|
|
504
|
+
if (Number.isNaN(validFrom.getTime()) || Number.isNaN(validTo.getTime())) {
|
|
505
|
+
return {
|
|
506
|
+
isValid: false,
|
|
507
|
+
error: 'ERR_INVALID_CERTIFICATE'
|
|
508
|
+
};
|
|
509
|
+
}
|
|
510
|
+
if (validFrom > now) {
|
|
439
511
|
return {
|
|
440
512
|
isValid: false,
|
|
441
|
-
error: '
|
|
513
|
+
error: 'ERR_CERTIFICATE_NOT_YET_VALID',
|
|
514
|
+
...certificateDetails
|
|
442
515
|
};
|
|
443
516
|
}
|
|
517
|
+
if (validTo < now) {
|
|
518
|
+
return {
|
|
519
|
+
isValid: false,
|
|
520
|
+
error: 'ERR_CERTIFICATE_EXPIRED',
|
|
521
|
+
...certificateDetails
|
|
522
|
+
};
|
|
523
|
+
}
|
|
524
|
+
if (options.expectedIssuer && !cert.issuer.includes(options.expectedIssuer)) {
|
|
525
|
+
return {
|
|
526
|
+
isValid: false,
|
|
527
|
+
error: 'ERR_CERTIFICATE_ISSUER_MISMATCH',
|
|
528
|
+
...certificateDetails
|
|
529
|
+
};
|
|
530
|
+
}
|
|
531
|
+
if (options.expectedUse && !options.allowCertificateUsageMismatch) {
|
|
532
|
+
if (!certificateMatchesExpectedUse(cert, options.expectedUse)) {
|
|
533
|
+
return {
|
|
534
|
+
isValid: false,
|
|
535
|
+
error: 'ERR_CERTIFICATE_USAGE_MISMATCH',
|
|
536
|
+
...certificateDetails
|
|
537
|
+
};
|
|
538
|
+
}
|
|
539
|
+
}
|
|
444
540
|
// 检查公钥类型
|
|
445
541
|
const keyType = cert.publicKey.asymmetricKeyType;
|
|
446
|
-
if (keyType && !['rsa', 'ec'].includes(keyType)) {
|
|
542
|
+
if (keyType && !['rsa', 'ec', 'ed25519', 'ed448'].includes(keyType)) {
|
|
447
543
|
return {
|
|
448
544
|
isValid: false,
|
|
449
|
-
error: '
|
|
545
|
+
error: 'ERR_UNSUPPORTED_CERTIFICATE_KEY_TYPE',
|
|
546
|
+
...certificateDetails
|
|
450
547
|
};
|
|
451
548
|
}
|
|
452
|
-
return {
|
|
549
|
+
return {
|
|
550
|
+
isValid: true,
|
|
551
|
+
publicKey: cert.publicKey,
|
|
552
|
+
certificate: cert,
|
|
553
|
+
...certificateDetails,
|
|
554
|
+
};
|
|
453
555
|
}
|
|
454
556
|
catch (error) {
|
|
455
557
|
return {
|
|
456
558
|
isValid: false,
|
|
457
|
-
error: error instanceof Error ? error.message : '
|
|
559
|
+
error: error instanceof Error ? error.message : 'ERR_INVALID_CERTIFICATE'
|
|
458
560
|
};
|
|
459
561
|
}
|
|
460
562
|
}
|
package/package.json
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"binding-artifact.d.ts","sourceRoot":"","sources":["../../src/binding-artifact.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAGH,OAAO,KAAK,EAAE,cAAc,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AAapE,OAAO,KAAK,EACV,yBAAyB,EACzB,2BAA2B,IAAI,gBAAgB,EAC/C,0BAA0B,IAAI,eAAe,EAC9C,MAAM,YAAY,CAAC;AACpB,OAAO,EACL,kBAAkB,IAAI,sBAAsB,EAE7C,MAAM,eAAe,CAAC;AAOvB,KAAK,mBAAmB,GAAG,gBAAgB,GAAG,eAAe,CAAC;AAU9D,MAAM,WAAW,sBAAuB,SAAQ,cAAc;IAC5D,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,sBAAuB,SAAQ,cAAc;IAC5D,QAAQ,EAAE,MAAM,CAAC;IACjB,cAAc,EAAE,MAAM,CAAC;IACvB,IAAI,EAAE,iBAAiB,CAAC;CACzB;
|
|
1
|
+
{"version":3,"file":"binding-artifact.d.ts","sourceRoot":"","sources":["../../src/binding-artifact.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAGH,OAAO,KAAK,EAAE,cAAc,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AAapE,OAAO,KAAK,EACV,yBAAyB,EACzB,2BAA2B,IAAI,gBAAgB,EAC/C,0BAA0B,IAAI,eAAe,EAC9C,MAAM,YAAY,CAAC;AACpB,OAAO,EACL,kBAAkB,IAAI,sBAAsB,EAE7C,MAAM,eAAe,CAAC;AAOvB,KAAK,mBAAmB,GAAG,gBAAgB,GAAG,eAAe,CAAC;AAU9D,MAAM,WAAW,sBAAuB,SAAQ,cAAc;IAC5D,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,sBAAuB,SAAQ,cAAc;IAC5D,QAAQ,EAAE,MAAM,CAAC;IACjB,cAAc,EAAE,MAAM,CAAC;IACvB,IAAI,EAAE,iBAAiB,CAAC;CACzB;AA8WD,iBAAS,4BAA4B,CAAC,MAAM,EAAE;IAC5C,SAAS,EAAE,mBAAmB,CAAC;IAC/B,SAAS,EAAE,mBAAmB,CAAC;IAC/B,QAAQ,EAAE,MAAM,CAAC;CAClB,GAAG,sBAAsB,CA6BzB;AAED,iBAAe,2BAA2B,CAAC,MAAM,EAAE;IACjD,SAAS,EAAE,mBAAmB,CAAC;IAC/B,SAAS,EAAE,mBAAmB,CAAC;IAC/B,GAAG,EAAE,MAAM,CAAC;CACb;;;;;;GA0CA;AAED,iBAAS,6BAA6B,CAAC,MAAM,EAAE;IAC7C,SAAS,EAAE,mBAAmB,CAAC;IAC/B,SAAS,EAAE,mBAAmB,CAAC;IAC/B,YAAY,EAAE,MAAM,CAAC;IACrB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;;;EAkCA;AAUD,iBAAe,4BAA4B,CAAC,MAAM,EAAE;IAClD,SAAS,EAAE,mBAAmB,CAAC;IAC/B,SAAS,EAAE,mBAAmB,CAAC;IAC/B,GAAG,EAAE,MAAM,CAAC;IACZ,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB;;;;;GAgDA;AAED,iBAAS,kBAAkB,CACzB,iBAAiB,EAAE,MAAM,EACzB,MAAM,EAAE;IACN,GAAG,EAAE,gBAAgB,CAAC;IACtB,EAAE,EAAE,eAAe,CAAC;CACrB,EACD,oBAAoB,CAAC,EAAE,CAAC,QAAQ,EAAE,MAAM,KAAK,cAAc,GAC1D,sBAAsB,CAaxB;AAED,iBAAe,mBAAmB,CAAC,MAAM,EAAE,yBAAyB,GAAG,OAAO,CAAC,sBAAsB,CAAC,CAarG;AAwFD,iBAAe,iBAAiB,CAAC,MAAM,EAAE;IACvC,GAAG,EAAE,gBAAgB,CAAC;IACtB,EAAE,EAAE,eAAe,CAAC;IACpB,OAAO,EAAE,gBAAgB,CAAC;CAC3B;;;;;;;;;GAyCA;AAqCD,iBAAe,kBAAkB,CAAC,MAAM,EAAE;IACxC,GAAG,EAAE,gBAAgB,CAAC;IACtB,EAAE,EAAE,eAAe,CAAC;IACpB,OAAO,EAAE,gBAAgB,CAAC;CAC3B;;;;;;;;;;GA0BA;AAED,eAAO,MAAM,kBAAkB,+BAAyB,CAAC;AAEzD,QAAA,MAAM,eAAe;;;;;;;;;;CAUpB,CAAC;AAEF,eAAe,eAAe,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"binding-post.d.ts","sourceRoot":"","sources":["../../src/binding-post.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAIH,OAAO,KAAK,EAAC,cAAc,EAAC,MAAM,aAAa,CAAC;AAQhD,OAAO,EAAC,yBAAyB,EAAC,MAAM,YAAY,CAAC;AAMrD;;;;;GAKG;AACH,iBAAS,kBAAkB,CAAC,iBAAiB,EAAE,MAAM,EAAE,MAAM,EAAE,GAAG,EAAE,oBAAoB,CAAC,EAAE,CAAC,QAAQ,EAAE,MAAM,KAAK,cAAc,GAAG,cAAc,
|
|
1
|
+
{"version":3,"file":"binding-post.d.ts","sourceRoot":"","sources":["../../src/binding-post.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAIH,OAAO,KAAK,EAAC,cAAc,EAAC,MAAM,aAAa,CAAC;AAQhD,OAAO,EAAC,yBAAyB,EAAC,MAAM,YAAY,CAAC;AAMrD;;;;;GAKG;AACH,iBAAS,kBAAkB,CAAC,iBAAiB,EAAE,MAAM,EAAE,MAAM,EAAE,GAAG,EAAE,oBAAoB,CAAC,EAAE,CAAC,QAAQ,EAAE,MAAM,KAAK,cAAc,GAAG,cAAc,CAuE/I;AAGD;;;;;;;;;GASG;AACH,iBAAe,mBAAmB,CAAC,EAC/B,WAAgB,EAChB,MAAM,EACN,IAAS,EACT,oBAAoB,EACpB,eAAuB,EACvB,kBAAuB,EACvB,OAAO,EACP,kBAAiC,GACpC,EAAE,yBAAyB,GAAG,OAAO,CAAC,cAAc,CAAC,CA+JrD;AAED;;;;;;;GAOG;AACH,iBAAS,mBAAmB,CAAC,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE,iBAAiB,EAAE,MAAM,EAAE,MAAM,KAAA,EAAE,oBAAoB,CAAC,EAAE,CAAC,QAAQ,EAAE,MAAM,KAAK,cAAc,GAAG,cAAc,CA4D1K;AAED;;;;;;GAMG;AACH,iBAAS,oBAAoB,CAAC,WAAW,EAAE,GAAG,EAAE,MAAM,EAAE,GAAG,EAAE,oBAAoB,EAAE,CAAC,QAAQ,EAAE,MAAM,KAAK,cAAc,GAAG,cAAc,CA8DvI;AAED,QAAA,MAAM,WAAW;;;;;CAKhB,CAAC;AAEF,eAAe,WAAW,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"binding-redirect.d.ts","sourceRoot":"","sources":["../../src/binding-redirect.ts"],"names":[],"mappings":"AAOA,OAAO,KAAK,EAAC,cAAc,EAAC,MAAM,aAAa,CAAC;AAChD,OAAO,EAAC,gBAAgB,IAAI,GAAG,EAAC,MAAM,iBAAiB,CAAC;AACxD,OAAO,EAAC,eAAe,IAAI,EAAE,EAAC,MAAM,gBAAgB,CAAC;AAQrD,MAAM,WAAW,mBAAmB;IAChC,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,OAAO,CAAC;IAClB,OAAO,EAAE,MAAM,CAAC;IAChB,aAAa,EAAE,GAAG,CAAC;IACnB,UAAU,CAAC,EAAE,MAAM,CAAC;CACvB;AAqED;;;;;GAKG;AAEH,iBAAS,uBAAuB,CAAC,MAAM,EAAE;IACrC,GAAG,EAAE,GAAG,CAAC;IACT,EAAE,EAAE,EAAE,CAAC;IACP,IAAI,CAAC,EAAE,OAAO,CAAA;CACjB,EAAE,oBAAoB,CAAC,EAAE,CAAC,QAAQ,EAAE,MAAM,KAAK,cAAc,GAAG,GAAG,CAgDnE;AACD;;;;;GAKG;AAEH,iBAAS,0BAA0B,CAAC,MAAM,EAAE;IACxC,GAAG,EAAE,GAAG,CAAC;IACT,EAAE,EAAE,EAAE,CAAC;IAAC,UAAU,CAAC,EAAE,MAAM,CAAA;CAC9B,EAAE,oBAAoB,CAAC,EAAE,CAAC,QAAQ,EAAE,MAAM,KAAK,cAAc,GAAG,GAAG,
|
|
1
|
+
{"version":3,"file":"binding-redirect.d.ts","sourceRoot":"","sources":["../../src/binding-redirect.ts"],"names":[],"mappings":"AAOA,OAAO,KAAK,EAAC,cAAc,EAAC,MAAM,aAAa,CAAC;AAChD,OAAO,EAAC,gBAAgB,IAAI,GAAG,EAAC,MAAM,iBAAiB,CAAC;AACxD,OAAO,EAAC,eAAe,IAAI,EAAE,EAAC,MAAM,gBAAgB,CAAC;AAQrD,MAAM,WAAW,mBAAmB;IAChC,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,OAAO,CAAC;IAClB,OAAO,EAAE,MAAM,CAAC;IAChB,aAAa,EAAE,GAAG,CAAC;IACnB,UAAU,CAAC,EAAE,MAAM,CAAC;CACvB;AAqED;;;;;GAKG;AAEH,iBAAS,uBAAuB,CAAC,MAAM,EAAE;IACrC,GAAG,EAAE,GAAG,CAAC;IACT,EAAE,EAAE,EAAE,CAAC;IACP,IAAI,CAAC,EAAE,OAAO,CAAA;CACjB,EAAE,oBAAoB,CAAC,EAAE,CAAC,QAAQ,EAAE,MAAM,KAAK,cAAc,GAAG,GAAG,CAgDnE;AACD;;;;;GAKG;AAEH,iBAAS,0BAA0B,CAAC,MAAM,EAAE;IACxC,GAAG,EAAE,GAAG,CAAC;IACT,EAAE,EAAE,EAAE,CAAC;IAAC,UAAU,CAAC,EAAE,MAAM,CAAA;CAC9B,EAAE,oBAAoB,CAAC,EAAE,CAAC,QAAQ,EAAE,MAAM,KAAK,cAAc,GAAG,GAAG,CAuGnE;AAID;;;;;;;;GAQG;AACH,iBAAS,wBAAwB,CAAC,WAAW,EAAE,GAAG,EAAE,MAAM,EAAE,GAAG,EAAE,IAAI,GAAE,GAAQ,EAAE,UAAU,CAAC,EAAE,MAAM,EAAE,oBAAoB,CAAC,EAAE,CAAC,QAAQ,EAAE,MAAM,KAAK,cAAc,EAAE,kBAAkB,UAAK,GAAG,cAAc,CAoG1M;AAED;;;;;;GAMG;AACH,iBAAS,wBAAwB,CAAC,IAAI,KAAA,EAAE,MAAM,KAAA,EAAE,UAAU,CAAC,EAAE,MAAM,EAAE,oBAAoB,CAAC,EAAE,CAAC,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,KAAK,cAAc,GAAG,cAAc,CAwC9J;AAED;;;;;GAKG;AACF,iBAAS,yBAAyB,CAAC,WAAW,EAAE,GAAG,EAAE,MAAM,EAAE,GAAG,EAAE,UAAU,CAAC,EAAE,MAAM,EAAE,oBAAoB,CAAC,EAAE,CAAC,QAAQ,EAAE,MAAM,KAAK,cAAc,GAAG,cAAc,CAyCnK;AAED,QAAA,MAAM,eAAe;;;;;;CAMpB,CAAC;AAEF,eAAe,eAAe,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"binding-simplesign.d.ts","sourceRoot":"","sources":["../../src/binding-simplesign.ts"],"names":[],"mappings":"AAAA;;;;EAIE;AAGF,OAAQ,KAAK,EAAE,cAAc,EAAE,yBAAyB,EAAE,MAAM,aAAa,CAAC;AAO9E,MAAM,WAAW,qBAAqB;IACpC,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,aAAa,EAAE,GAAG,CAAC;IACnB,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,wBAAwB;IACvC,EAAE,EAAE,MAAM,CAAC;IACX,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,GAAG,CAAC;IACf,MAAM,EAAE,MAAM,CAAC;CAChB;AAiDD;;;;;EAKE;AACF,iBAAS,kBAAkB,CAAC,MAAM,EAAE,GAAG,EAAE,oBAAoB,CAAC,EAAE,CAAC,QAAQ,EAAE,MAAM,KAAK,cAAc,GAAG,yBAAyB,CAkD/H;AACD;;;;;;;;GAQG;AACH,iBAAe,mBAAmB,CAAC,WAAW,EAAE,GAAG,YAAK,EAAE,MAAM,EAAE,GAAG,EAAE,IAAI,GAAE,GAAQ,EAAE,UAAU,CAAC,EAAE,MAAM,EAAE,oBAAoB,CAAC,EAAE,CAAC,QAAQ,EAAE,MAAM,KAAK,cAAc,EAAE,kBAAkB,GAAC,EAAO,GAAG,OAAO,CAAC,wBAAwB,CAAC,
|
|
1
|
+
{"version":3,"file":"binding-simplesign.d.ts","sourceRoot":"","sources":["../../src/binding-simplesign.ts"],"names":[],"mappings":"AAAA;;;;EAIE;AAGF,OAAQ,KAAK,EAAE,cAAc,EAAE,yBAAyB,EAAE,MAAM,aAAa,CAAC;AAO9E,MAAM,WAAW,qBAAqB;IACpC,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,aAAa,EAAE,GAAG,CAAC;IACnB,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,wBAAwB;IACvC,EAAE,EAAE,MAAM,CAAC;IACX,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,GAAG,CAAC;IACf,MAAM,EAAE,MAAM,CAAC;CAChB;AAiDD;;;;;EAKE;AACF,iBAAS,kBAAkB,CAAC,MAAM,EAAE,GAAG,EAAE,oBAAoB,CAAC,EAAE,CAAC,QAAQ,EAAE,MAAM,KAAK,cAAc,GAAG,yBAAyB,CAkD/H;AACD;;;;;;;;GAQG;AACH,iBAAe,mBAAmB,CAAC,WAAW,EAAE,GAAG,YAAK,EAAE,MAAM,EAAE,GAAG,EAAE,IAAI,GAAE,GAAQ,EAAE,UAAU,CAAC,EAAE,MAAM,EAAE,oBAAoB,CAAC,EAAE,CAAC,QAAQ,EAAE,MAAM,KAAK,cAAc,EAAE,kBAAkB,GAAC,EAAO,GAAG,OAAO,CAAC,wBAAwB,CAAC,CAmGtO;AAED,QAAA,MAAM,iBAAiB;;;CAGpB,CAAC;AAEJ,eAAe,iBAAiB,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"entity.d.ts","sourceRoot":"","sources":["../../src/entity.ts"],"names":[],"mappings":"AAQA,OAAoB,EAAE,WAAW,IAAI,sBAAsB,EAAE,MAAM,mBAAmB,CAAC;AACvF,OAAmB,EAAE,UAAU,IAAI,qBAAqB,EAAE,MAAM,kBAAkB,CAAC;AAGnF,OAAQ,KAAK,EAAE,sBAAsB,EAAE,qBAAqB,EAAE,aAAa,EAAE,MAAM,YAAY,CAAC;AAChG,OAAO,EAAQ,KAAK,UAAU,EAAE,MAAM,WAAW,CAAC;AAClD,OAAO,EACH,0BAA0B,IAAI,eAAe,EAIhD,MAAM,YAAY,CAAC;
|
|
1
|
+
{"version":3,"file":"entity.d.ts","sourceRoot":"","sources":["../../src/entity.ts"],"names":[],"mappings":"AAQA,OAAoB,EAAE,WAAW,IAAI,sBAAsB,EAAE,MAAM,mBAAmB,CAAC;AACvF,OAAmB,EAAE,UAAU,IAAI,qBAAqB,EAAE,MAAM,kBAAkB,CAAC;AAGnF,OAAQ,KAAK,EAAE,sBAAsB,EAAE,qBAAqB,EAAE,aAAa,EAAE,MAAM,YAAY,CAAC;AAChG,OAAO,EAAQ,KAAK,UAAU,EAAE,MAAM,WAAW,CAAC;AAClD,OAAO,EACH,0BAA0B,IAAI,eAAe,EAIhD,MAAM,YAAY,CAAC;AAuBpB,MAAM,WAAW,gBAAgB;IAC/B,KAAK,CAAC,EAAE,GAAG,CAAC;IACZ,IAAI,CAAC,EAAE,GAAG,CAAC;IACX,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED,MAAM,WAAW,cAAc;IAC7B,OAAO,EAAE,MAAM,CAAC;IAChB,EAAE,EAAE,MAAM,CAAC;CACZ;AAED,MAAM,WAAW,kBAAmB,SAAQ,cAAc;IACxD,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,cAAc,EAAE,MAAM,CAAC;IACvB,IAAI,EAAE,MAAM,CAAC;CACd;AAED,MAAM,WAAW,wBAAyB,SAAQ,kBAAkB;IAClE,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,WAAW,yBAA0B,SAAQ,cAAc;IAC/D,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,WAAW;IAC1B,WAAW,EAAE,MAAM,CAAC;IACpB,OAAO,EAAE,GAAG,CAAC;IACb,MAAM,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,MAAM,iBAAiB,GAAG,CAAC,sBAAsB,GAAG,qBAAqB,CAAC,GAC5E;IAAE,QAAQ,CAAC,EAAE,MAAM,GAAG,MAAM,CAAA;CAAE,CAAC;AAEnC,MAAM,CAAC,OAAO,OAAO,MAAM;IACzB,aAAa,EAAE,aAAa,CAAC;IAC7B,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,sBAAsB,GAAG,qBAAqB,CAAC;IAE3D;;;MAGE;gBACU,aAAa,EAAE,iBAAiB,EAAE,UAAU,EAAE,KAAK,GAAG,IAAI;IA0BtE;;;MAGE;IACF,gBAAgB;IAGhB;;;MAGE;IACF,WAAW,IAAI,MAAM;IAIrB;;;MAGE;IACF,cAAc,CAAC,UAAU,EAAE,MAAM;IAIjC;;;;MAIE;IACF,YAAY,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,EAAE,EAAE,SAAS,EAAE,MAAM,GAAG,OAAO;IAgBlE;;;;;;MAME;IACF,mBAAmB,CAAC,YAAY,KAAA,EAAE,OAAO,KAAA,EAAE,IAAI,KAAA,EAAE,UAAU,SAAK,EAAE,oBAAoB,CAAC,KAAA,GAAG,cAAc,GAAG,kBAAkB;IAqB7H;;;OAGG;IAIK,oBAAoB,CAAG,MAAM,EAAE;QACjC,EAAE,EAAE,eAAe,CAAC;QACpB,WAAW,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;QAClC,OAAO,CAAC,EAAE,MAAM,CAAC;QACjB,UAAU,CAAC,EAAE,MAAM,CAAC;QACpB,oBAAoB,CAAC,EAAE,CAAC,QAAQ,EAAE,MAAM,KAAK,cAAc,GAAG,kBAAkB,CAAC;KACpF,GAAG,OAAO,CAAC,cAAc,GAAG,kBAAkB,CAAC;IAyBlD;;;;;;MAME;IACF,kBAAkB,CAAC,IAAI,KAAA,EAAE,OAAO,KAAA,EAAE,OAAO,EAAE,gBAAgB;IAY3D;;;;;;MAME;IACF,mBAAmB,CAAC,IAAI,KAAA,EAAE,OAAO,KAAA,EAAE,OAAO,EAAE,gBAAgB;CAY7D"}
|
package/types/src/flow.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"flow.d.ts","sourceRoot":"","sources":["../../src/flow.ts"],"names":[],"mappings":"AAqBA,MAAM,WAAW,UAAU;IACvB,WAAW,EAAE,MAAM,CAAC;IACpB,OAAO,EAAE,GAAG,CAAC;IACb,MAAM,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;CAC1B;
|
|
1
|
+
{"version":3,"file":"flow.d.ts","sourceRoot":"","sources":["../../src/flow.ts"],"names":[],"mappings":"AAqBA,MAAM,WAAW,UAAU;IACvB,WAAW,EAAE,MAAM,CAAC;IACpB,OAAO,EAAE,GAAG,CAAC;IACb,MAAM,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;CAC1B;AAysBD,wBAAgB,WAAW,CAAC,OAAO,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,OAAO,GAAG,OAAO,CAAC,MAAM,CAAC,CA8BhG;AAED,wBAAgB,IAAI,CAAC,OAAO,KAAA,GAAG,OAAO,CAAC,UAAU,CAAC,CA0BjD"}
|
package/types/src/libsaml.d.ts
CHANGED
|
@@ -1,3 +1,4 @@
|
|
|
1
|
+
import { type CertificateValidationOptions } from './utility.js';
|
|
1
2
|
import * as crypto from 'node:crypto';
|
|
2
3
|
import type { MetadataInterface } from './metadata.js';
|
|
3
4
|
/**
|
|
@@ -8,10 +9,11 @@ import type { MetadataInterface } from './metadata.js';
|
|
|
8
9
|
export interface SignatureConstructor {
|
|
9
10
|
rawSamlMessage: string;
|
|
10
11
|
referenceTagXPath?: string;
|
|
11
|
-
privateKey: string;
|
|
12
|
+
privateKey: string | Buffer;
|
|
12
13
|
privateKeyPass?: string;
|
|
13
14
|
signatureAlgorithm: string;
|
|
14
15
|
signingCert: string | Buffer;
|
|
16
|
+
allowCertificateUsageMismatch?: boolean;
|
|
15
17
|
isBase64Output?: boolean;
|
|
16
18
|
signatureConfig?: any;
|
|
17
19
|
isMessageSigned?: boolean;
|
|
@@ -23,10 +25,12 @@ export interface SignatureVerifierOptions {
|
|
|
23
25
|
signatureAlgorithm?: string;
|
|
24
26
|
strictSecurity?: boolean;
|
|
25
27
|
allowLegacySha1?: boolean;
|
|
28
|
+
allowCertificateUsageMismatch?: boolean;
|
|
26
29
|
}
|
|
27
30
|
export interface SignatureSecurityOptions {
|
|
28
31
|
strictSecurity?: boolean;
|
|
29
32
|
allowLegacySha1?: boolean;
|
|
33
|
+
allowCertificateUsageMismatch?: boolean;
|
|
30
34
|
}
|
|
31
35
|
export interface ExtractorResult {
|
|
32
36
|
[key: string]: any;
|
|
@@ -79,7 +83,10 @@ export interface LibSamlInterface {
|
|
|
79
83
|
createKeySection: (use: KeyUse, cert: string | Buffer) => {};
|
|
80
84
|
constructMessageSignature: (octetString: string, key: string, passphrase?: string, isBase64?: boolean, signingAlgorithm?: string, securityOptions?: SignatureSecurityOptions) => string;
|
|
81
85
|
verifyMessageSignature: (metadata: any, octetString: string, signature: string | Buffer, verifyAlgorithm?: string, securityOptions?: SignatureSecurityOptions) => boolean;
|
|
82
|
-
getKeyInfo: (x509Certificate: string, signatureConfig?: any) =>
|
|
86
|
+
getKeyInfo: (x509Certificate: string | Buffer, signatureConfig?: any, validationOptions?: CertificateValidationOptions) => {
|
|
87
|
+
getKeyInfo: () => string;
|
|
88
|
+
getKey: () => string;
|
|
89
|
+
};
|
|
83
90
|
encryptAssertion: (sourceEntity: any, targetEntity: any, entireXML: string) => Promise<string>;
|
|
84
91
|
decryptAssertion: (here: any, entireXML: string) => Promise<[string, any]>;
|
|
85
92
|
getSigningScheme: (sigAlg: string) => string | null;
|
|
@@ -173,6 +180,7 @@ declare const _default: {
|
|
|
173
180
|
privateKeyPass?: string;
|
|
174
181
|
signatureAlgorithm: string;
|
|
175
182
|
signingCert: any;
|
|
183
|
+
allowCertificateUsageMismatch?: boolean;
|
|
176
184
|
isBase64Output?: boolean;
|
|
177
185
|
rawSamlMessage: any;
|
|
178
186
|
transformationAlgorithms?: string[] | undefined;
|
|
@@ -187,16 +195,14 @@ declare const _default: {
|
|
|
187
195
|
}): string;
|
|
188
196
|
validateCertificate(certificateBase64: string, expectedIssuer?: string): {
|
|
189
197
|
isValid: boolean;
|
|
190
|
-
|
|
191
|
-
|
|
192
|
-
|
|
193
|
-
|
|
194
|
-
|
|
195
|
-
|
|
196
|
-
|
|
197
|
-
|
|
198
|
-
issuer?: undefined;
|
|
199
|
-
publicKey?: undefined;
|
|
198
|
+
error?: string;
|
|
199
|
+
subject?: string;
|
|
200
|
+
issuer?: string;
|
|
201
|
+
publicKey?: any;
|
|
202
|
+
certificate?: crypto.X509Certificate;
|
|
203
|
+
validFrom?: string;
|
|
204
|
+
validTo?: string;
|
|
205
|
+
keyUsage?: string[];
|
|
200
206
|
};
|
|
201
207
|
/**
|
|
202
208
|
* Verify SAML signatures across message, assertion, and encryption combinations.
|
|
@@ -238,7 +244,7 @@ declare const _default: {
|
|
|
238
244
|
* @param {string} x509Certificate certificate
|
|
239
245
|
* @return {string} public key
|
|
240
246
|
*/
|
|
241
|
-
getKeyInfo(x509Certificate: string, signatureConfig?: any): {
|
|
247
|
+
getKeyInfo(x509Certificate: string | Buffer, signatureConfig?: any, validationOptions?: CertificateValidationOptions): {
|
|
242
248
|
getKeyInfo: () => string;
|
|
243
249
|
getKey: () => string;
|
|
244
250
|
};
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"libsaml.d.ts","sourceRoot":"","sources":["../../src/libsaml.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"libsaml.d.ts","sourceRoot":"","sources":["../../src/libsaml.ts"],"names":[],"mappings":"AAMA,OAAgB,EAMd,KAAK,4BAA4B,EAClC,MAAM,cAAc,CAAC;AACtB,OAAQ,KAAK,MAAM,MAAM,aAAa,CAAA;AAItC,OAAO,KAAK,EAAC,iBAAiB,EAAC,MAAM,eAAe,CAAC;AAkIrD;;;;GAIG;AAGH,MAAM,WAAW,oBAAoB;IACnC,cAAc,EAAE,MAAM,CAAC;IACvB,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,UAAU,EAAE,MAAM,GAAG,MAAM,CAAC;IAC5B,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,kBAAkB,EAAE,MAAM,CAAC;IAC3B,WAAW,EAAE,MAAM,GAAG,MAAM,CAAC;IAC7B,6BAA6B,CAAC,EAAE,OAAO,CAAC;IACxC,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB,eAAe,CAAC,EAAE,GAAG,CAAC;IACtB,eAAe,CAAC,EAAE,OAAO,CAAC;IAC1B,wBAAwB,CAAC,EAAE,MAAM,EAAE,CAAC;CACrC;AAED,MAAM,WAAW,wBAAwB;IACvC,QAAQ,CAAC,EAAE,iBAAiB,CAAC;IAC7B,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB,eAAe,CAAC,EAAE,OAAO,CAAC;IAC1B,6BAA6B,CAAC,EAAE,OAAO,CAAC;CACzC;AAED,MAAM,WAAW,wBAAwB;IACvC,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB,eAAe,CAAC,EAAE,OAAO,CAAC;IAC1B,6BAA6B,CAAC,EAAE,OAAO,CAAC;CACzC;AAED,MAAM,WAAW,eAAe;IAC9B,CAAC,GAAG,EAAE,MAAM,GAAG,GAAG,CAAC;IAEnB,SAAS,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;IAC9B,MAAM,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;IAC3B,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,QAAQ,CAAC,EAAE,OAAO,CAAC;CACpB;AAED,MAAM,WAAW,sBAAsB;IACrC,IAAI,EAAE,MAAM,CAAC;IACb,UAAU,EAAE,MAAM,CAAC;IACnB,YAAY,EAAE,MAAM,CAAC;IACrB,QAAQ,EAAE,MAAM,CAAC;IACjB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,IAAI,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;CAC1B;AAED,MAAM,WAAW,gCAAgC;IAC/C,0BAA0B,CAAC,EAAE,0BAA0B,CAAC;IACxD,iBAAiB,CAAC,EAAE,iBAAiB,CAAC;CACvC;AAED,MAAM,WAAW,gBAAgB;IAC/B,OAAO,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,qBAAsB,SAAQ,gBAAgB;IAC7D,UAAU,CAAC,EAAE,sBAAsB,EAAE,CAAC;IACtC,mBAAmB,CAAC,EAAE,gCAAgC,CAAC;CACxD;AAED,MAAM,WAAW,0BAA2B,SAAQ,gBAAgB;CACnE;AAED,MAAM,WAAW,iBAAkB,SAAQ,gBAAgB;CAC1D;AAED,MAAM,WAAW,oBAAqB,SAAQ,gBAAgB;CAC7D;AAED,MAAM,WAAW,qBAAsB,SAAQ,gBAAgB;CAC9D;AAED,MAAM,WAAW,sBAAuB,SAAQ,gBAAgB;CAC/D;AAED,MAAM,MAAM,MAAM,GAAG,SAAS,GAAG,YAAY,CAAC;AAE9C,MAAM,WAAW,YAAY;IAC3B,CAAC,GAAG,EAAE,MAAM,GAAG,GAAG,CAAC;CACpB;AAED,MAAM,WAAW,gBAAgB;IAC/B,mBAAmB,EAAE,CAAC,IAAI,EAAE,MAAM,KAAK,MAAM,CAAC;IAC9C,WAAW,EAAE,CAAC,KAAK,KAAA,EAAE,YAAY,CAAC,EAAE,OAAO,KAAK,MAAM,CAAC;IACvD,kBAAkB,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,SAAS,EAAE,GAAG,KAAK,MAAM,CAAC;IAC/D,yBAAyB,EAAE,CAAC,UAAU,EAAE,sBAAsB,EAAE,EAAE,iBAAiB,EAAE,iBAAiB,EAAE,0BAA0B,EAAE,0BAA0B,KAAK,MAAM,CAAC;IAC1K,sBAAsB,EAAE,CAAC,IAAI,EAAE,oBAAoB,KAAK,MAAM,CAAC;IAC/D,eAAe,EAAE,CAAC,GAAG,EAAE,MAAM,EAAE,IAAI,EAAE,wBAAwB,KAAK,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;IACjF,gBAAgB,EAAE,CAAC,GAAG,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,MAAM,KAAK,EAAE,CAAC;IAC7D,yBAAyB,EAAE,CAAC,WAAW,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,EAAE,UAAU,CAAC,EAAE,MAAM,EAAE,QAAQ,CAAC,EAAE,OAAO,EAAE,gBAAgB,CAAC,EAAE,MAAM,EAAE,eAAe,CAAC,EAAE,wBAAwB,KAAK,MAAM,CAAC;IAExL,sBAAsB,EAAE,CAAC,QAAQ,KAAA,EAAE,WAAW,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,MAAM,EAAE,eAAe,CAAC,EAAE,MAAM,EAAE,eAAe,CAAC,EAAE,wBAAwB,KAAK,OAAO,CAAC;IACrK,UAAU,EAAE,CAAC,eAAe,EAAE,MAAM,GAAG,MAAM,EAAE,eAAe,CAAC,EAAE,GAAG,EAAE,iBAAiB,CAAC,EAAE,4BAA4B,KAAK;QACzH,UAAU,EAAE,MAAM,MAAM,CAAC;QACzB,MAAM,EAAE,MAAM,MAAM,CAAC;KACtB,CAAC;IACF,gBAAgB,EAAE,CAAC,YAAY,KAAA,EAAE,YAAY,KAAA,EAAE,SAAS,EAAE,MAAM,KAAK,OAAO,CAAC,MAAM,CAAC,CAAC;IACrF,gBAAgB,EAAE,CAAC,IAAI,KAAA,EAAE,SAAS,EAAE,MAAM,KAAK,OAAO,CAAC,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC,CAAC;IAEtE,gBAAgB,EAAE,CAAC,MAAM,EAAE,MAAM,KAAK,MAAM,GAAG,IAAI,CAAC;IACpD,eAAe,EAAE,CAAC,MAAM,EAAE,MAAM,KAAK,MAAM,GAAG,IAAI,CAAC;IAEnD,2BAA2B,EAAE,oBAAoB,CAAC;IAClD,4BAA4B,EAAE,qBAAqB,CAAC;IACpD,iCAAiC,EAAE,0BAA0B,CAAC;IAC9D,wBAAwB,EAAE,iBAAiB,CAAC;IAC5C,4BAA4B,EAAE,qBAAqB,CAAC;IACpD,6BAA6B,EAAE,sBAAsB,CAAC;CACvD;;6CA6S4C,OAAO,KAAG,MAAM;gCAhSxB,MAAM;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;wDAgBkB,MAAM;;;;IA6T/D;;;;;OAKG;+BACwB,MAAM,aAAa,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,MAAM;IAS9E;;;;;;OAMG;IACH,eAAe;6CAC0B,GAAG,EAAE,GAAG,MAAM;IA0CvD;;;OAGG;iCAC0B;QAC3B,eAAe,CAAC,EAAE,OAAO,CAAC;QAC1B,UAAU,EAAE,MAAM,GAAG,MAAM,CAAC;QAC5B,cAAc,CAAC,EAAE,MAAM,CAAC;QACxB,kBAAkB,EAAE,MAAM,CAAC;QAC3B,WAAW,EAAE,GAAG,CAAC;QACjB,6BAA6B,CAAC,EAAE,OAAO,CAAC;QACxC,cAAc,CAAC,EAAE,OAAO,CAAC;QACzB,cAAc,EAAE,GAAG,CAAC;QACpB,wBAAwB,CAAC,EAAE,MAAM,EAAE,GAAG,SAAS,CAAC;QAChD,iBAAiB,EAAE,MAAM,CAAC;QAC1B,eAAe,EAAE;YAAE,MAAM,EAAE,MAAM,CAAC;YAAC,QAAQ,EAAE;gBAAE,SAAS,EAAE,MAAM,CAAC;gBAAC,MAAM,EAAE,MAAM,CAAA;aAAE,CAAA;SAAE,CAAA;KACrF,GAAG,MAAM;2CAoE6B,MAAM,mBAAmB,MAAM;;;;;;;;;;;IAKtE;;;;;;OAMG;yBAEwB,MAAM,QAAQ,wBAAwB,QAAQ,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC;6BAsUlE,MAAM,QAAQ,wBAAwB;IAyJ/D;;;;;OAKG;0BACmB,MAAM,cAAc,MAAM,GAAG,MAAM,GAAG,YAAY;IAsBxE;;;;;;;;OAQG;2CAGY,MAAM,OAChB,MAAM,eACE,MAAM,aACR,OAAO,qBACC,MAAM,oBACP,wBAAwB,GAC3C,MAAM,GAAG,MAAM;IAyBd;;;;;;;OAOG;qCAES,GAAG,eACF,MAAM,aACR,MAAM,GAAG,MAAM,oBACR,MAAM,oBACN,wBAAwB;IAoC5C;;;;SAIK;gCAEgB,MAAM,GAAG,MAAM,oBACf,GAAG,sBACD,4BAA4B;;;;IAiBjD;;;;;;OAMG;iEAEgD,MAAM;IAqEzD;;OAEG;IACH;;OAEG;gDAC0C,MAAM,SAAS,wBAAwB;;;;;;IA2GpF;;;;;OAKG;+BAC8B,GAAG,aAAa,MAAM,GAAG,OAAO,CAAC,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAmFnF;;OAEG;sBACqB,MAAM,SAAQ,OAAO;;AA8BjD,wBAAyB"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"libsamlSoap.d.ts","sourceRoot":"","sources":["../../src/libsamlSoap.ts"],"names":[],"mappings":"AAKA,
|
|
1
|
+
{"version":3,"file":"libsamlSoap.d.ts","sourceRoot":"","sources":["../../src/libsamlSoap.ts"],"names":[],"mappings":"AAKA,OAAO,KAAK,EAAE,wBAAwB,EAAE,MAAM,cAAc,CAAC;AA2F7D,MAAM,WAAW,mBAAmB;IAClC,QAAQ,EAAE,OAAO,CAAC;IAClB,WAAW,EAAE,MAAM,CAAC;IACpB,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,EAAE,iBAAiB,GAAG,kBAAkB,CAAC;IAC7C,eAAe,EAAE,MAAM,GAAG,IAAI,CAAC;IAC/B,yBAAyB,CAAC,EAAE,MAAM,EAAE,CAAC;IACrC,mBAAmB,CAAC,EAAE,OAAO,CAAC;CAC/B;AAsKD,iBAAe,2BAA2B,CAAC,GAAG,EAAE,MAAM,EAAE,IAAI,EAAE,wBAAwB,GAAG,OAAO,CAAC,mBAAmB,CAAC,CAoCpH;;;;AAED,wBAEE"}
|
package/types/src/types.d.ts
CHANGED
|
@@ -147,6 +147,7 @@ export interface MetadataIdpOptions {
|
|
|
147
147
|
encryptCert?: string | Buffer | (string | Buffer)[];
|
|
148
148
|
strictSecurity?: boolean;
|
|
149
149
|
allowLegacySha1?: boolean;
|
|
150
|
+
allowCertificateUsageMismatch?: boolean;
|
|
150
151
|
wantAuthnRequestsSigned?: boolean;
|
|
151
152
|
nameIDFormat?: string[];
|
|
152
153
|
singleSignOnService?: SSOService[];
|
|
@@ -162,6 +163,7 @@ export interface MetadataSpOptions {
|
|
|
162
163
|
encryptCert?: string | Buffer | (string | Buffer)[];
|
|
163
164
|
strictSecurity?: boolean;
|
|
164
165
|
allowLegacySha1?: boolean;
|
|
166
|
+
allowCertificateUsageMismatch?: boolean;
|
|
165
167
|
authnRequestsSigned?: boolean;
|
|
166
168
|
wantAssertionsSigned?: boolean;
|
|
167
169
|
wantMessageSigned?: boolean;
|
|
@@ -193,6 +195,7 @@ export type ServiceProviderSettings = {
|
|
|
193
195
|
metadata?: string | Buffer;
|
|
194
196
|
strictSecurity?: boolean;
|
|
195
197
|
allowLegacySha1?: boolean;
|
|
198
|
+
allowCertificateUsageMismatch?: boolean;
|
|
196
199
|
entityID?: string;
|
|
197
200
|
authnRequestsSigned?: boolean;
|
|
198
201
|
wantAssertionsSigned?: boolean;
|
|
@@ -232,6 +235,7 @@ export type IdentityProviderSettings = {
|
|
|
232
235
|
metadata?: string | Buffer;
|
|
233
236
|
strictSecurity?: boolean;
|
|
234
237
|
allowLegacySha1?: boolean;
|
|
238
|
+
allowCertificateUsageMismatch?: boolean;
|
|
235
239
|
/** signature algorithm */
|
|
236
240
|
requestSignatureAlgorithm?: string;
|
|
237
241
|
/** template of login response */
|
package/types/src/types.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/types.ts"],"names":[],"mappings":"AAAA,OAAQ,KAAK,EAAE,qBAAqB,EAAE,MAAM,cAAc,CAAC;AAC3D,OAAO,EAAC,gBAAgB,EAAC,MAAM,iBAAiB,CAAC;AACjD,OAAO,EAAC,eAAe,EAAC,MAAM,gBAAgB,CAAC;AAC/C,OAAO,EAAC,cAAc,EAAC,MAAM,aAAa,CAAC;AAC3C,OAAO,EAAE,gBAAgB,IAAI,2BAA2B,EAAE,MAAM,iBAAiB,CAAC;AAClF,OAAO,EAAE,WAAW,IAAI,wBAAwB,EAAE,MAAM,mBAAmB,CAAC;AAE5E,OAAO,EAAE,eAAe,IAAI,0BAA0B,EAAE,MAAM,gBAAgB,CAAC;AAC/E,OAAO,EAAE,UAAU,IAAI,uBAAuB,EAAE,MAAM,kBAAkB,CAAC;AAEzE,MAAM,MAAM,YAAY,GAAG,MAAM,GAAG,MAAM,CAAC;AAC3C,MAAM,WAAY,yBAAyB;IACvC,WAAW,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IAClC,MAAM,EAAE;QACJ,GAAG,EAAE,gBAAgB,CAAC;QACtB,EAAE,EAAE,eAAe,CAAC;KACvB,CAAC;IACF,IAAI,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IAC3B,oBAAoB,CAAC,EAAE,CAAC,QAAQ,EAAE,MAAM,KAAK,cAAc,CAAC;IAC5D,eAAe,CAAC,EAAE,OAAO,CAAC;IAC1B,kBAAkB,CAAC,EAAE,GAAG,EAAE,CAAC;IAC3B,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,kBAAkB,CAAC,EAAE,MAAM,CAAC;CAC/B;AACD,KAAK,UAAU,GAAG;IACd,SAAS,CAAC,EAAE,IAAI,GAAG,KAAK,GAAG,MAAM,GAAG,OAAO,CAAC;IAC9C,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE,MAAM,CAAC;CAClB,CAAC;AAEF,MAAM,MAAM,WAAW,GAAG;IACxB,KAAK,EAAE,MAAM,CAAC;IACd,qCAAqC;IACrC,IAAI,CAAC,EAAE,MAAM,CAAC;CACf,CAAC;AAGF,MAAM,MAAM,kBAAkB,GAAG;IAC/B,IAAI,EAAE,MAAM,CAAC;IACb,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,UAAU,CAAC,EAAE,OAAO,CAAC;IACrB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,cAAc,CAAC,EAAE,MAAM,EAAE,CAAC;CAC3B,CAAC;AAGF,MAAM,MAAM,yBAAyB,GAAG;IACtC,SAAS,EAAE,OAAO,CAAC;IACnB,WAAW,EAAE,WAAW,EAAE,CAAC;IAC3B,kBAAkB,EAAE,WAAW,EAAE,CAAC;IAClC,mBAAmB,EAAE,kBAAkB,EAAE,CAAC;CAC3C,CAAC;AAGF,MAAM,MAAM,WAAW,GAAG,yBAAyB,EAAE,CAAC;AAMtD;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,WAAW,CAAC,EAAE,MAAM,EAAE,CAAC;IACvB,OAAO,CAAC,EAAE,KAAK,CAAC;QACd,UAAU,EAAE,MAAM,CAAC;QACnB,IAAI,CAAC,EAAE,MAAM,CAAC;QACd,GAAG,CAAC,EAAE,MAAM,CAAC;KACd,CAAC,CAAC;CACJ;AAED;;GAEG;AACH,MAAM,WAAW,2BAA2B;IAC1C,UAAU,CAAC,EAAE,OAAO,GAAG,SAAS,GAAG,SAAS,GAAG,QAAQ,CAAC;IACxD,SAAS,CAAC,EAAE,MAAM,EAAE,CAAC;IACrB,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAC;CACrB;AAED;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,OAAO,EAAE,OAAO,CAAC;CAClB;AAED;;GAEG;AACH,MAAM,WAAW,sBAAsB;IACrC,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAC;CACrB;AAED;;GAEG;AACH,MAAM,WAAW,6BAA6B;IAC5C,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,YAAY,EAAE,MAAM,CAAC;IACrB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB;AAED;;GAEG;AACH,MAAM,WAAW,kBAAkB;IACjC,IAAI,EAAE;QACJ,UAAU,CAAC,EAAE,MAAM,CAAC;QACpB,KAAK,EAAE,MAAM,CAAC;KACf,CAAC;IACF,WAAW,CAAC,EAAE;QACZ,UAAU,CAAC,EAAE,MAAM,CAAC;QACpB,KAAK,EAAE,MAAM,CAAC;KACf,CAAC;IACF,GAAG,CAAC,EAAE;QACJ,UAAU,CAAC,EAAE,MAAM,CAAC;QACpB,KAAK,EAAE,MAAM,CAAC;KACf,CAAC;CACH;AAED;;GAEG;AACH,MAAM,WAAW,mBAAmB;IAClC,WAAW,EAAE,WAAW,GAAG,SAAS,GAAG,gBAAgB,GAAG,SAAS,GAAG,OAAO,CAAC;IAC9E,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,eAAe,CAAC,EAAE,MAAM,CAAC;CAC1B;AAED;;GAEG;AACH,MAAM,WAAW,0BAA0B;IACzC,OAAO,CAAC,EAAE,aAAa,CAAC;IACxB,qBAAqB,CAAC,EAAE,2BAA2B,CAAC;IACpD,UAAU,CAAC,EAAE,OAAO,CAAC;IACrB,SAAS,CAAC,EAAE,OAAO,CAAC;IACpB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,8BAA8B,CAAC,EAAE,MAAM,CAAC;IACxC,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB;AAED;;GAEG;AACH,MAAM,WAAW,wBAAwB;IACvC,UAAU,CAAC,EAAE,gBAAgB,CAAC;IAC9B,gBAAgB,CAAC,EAAE,sBAAsB,CAAC;CAC3C;AAED;;GAEG;AACH,MAAM,WAAW,sBAAsB;IACrC,YAAY,CAAC,EAAE,kBAAkB,CAAC;IAClC,aAAa,CAAC,EAAE,mBAAmB,EAAE,CAAC;CACvC;AAED,MAAM,WAAW,kBAAkB;IACjC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,WAAW,CAAC,EAAE,MAAM,GAAG,MAAM,GAAG,CAAC,MAAM,GAAG,MAAM,CAAC,EAAE,CAAC;IACpD,WAAW,CAAC,EAAE,MAAM,GAAG,MAAM,GAAG,CAAC,MAAM,GAAG,MAAM,CAAC,EAAE,CAAC;IACpD,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB,eAAe,CAAC,EAAE,OAAO,CAAC;IAC1B,uBAAuB,CAAC,EAAE,OAAO,CAAC;IAClC,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;IACxB,mBAAmB,CAAC,EAAE,UAAU,EAAE,CAAC;IACnC,mBAAmB,CAAC,EAAE,UAAU,EAAE,CAAC;IACnC,yBAAyB,CAAC,EAAC,UAAU,EAAE,CAAC;IACxC,yBAAyB,CAAC,EAAE,MAAM,CAAC;IAEnC,oBAAoB,CAAC,EAAE,sBAAsB,CAAC;CAC/C;AAED,MAAM,MAAM,sBAAsB,GAC9B,kBAAkB,GAClB,YAAY,CAAC;AAEjB,MAAM,WAAW,iBAAiB;IAChC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,WAAW,CAAC,EAAE,MAAM,GAAG,MAAM,GAAG,CAAC,MAAM,GAAG,MAAM,CAAC,EAAE,CAAC;IACpD,WAAW,CAAC,EAAE,MAAM,GAAG,MAAM,GAAG,CAAC,MAAM,GAAG,MAAM,CAAC,EAAE,CAAC;IACpD,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB,eAAe,CAAC,EAAE,OAAO,CAAC;IAC1B,mBAAmB,CAAC,EAAE,OAAO,CAAC;IAC9B,oBAAoB,CAAC,EAAE,OAAO,CAAC;IAC/B,iBAAiB,CAAC,EAAE,OAAO,CAAC;IAC5B,eAAe,CAAC,EAAE;QAAE,CAAC,GAAG,EAAE,MAAM,GAAG,GAAG,CAAA;KAAE,CAAC;IACzC,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;IACxB,mBAAmB,CAAC,EAAE,UAAU,EAAE,CAAC;IACnC,mBAAmB,CAAC,EAAE,UAAU,EAAE,CAAC;IACnC,wBAAwB,CAAC,EAAE,UAAU,EAAE,CAAC;IACxC,yBAAyB,CAAC,EAAE,yBAAyB,EAAE,CAAC;IACxD,yBAAyB,CAAC,EAAC,UAAU,EAAE,CAAC;IACxC,aAAa,CAAC,EAAE,MAAM,EAAE,CAAC;IAEzB,oBAAoB,CAAC,EAAE,sBAAsB,CAAC;CAC/C;AAED,MAAM,MAAM,qBAAqB,GAC7B,iBAAiB,GACjB,YAAY,CAAC;AAEjB,MAAM,MAAM,aAAa,GAAG,uBAAuB,GAAG,wBAAwB,CAAC;AAE/E,MAAM,WAAW,eAAe;IAC9B,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,QAAQ,CAAC,EAAE;QACT,SAAS,CAAC,EAAE,MAAM,CAAC;QACnB,MAAM,CAAC,EAAE,QAAQ,GAAG,SAAS,GAAG,QAAQ,GAAG,OAAO,CAAC;KACpD,CAAC;CACH;AAED,MAAM,WAAW,oBAAoB;IACnC,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,MAAM,uBAAuB,GAAG;IACpC,QAAQ,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;IAC3B,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB,eAAe,CAAC,EAAE,OAAO,CAAC;IAC1B,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,mBAAmB,CAAC,EAAE,OAAO,CAAC;IAC9B,oBAAoB,CAAC,EAAE,OAAO,CAAC;IAC/B,iBAAiB,CAAC,EAAE,OAAO,CAAC;IAC5B,wBAAwB,CAAC,EAAE,OAAO,CAAC;IACnC,uBAAuB,CAAC,EAAE,OAAO,CAAC;IAClC,UAAU,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;IAC7B,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,oBAAoB,CAAC,EAAE,OAAO,CAAC;IAC/B,yBAAyB,CAAC,EAAE,MAAM,CAAC;IACnC,aAAa,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;IAChC,iBAAiB,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;IACpC,uBAAuB,CAAC,EAAE,MAAM,CAAC;IACjC,sBAAsB,CAAC,EAAE,MAAM,CAAC;IAChC,mBAAmB,CAAC,EAAE,MAAM,GAAG,QAAQ,GAAG,QAAQ,GAAG,QAAQ,CAAC;IAC9D,iBAAiB,CAAC,EAAE,MAAM,GAAG,QAAQ,GAAG,QAAQ,GAAG,QAAQ,GAAG,QAAQ,CAAC;IACvE,6CAA6C;IAC7C,uBAAuB,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;IAC1C,wBAAwB,CAAC,EAAE,UAAU,EAAE,CAAC;IACxC,mBAAmB,CAAC,EAAE,UAAU,EAAE,CAAC;IACnC,eAAe,CAAC,EAAE,eAAe,CAAC;IAClC,oBAAoB,CAAC,EAAE,oBAAoB,CAAC;IAC5C,qBAAqB,CAAC,EAAE,oBAAoB,CAAC;IAC7C,WAAW,CAAC,EAAE,MAAM,GAAG,MAAM,GAAG,CAAC,MAAM,GAAG,MAAM,CAAC,EAAE,CAAC;IACpD,WAAW,CAAC,EAAE,MAAM,GAAG,MAAM,GAAG,CAAC,MAAM,GAAG,MAAM,CAAC,EAAE,CAAC;IACpD,wBAAwB,CAAC,EAAE,MAAM,EAAE,CAAC;IACpC,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;IACxB,WAAW,CAAC,EAAE,OAAO,CAAC;IAEtB,UAAU,CAAC,EAAE,MAAM,CAAC;IAEpB,WAAW,CAAC,EAAE,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAE/B,wBAAwB,CAAC,EAAE,0BAA0B,CAAC;IACtD,sBAAsB,CAAC,EAAE,wBAAwB,CAAC;IAClD,+BAA+B,CAAC,EAAE,6BAA6B,CAAC;IAChE,oBAAoB,CAAC,EAAE,sBAAsB,CAAC;CAC/C,CAAC;AAEF,MAAM,MAAM,wBAAwB,GAAG;IACrC,QAAQ,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;IAC3B,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB,eAAe,CAAC,EAAE,OAAO,CAAC;
|
|
1
|
+
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/types.ts"],"names":[],"mappings":"AAAA,OAAQ,KAAK,EAAE,qBAAqB,EAAE,MAAM,cAAc,CAAC;AAC3D,OAAO,EAAC,gBAAgB,EAAC,MAAM,iBAAiB,CAAC;AACjD,OAAO,EAAC,eAAe,EAAC,MAAM,gBAAgB,CAAC;AAC/C,OAAO,EAAC,cAAc,EAAC,MAAM,aAAa,CAAC;AAC3C,OAAO,EAAE,gBAAgB,IAAI,2BAA2B,EAAE,MAAM,iBAAiB,CAAC;AAClF,OAAO,EAAE,WAAW,IAAI,wBAAwB,EAAE,MAAM,mBAAmB,CAAC;AAE5E,OAAO,EAAE,eAAe,IAAI,0BAA0B,EAAE,MAAM,gBAAgB,CAAC;AAC/E,OAAO,EAAE,UAAU,IAAI,uBAAuB,EAAE,MAAM,kBAAkB,CAAC;AAEzE,MAAM,MAAM,YAAY,GAAG,MAAM,GAAG,MAAM,CAAC;AAC3C,MAAM,WAAY,yBAAyB;IACvC,WAAW,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IAClC,MAAM,EAAE;QACJ,GAAG,EAAE,gBAAgB,CAAC;QACtB,EAAE,EAAE,eAAe,CAAC;KACvB,CAAC;IACF,IAAI,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IAC3B,oBAAoB,CAAC,EAAE,CAAC,QAAQ,EAAE,MAAM,KAAK,cAAc,CAAC;IAC5D,eAAe,CAAC,EAAE,OAAO,CAAC;IAC1B,kBAAkB,CAAC,EAAE,GAAG,EAAE,CAAC;IAC3B,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,kBAAkB,CAAC,EAAE,MAAM,CAAC;CAC/B;AACD,KAAK,UAAU,GAAG;IACd,SAAS,CAAC,EAAE,IAAI,GAAG,KAAK,GAAG,MAAM,GAAG,OAAO,CAAC;IAC9C,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE,MAAM,CAAC;CAClB,CAAC;AAEF,MAAM,MAAM,WAAW,GAAG;IACxB,KAAK,EAAE,MAAM,CAAC;IACd,qCAAqC;IACrC,IAAI,CAAC,EAAE,MAAM,CAAC;CACf,CAAC;AAGF,MAAM,MAAM,kBAAkB,GAAG;IAC/B,IAAI,EAAE,MAAM,CAAC;IACb,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,UAAU,CAAC,EAAE,OAAO,CAAC;IACrB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,cAAc,CAAC,EAAE,MAAM,EAAE,CAAC;CAC3B,CAAC;AAGF,MAAM,MAAM,yBAAyB,GAAG;IACtC,SAAS,EAAE,OAAO,CAAC;IACnB,WAAW,EAAE,WAAW,EAAE,CAAC;IAC3B,kBAAkB,EAAE,WAAW,EAAE,CAAC;IAClC,mBAAmB,EAAE,kBAAkB,EAAE,CAAC;CAC3C,CAAC;AAGF,MAAM,MAAM,WAAW,GAAG,yBAAyB,EAAE,CAAC;AAMtD;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,WAAW,CAAC,EAAE,MAAM,EAAE,CAAC;IACvB,OAAO,CAAC,EAAE,KAAK,CAAC;QACd,UAAU,EAAE,MAAM,CAAC;QACnB,IAAI,CAAC,EAAE,MAAM,CAAC;QACd,GAAG,CAAC,EAAE,MAAM,CAAC;KACd,CAAC,CAAC;CACJ;AAED;;GAEG;AACH,MAAM,WAAW,2BAA2B;IAC1C,UAAU,CAAC,EAAE,OAAO,GAAG,SAAS,GAAG,SAAS,GAAG,QAAQ,CAAC;IACxD,SAAS,CAAC,EAAE,MAAM,EAAE,CAAC;IACrB,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAC;CACrB;AAED;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,OAAO,EAAE,OAAO,CAAC;CAClB;AAED;;GAEG;AACH,MAAM,WAAW,sBAAsB;IACrC,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAC;CACrB;AAED;;GAEG;AACH,MAAM,WAAW,6BAA6B;IAC5C,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,YAAY,EAAE,MAAM,CAAC;IACrB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB;AAED;;GAEG;AACH,MAAM,WAAW,kBAAkB;IACjC,IAAI,EAAE;QACJ,UAAU,CAAC,EAAE,MAAM,CAAC;QACpB,KAAK,EAAE,MAAM,CAAC;KACf,CAAC;IACF,WAAW,CAAC,EAAE;QACZ,UAAU,CAAC,EAAE,MAAM,CAAC;QACpB,KAAK,EAAE,MAAM,CAAC;KACf,CAAC;IACF,GAAG,CAAC,EAAE;QACJ,UAAU,CAAC,EAAE,MAAM,CAAC;QACpB,KAAK,EAAE,MAAM,CAAC;KACf,CAAC;CACH;AAED;;GAEG;AACH,MAAM,WAAW,mBAAmB;IAClC,WAAW,EAAE,WAAW,GAAG,SAAS,GAAG,gBAAgB,GAAG,SAAS,GAAG,OAAO,CAAC;IAC9E,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,eAAe,CAAC,EAAE,MAAM,CAAC;CAC1B;AAED;;GAEG;AACH,MAAM,WAAW,0BAA0B;IACzC,OAAO,CAAC,EAAE,aAAa,CAAC;IACxB,qBAAqB,CAAC,EAAE,2BAA2B,CAAC;IACpD,UAAU,CAAC,EAAE,OAAO,CAAC;IACrB,SAAS,CAAC,EAAE,OAAO,CAAC;IACpB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,8BAA8B,CAAC,EAAE,MAAM,CAAC;IACxC,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB;AAED;;GAEG;AACH,MAAM,WAAW,wBAAwB;IACvC,UAAU,CAAC,EAAE,gBAAgB,CAAC;IAC9B,gBAAgB,CAAC,EAAE,sBAAsB,CAAC;CAC3C;AAED;;GAEG;AACH,MAAM,WAAW,sBAAsB;IACrC,YAAY,CAAC,EAAE,kBAAkB,CAAC;IAClC,aAAa,CAAC,EAAE,mBAAmB,EAAE,CAAC;CACvC;AAED,MAAM,WAAW,kBAAkB;IACjC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,WAAW,CAAC,EAAE,MAAM,GAAG,MAAM,GAAG,CAAC,MAAM,GAAG,MAAM,CAAC,EAAE,CAAC;IACpD,WAAW,CAAC,EAAE,MAAM,GAAG,MAAM,GAAG,CAAC,MAAM,GAAG,MAAM,CAAC,EAAE,CAAC;IACpD,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB,eAAe,CAAC,EAAE,OAAO,CAAC;IAC1B,6BAA6B,CAAC,EAAE,OAAO,CAAC;IACxC,uBAAuB,CAAC,EAAE,OAAO,CAAC;IAClC,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;IACxB,mBAAmB,CAAC,EAAE,UAAU,EAAE,CAAC;IACnC,mBAAmB,CAAC,EAAE,UAAU,EAAE,CAAC;IACnC,yBAAyB,CAAC,EAAC,UAAU,EAAE,CAAC;IACxC,yBAAyB,CAAC,EAAE,MAAM,CAAC;IAEnC,oBAAoB,CAAC,EAAE,sBAAsB,CAAC;CAC/C;AAED,MAAM,MAAM,sBAAsB,GAC9B,kBAAkB,GAClB,YAAY,CAAC;AAEjB,MAAM,WAAW,iBAAiB;IAChC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,WAAW,CAAC,EAAE,MAAM,GAAG,MAAM,GAAG,CAAC,MAAM,GAAG,MAAM,CAAC,EAAE,CAAC;IACpD,WAAW,CAAC,EAAE,MAAM,GAAG,MAAM,GAAG,CAAC,MAAM,GAAG,MAAM,CAAC,EAAE,CAAC;IACpD,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB,eAAe,CAAC,EAAE,OAAO,CAAC;IAC1B,6BAA6B,CAAC,EAAE,OAAO,CAAC;IACxC,mBAAmB,CAAC,EAAE,OAAO,CAAC;IAC9B,oBAAoB,CAAC,EAAE,OAAO,CAAC;IAC/B,iBAAiB,CAAC,EAAE,OAAO,CAAC;IAC5B,eAAe,CAAC,EAAE;QAAE,CAAC,GAAG,EAAE,MAAM,GAAG,GAAG,CAAA;KAAE,CAAC;IACzC,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;IACxB,mBAAmB,CAAC,EAAE,UAAU,EAAE,CAAC;IACnC,mBAAmB,CAAC,EAAE,UAAU,EAAE,CAAC;IACnC,wBAAwB,CAAC,EAAE,UAAU,EAAE,CAAC;IACxC,yBAAyB,CAAC,EAAE,yBAAyB,EAAE,CAAC;IACxD,yBAAyB,CAAC,EAAC,UAAU,EAAE,CAAC;IACxC,aAAa,CAAC,EAAE,MAAM,EAAE,CAAC;IAEzB,oBAAoB,CAAC,EAAE,sBAAsB,CAAC;CAC/C;AAED,MAAM,MAAM,qBAAqB,GAC7B,iBAAiB,GACjB,YAAY,CAAC;AAEjB,MAAM,MAAM,aAAa,GAAG,uBAAuB,GAAG,wBAAwB,CAAC;AAE/E,MAAM,WAAW,eAAe;IAC9B,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,QAAQ,CAAC,EAAE;QACT,SAAS,CAAC,EAAE,MAAM,CAAC;QACnB,MAAM,CAAC,EAAE,QAAQ,GAAG,SAAS,GAAG,QAAQ,GAAG,OAAO,CAAC;KACpD,CAAC;CACH;AAED,MAAM,WAAW,oBAAoB;IACnC,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,MAAM,uBAAuB,GAAG;IACpC,QAAQ,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;IAC3B,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB,eAAe,CAAC,EAAE,OAAO,CAAC;IAC1B,6BAA6B,CAAC,EAAE,OAAO,CAAC;IACxC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,mBAAmB,CAAC,EAAE,OAAO,CAAC;IAC9B,oBAAoB,CAAC,EAAE,OAAO,CAAC;IAC/B,iBAAiB,CAAC,EAAE,OAAO,CAAC;IAC5B,wBAAwB,CAAC,EAAE,OAAO,CAAC;IACnC,uBAAuB,CAAC,EAAE,OAAO,CAAC;IAClC,UAAU,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;IAC7B,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,oBAAoB,CAAC,EAAE,OAAO,CAAC;IAC/B,yBAAyB,CAAC,EAAE,MAAM,CAAC;IACnC,aAAa,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;IAChC,iBAAiB,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;IACpC,uBAAuB,CAAC,EAAE,MAAM,CAAC;IACjC,sBAAsB,CAAC,EAAE,MAAM,CAAC;IAChC,mBAAmB,CAAC,EAAE,MAAM,GAAG,QAAQ,GAAG,QAAQ,GAAG,QAAQ,CAAC;IAC9D,iBAAiB,CAAC,EAAE,MAAM,GAAG,QAAQ,GAAG,QAAQ,GAAG,QAAQ,GAAG,QAAQ,CAAC;IACvE,6CAA6C;IAC7C,uBAAuB,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;IAC1C,wBAAwB,CAAC,EAAE,UAAU,EAAE,CAAC;IACxC,mBAAmB,CAAC,EAAE,UAAU,EAAE,CAAC;IACnC,eAAe,CAAC,EAAE,eAAe,CAAC;IAClC,oBAAoB,CAAC,EAAE,oBAAoB,CAAC;IAC5C,qBAAqB,CAAC,EAAE,oBAAoB,CAAC;IAC7C,WAAW,CAAC,EAAE,MAAM,GAAG,MAAM,GAAG,CAAC,MAAM,GAAG,MAAM,CAAC,EAAE,CAAC;IACpD,WAAW,CAAC,EAAE,MAAM,GAAG,MAAM,GAAG,CAAC,MAAM,GAAG,MAAM,CAAC,EAAE,CAAC;IACpD,wBAAwB,CAAC,EAAE,MAAM,EAAE,CAAC;IACpC,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;IACxB,WAAW,CAAC,EAAE,OAAO,CAAC;IAEtB,UAAU,CAAC,EAAE,MAAM,CAAC;IAEpB,WAAW,CAAC,EAAE,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAE/B,wBAAwB,CAAC,EAAE,0BAA0B,CAAC;IACtD,sBAAsB,CAAC,EAAE,wBAAwB,CAAC;IAClD,+BAA+B,CAAC,EAAE,6BAA6B,CAAC;IAChE,oBAAoB,CAAC,EAAE,sBAAsB,CAAC;CAC/C,CAAC;AAEF,MAAM,MAAM,wBAAwB,GAAG;IACrC,QAAQ,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;IAC3B,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB,eAAe,CAAC,EAAE,OAAO,CAAC;IAC1B,6BAA6B,CAAC,EAAE,OAAO,CAAC;IAExC,0BAA0B;IAC1B,yBAAyB,CAAC,EAAE,MAAM,CAAC;IAEnC,iCAAiC;IACjC,qBAAqB,CAAC,EAAE,qBAAqB,CAAC;IAE9C,iCAAiC;IACjC,qBAAqB,CAAC,EAAE,oBAAoB,CAAC;IAE7C,yDAAyD;IACzD,UAAU,CAAC,EAAE,MAAM,MAAM,CAAC;IAE1B,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,UAAU,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;IAC7B,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,WAAW,CAAC,EAAE,MAAM,GAAG,MAAM,GAAG,CAAC,MAAM,GAAG,MAAM,CAAC,EAAE,CAAC;IACpD,WAAW,CAAC,EAAE,MAAM,GAAG,MAAM,GAAG,CAAC,MAAM,GAAG,MAAM,CAAC,EAAE,CAAC;IACpD,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;IACxB,mBAAmB,CAAC,EAAE,UAAU,EAAE,CAAC;IACnC,mBAAmB,CAAC,EAAE,UAAU,EAAE,CAAC;IACnC,oBAAoB,CAAC,EAAE,OAAO,CAAC;IAC/B,aAAa,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;IAChC,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,uBAAuB,CAAC,EAAE,MAAM,CAAC;IACjC,sBAAsB,CAAC,EAAE,MAAM,CAAC;IAChC,mBAAmB,CAAC,EAAE,MAAM,GAAG,QAAQ,GAAG,QAAQ,GAAG,QAAQ,CAAC;IAC9D,iBAAiB,CAAC,EAAE,MAAM,GAAG,QAAQ,GAAG,QAAQ,GAAG,QAAQ,GAAG,QAAQ,CAAC;IACvE,6CAA6C;IAC7C,uBAAuB,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;IAC1C,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAC7B,uBAAuB,CAAC,EAAE,OAAO,CAAC;IAClC,wBAAwB,CAAC,EAAE,OAAO,CAAC;IACnC,uBAAuB,CAAC,EAAE,OAAO,CAAC;IAClC,qCAAqC,CAAC,EAAE,OAAO,CAAC;IAChD,SAAS,CAAC,EAAE;QAAE,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAAA;KAAE,CAAC;IAEtC,wBAAwB,CAAC,EAAE,0BAA0B,CAAC;IACtD,sBAAsB,CAAC,EAAE,wBAAwB,CAAC;IAClD,+BAA+B,CAAC,EAAE,6BAA6B,CAAC;IAChE,oBAAoB,CAAC,EAAE,sBAAsB,CAAC;CAC/C,CAAC"}
|
package/types/src/utility.d.ts
CHANGED
|
@@ -3,6 +3,14 @@
|
|
|
3
3
|
* @author tngan
|
|
4
4
|
* @desc Library for some common functions (e.g. de/inflation, en/decoding)
|
|
5
5
|
*/
|
|
6
|
+
import { X509Certificate } from 'node:crypto';
|
|
7
|
+
export type CertificateUse = 'signing' | 'encryption';
|
|
8
|
+
export interface CertificateValidationOptions {
|
|
9
|
+
expectedUse?: CertificateUse;
|
|
10
|
+
allowCertificateUsageMismatch?: boolean;
|
|
11
|
+
expectedIssuer?: string;
|
|
12
|
+
validationDate?: Date;
|
|
13
|
+
}
|
|
6
14
|
/**
|
|
7
15
|
* @desc Mimic lodash.zipObject
|
|
8
16
|
* @param arr1 {string[]}
|
|
@@ -101,7 +109,7 @@ declare function applyDefault(obj1: any, obj2: any): any;
|
|
|
101
109
|
* @param {string} x509 certificate
|
|
102
110
|
* @return {string} public key fetched from the certificate
|
|
103
111
|
*/
|
|
104
|
-
declare function getPublicKeyPemFromCertificate(x509CertificateString: string): string;
|
|
112
|
+
declare function getPublicKeyPemFromCertificate(x509CertificateString: string | Buffer, options?: CertificateValidationOptions): string;
|
|
105
113
|
export declare function readPrivateKey(keyString: string | Buffer, passphrase?: string, isOutputString?: boolean): string | Buffer;
|
|
106
114
|
/**
|
|
107
115
|
* @desc Inline syntax sugar
|
|
@@ -134,9 +142,16 @@ export declare function normalizeCertificates(metadataCert: any): string[];
|
|
|
134
142
|
* @param {string} certificateBase64 - Base64 编码的证书(不含 PEM 头尾)
|
|
135
143
|
* @returns {{ isValid: boolean; error?: string }} 验证结果
|
|
136
144
|
*/
|
|
137
|
-
export declare function validateCertificate(certificateBase64: string): {
|
|
145
|
+
export declare function validateCertificate(certificateBase64: string | Buffer, options?: CertificateValidationOptions): {
|
|
138
146
|
isValid: boolean;
|
|
139
147
|
error?: string;
|
|
148
|
+
subject?: string;
|
|
149
|
+
issuer?: string;
|
|
150
|
+
publicKey?: any;
|
|
151
|
+
certificate?: X509Certificate;
|
|
152
|
+
validFrom?: string;
|
|
153
|
+
validTo?: string;
|
|
154
|
+
keyUsage?: string[];
|
|
140
155
|
};
|
|
141
156
|
/**
|
|
142
157
|
* @desc 日志脱敏函数,过滤敏感信息
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"utility.d.ts","sourceRoot":"","sources":["../../src/utility.ts"],"names":[],"mappings":"AAAA;;;;GAIG;
|
|
1
|
+
{"version":3,"file":"utility.d.ts","sourceRoot":"","sources":["../../src/utility.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAmB,eAAe,EAAC,MAAM,aAAa,CAAC;AAK9D,MAAM,MAAM,cAAc,GAAG,SAAS,GAAG,YAAY,CAAC;AAEtD,MAAM,WAAW,4BAA4B;IACzC,WAAW,CAAC,EAAE,cAAc,CAAC;IAC7B,6BAA6B,CAAC,EAAE,OAAO,CAAC;IACxC,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,cAAc,CAAC,EAAE,IAAI,CAAC;CACzB;AAiGD;;;;GAIG;AACH,wBAAgB,SAAS,CAAC,IAAI,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,GAAG,EAAE,EAAE,cAAc,UAAO,MAmB3E;AAED;;;;GAIG;AACH,wBAAgB,WAAW,CAAC,KAAK,EAAE,GAAG,EAAE,OAIvC;AAED;;;;GAIG;AACH,wBAAgB,IAAI,CAAC,KAAK,EAAE,GAAG,EAAE,OAEhC;AAED;;;;GAIG;AACH,wBAAgB,IAAI,CAAC,KAAK,EAAE,MAAM,EAAE,YAGnC;AAED;;;;;;GAMG;AACH,wBAAgB,GAAG,CAAC,GAAG,KAAA,EAAE,IAAI,KAAA,EAAE,YAAY,KAAA,OAG1C;AAED;;;GAGG;AACH,wBAAgB,QAAQ,CAAC,KAAK,EAAE,GAAG,mBAElC;AAED;;;;GAIG;AACH,iBAAS,YAAY,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM,EAAE,UAE/C;AAED;;;;;GAKG;AACH,wBAAgB,YAAY,CAAC,aAAa,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,OAAO,GAAG,MAAM,GAAG,MAAM,CAGtF;AAED;;;;GAIG;AACH,iBAAS,aAAa,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM,EAAE,CAKhD;AAED;;;;GAIG;AACH,wBAAgB,aAAa,CAAC,gBAAgB,EAAE,MAAM,GAAG,MAAM,CAc9D;AAYD;;;;GAIG;AACH,iBAAS,kBAAkB,CAAC,UAAU,EAAE,MAAM,GAAG,MAAM,UAEtD;AAED;;;;GAIG;AACH,iBAAS,kBAAkB,CAAC,SAAS,EAAE,MAAM,GAAG,MAAM,UAErD;AAED;;;;GAIG;AACH,iBAAS,UAAU,CAAC,GAAG,KAAA,UAEtB;AAED;;;;GAIG;AACH,iBAAS,WAAW,CAAC,GAAG,KAAA,EAAE,YAAY,SAAK,OAE1C;AAED;;;;;GAKG;AACH,iBAAS,YAAY,CAAC,IAAI,KAAA,EAAE,IAAI,KAAA,OAE/B;AAED;;;;GAIG;AACH,iBAAS,8BAA8B,CACnC,qBAAqB,EAAE,MAAM,GAAG,MAAM,EACtC,OAAO,GAAE,4BAAiC,UAe7C;AAsCD,wBAAgB,cAAc,CAC1B,SAAS,EAAE,MAAM,GAAG,MAAM,EAC1B,UAAU,CAAC,EAAE,MAAM,EACnB,cAAc,GAAE,OAAc,GAC/B,MAAM,GAAG,MAAM,CAyCjB;AASD;;GAEG;AACH,iBAAS,eAAe,CAAC,KAAK,KAAA,EAAE,cAAc,KAAA,OAE7C;AAED;;GAEG;AACH,wBAAgB,eAAe,CAAC,CAAC,EAAE,GAAG,WAErC;AAED,wBAAgB,YAAY,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,GAAG,CAAC,EAAE,CAGhD;AAED,wBAAgB,QAAQ,CAAC,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,IAAI,GAAG,SAAS,GAAG,KAAK,IAAI,MAAM,CAElF;AAED;;;;GAIG;AACH,wBAAgB,kBAAkB,CAAC,UAAU,EAAE,MAAM,GAAG;IAAE,KAAK,EAAE,OAAO,CAAC;IAAC,KAAK,CAAC,EAAE,MAAM,CAAA;CAAE,CA2BzF;AAgBD;;;;;GAKG;AACH,wBAAgB,qBAAqB,CAAC,YAAY,EAAE,GAAG,GAAG,MAAM,EAAE,CAkEjE;AAED;;;;GAIG;AACH,wBAAgB,mBAAmB,CAC/B,iBAAiB,EAAE,MAAM,GAAG,MAAM,EAClC,OAAO,GAAE,4BAAiC,GAC3C;IAAE,OAAO,EAAE,OAAO,CAAC;IAAC,KAAK,CAAC,EAAE,MAAM,CAAC;IAAC,OAAO,CAAC,EAAE,MAAM,CAAC;IAAC,MAAM,CAAC,EAAE,MAAM,CAAC;IAAC,SAAS,CAAC,EAAE,GAAG,CAAC;IAAC,WAAW,CAAC,EAAE,eAAe,CAAC;IAAC,SAAS,CAAC,EAAE,MAAM,CAAC;IAAC,OAAO,CAAC,EAAE,MAAM,CAAC;IAAC,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAA;CAAE,CAwFpL;AAED;;;;GAIG;AACH,wBAAgB,WAAW,CAAC,IAAI,EAAE,GAAG,GAAG,GAAG,CAoB1C;AAED,QAAA,MAAM,OAAO;;;;;;;;;;;;;;;;;;;CAmBZ,CAAC;AAEF,eAAe,OAAO,CAAC"}
|