samlify 2.10.2 → 2.12.0

package/src/entity.ts

@@ -3,9 +3,9 @@
 * @author tngan
 * @desc  An abstraction for identity provider and service provider.
 */
+import { randomUUID } from 'crypto';
 import { isString, isNonEmptyArray } from './utility';
 import { namespace, wording, algorithms, messageConfigurations } from './urn';
-import * as uuid from 'uuid';
 import IdpMetadata, { IdpMetadata as IdpMetadataConstructor } from './metadata-idp';
 import SpMetadata, { SpMetadata as SpMetadataConstructor } from './metadata-sp';
 import redirectBinding from './binding-redirect';
@@ -27,7 +27,7 @@ const defaultEntitySetting = {
   requestSignatureAlgorithm: signatureAlgorithms.RSA_SHA256,
   dataEncryptionAlgorithm: dataEncryptionAlgorithm.AES_256,
   keyEncryptionAlgorithm: keyEncryptionAlgorithm.RSA_OAEP_MGF1P,
-  generateID: (): string => ('_' + uuid.v4()),
+  generateID: (): string => ('_' + randomUUID()),
   relayState: '',
 };
 

package/src/extractor.ts

@@ -1,7 +1,13 @@
-import { select, SelectedValue } from 'xpath';
-import { uniq, last, zipObject, notEmpty } from './utility';
+import { select, SelectedValue, SelectReturnType } from 'xpath';
+import { uniq, last, zipObject, notEmpty, escapeXPathValue } from './utility';
+
+function toNodeArray(result: SelectReturnType): Node[] {
+  if (Array.isArray(result)) return result;
+  if (result != null && typeof result === 'object' && 'nodeType' in (result as object)) return [result as Node];
+  return [];
+}
 import { getContext } from './api';
-import camelCase from 'camelcase';
+import { camelCase } from './utility';
 
 interface ExtractorField {
   key: string;
@@ -20,10 +26,10 @@ function buildAbsoluteXPath(paths) {
     const isWildcard = name.startsWith('~');
     if (isWildcard) {
       const pathName = name.replace('~', '');
-      appendedPath = currentPath + `/*[contains(local-name(), '${pathName}')]`;
+      appendedPath = currentPath + `/*[contains(local-name(), ${escapeXPathValue(pathName)})]`;
     }
     if (!isWildcard) {
-      appendedPath = currentPath + `/*[local-name(.)='${name}']`;
+      appendedPath = currentPath + `/*[local-name(.)=${escapeXPathValue(name)}]`;
     }
     return appendedPath;
   }, '');
@@ -36,7 +42,7 @@ function buildAttributeXPath(attributes) {
   if (attributes.length === 1) {
     return `/@${attributes[0]}`;
   }
-  const filters = attributes.map(attribute => `name()='${attribute}'`).join(' or ');
+  const filters = attributes.map(attribute => `name()=${escapeXPathValue(attribute)}`).join(' or ');
   return `/@*[${filters}]`;
 }
 
@@ -241,7 +247,7 @@ export function extract(context: string, fields) {
 
       return {
         ...result,
-        [key]: uniq(select(multiXPaths, targetDoc).map((n: Node) => n.nodeValue).filter(notEmpty))
+        [key]: uniq(toNodeArray(select(multiXPaths, targetDoc)).map((n: Node) => n.nodeValue).filter(notEmpty))
       };
     }
     // eo special case: multiple path
@@ -263,9 +269,9 @@ export function extract(context: string, fields) {
       // find the index in localpath
       const indexPath = buildAttributeXPath(index);
       const fullLocalXPath = `${baseXPath}${indexPath}`;
-      const parentNodes = select(baseXPath, targetDoc);
+      const parentNodes = toNodeArray(select(baseXPath, targetDoc));
       // [uid, mail, edupersonaffiliation], ready for aggregate
-      const parentAttributes = select(fullLocalXPath, targetDoc).map((n: Attr) => n.value);
+      const parentAttributes = toNodeArray(select(fullLocalXPath, targetDoc)).map((n: Attr) => n.value);
       // [attribute, attributevalue]
       const childXPath = buildAbsoluteXPath([last(localPath)].concat(attributePath));
       const childAttributeXPath = buildAttributeXPath(attributes);
@@ -274,14 +280,14 @@ export function extract(context: string, fields) {
       const childAttributes = parentNodes.map(node => {
         const nodeDoc = dom.parseFromString(node.toString());
         if (attributes.length === 0) {
-          const childValues = select(fullChildXPath, nodeDoc).map((n: Node) => n.nodeValue);
+          const childValues = toNodeArray(select(fullChildXPath, nodeDoc)).map((n: Node) => n.nodeValue);
           if (childValues.length === 1) {
             return childValues[0];
           }
           return childValues;
         }
         if (attributes.length > 0) {
-          const childValues = select(fullChildXPath, nodeDoc).map((n: Attr) => n.value);
+          const childValues = toNodeArray(select(fullChildXPath, nodeDoc)).map((n: Attr) => n.value);
           if (childValues.length === 1) {
             return childValues[0];
           }
@@ -307,13 +313,13 @@ export function extract(context: string, fields) {
       }
     */
     if (isEntire) {
-      const node = select(baseXPath, targetDoc);
+      const nodes = toNodeArray(select(baseXPath, targetDoc));
       let value: string | string[] | null = null;
-      if (node.length === 1) {
-        value = node[0].toString();
+      if (nodes.length === 1) {
+        value = nodes[0].toString();
       }
-      if (node.length > 1) {
-        value = node.map(n => n.toString());
+      if (nodes.length > 1) {
+        value = nodes.map(n => n.toString());
       }
       return {
         ...result,
@@ -330,12 +336,12 @@ export function extract(context: string, fields) {
       }
     */
     if (attributes.length > 1) {
-      const baseNode = select(baseXPath, targetDoc).map(n => n.toString());
+      const baseNode = toNodeArray(select(baseXPath, targetDoc)).map(n => n.toString());
       const childXPath = `${buildAbsoluteXPath([last(localPath)])}${attributeXPath}`;
       const attributeValues = baseNode.map((node: string) => {
         const nodeDoc = dom.parseFromString(node);
-        const values = select(childXPath, nodeDoc).reduce((r: any, n: Attr) => {
-          r[camelCase(n.name, {locale: 'en-us'})] = n.value;
+        const values = toNodeArray(select(childXPath, nodeDoc)).reduce((r: any, n: Attr) => {
+          r[camelCase(n.name)] = n.value;
           return r;
         }, {});
         return values;
@@ -355,7 +361,7 @@ export function extract(context: string, fields) {
     */
     if (attributes.length === 1) {
       const fullPath = `${baseXPath}${attributeXPath}`;
-      const attributeValues = select(fullPath, targetDoc).map((n: Attr) => n.value);
+      const attributeValues = toNodeArray(select(fullPath, targetDoc)).map((n: Attr) => n.value);
       return {
         ...result,
         [key]: attributeValues[0]
@@ -370,14 +376,15 @@ export function extract(context: string, fields) {
       }
     */
     if (attributes.length === 0) {
-      let attributeValue: SelectedValue[] | (string | null)[] | null = null;
-      const node = select(baseXPath, targetDoc);
-      if (node.length === 1) {
+      let attributeValue: SelectedValue[] | (string | null)[] | string | null = null;
+      const nodes = toNodeArray(select(baseXPath, targetDoc));
+      if (nodes.length === 1) {
         const fullPath = `string(${baseXPath}${attributeXPath})`;
-        attributeValue = select(fullPath, targetDoc);
+        const strResult = select(fullPath, targetDoc);
+        attributeValue = typeof strResult === 'string' ? strResult : strResult === null ? null : Array.isArray(strResult) ? strResult : null;
       }
-      if (node.length > 1) {
-        attributeValue = node.filter((n: Node) => n.firstChild)
+      if (nodes.length > 1) {
+        attributeValue = nodes.filter((n: Node) => n.firstChild)
           .map((n: Node) => n.firstChild!.nodeValue);
       }
       return {

package/src/libsaml.ts

@@ -4,15 +4,21 @@
 * @desc  A simple library including some common functions
 */
 
-import utility, { flattenDeep, isString } from './utility';
+import utility, { flattenDeep, isString, escapeXPathValue } from './utility';
 import { algorithms, wording, namespace } from './urn';
-import { select } from 'xpath';
+import { select, SelectReturnType } from 'xpath';
+
+function toNodeArray(result: SelectReturnType): Node[] {
+  if (Array.isArray(result)) return result;
+  if (result != null && typeof result === 'object' && 'nodeType' in (result as object)) return [result as Node];
+  return [];
+}
 import { MetadataInterface } from './metadata';
 import nrsa, { SigningSchemeHash } from 'node-rsa';
 import { SignedXml } from 'xml-crypto';
 import * as xmlenc from '@authenio/xml-encryption';
 import { extract } from './extractor';
-import camelCase from 'camelcase';
+import { camelCase } from './utility';
 import { getContext } from './api';
 import xmlEscape from 'xml-escape';
 import * as fs from 'fs';
@@ -221,9 +227,10 @@ const libSaml = () => {
   */
   function createXPath(local, isExtractAll?: boolean): string {
     if (isString(local)) {
-      return isExtractAll === true ? "//*[local-name(.)='" + local + "']/text()" : "//*[local-name(.)='" + local + "']";
+      const escaped = escapeXPathValue(local);
+      return isExtractAll === true ? "//*[local-name(.)=" + escaped + "]/text()" : "//*[local-name(.)=" + escaped + "]";
     }
-    return "//*[local-name(.)='" + local.name + "']/@" + local.attr;
+    return "//*[local-name(.)=" + escapeXPathValue(local.name) + "]/@" + local.attr;
   }
 
   /**
@@ -234,7 +241,7 @@ const libSaml = () => {
    * @return {string}
    */
   function tagging(prefix: string, content: string): string {
-    const camelContent = camelCase(content, {locale: 'en-us'});
+    const camelContent = camelCase(content);
     return prefix + camelContent.charAt(0).toUpperCase() + camelContent.slice(1);
   }
 
@@ -370,7 +377,8 @@ const libSaml = () => {
       const { dom } = getContext();
       const doc = dom.parseFromString(xml);
 
-      const docParser = new DOMParser();
+      const { dom: contextDom } = getContext();
+      const docParser = contextDom;
       // In order to avoid the wrapping attack, we have changed to use absolute xpath instead of naively fetching the signature element
       // message signature (logout response / saml response)
       const messageSignatureXpath = "/*[contains(local-name(), 'Response') or contains(local-name(), 'Request')]/*[local-name(.)='Signature']";
@@ -380,10 +388,10 @@ const libSaml = () => {
       const wrappingElementsXPath = "/*[contains(local-name(), 'Response')]/*[local-name(.)='Assertion']/*[local-name(.)='Subject']/*[local-name(.)='SubjectConfirmation']/*[local-name(.)='SubjectConfirmationData']//*[local-name(.)='Assertion' or local-name(.)='Signature']";
 
       // select the signature node
-      let selection: any = [];
-      const messageSignatureNode = select(messageSignatureXpath, doc);
-      const assertionSignatureNode = select(assertionSignatureXpath, doc);
-      const wrappingElementNode = select(wrappingElementsXPath, doc);
+      let selection: Node[] = [];
+      const messageSignatureNode = toNodeArray(select(messageSignatureXpath, doc));
+      const assertionSignatureNode = toNodeArray(select(assertionSignatureXpath, doc));
+      const wrappingElementNode = toNodeArray(select(wrappingElementsXPath, doc));
 
       selection = selection.concat(messageSignatureNode);
       selection = selection.concat(assertionSignatureNode);
@@ -415,7 +423,7 @@ const libSaml = () => {
 
         if (opts.metadata) {
 
-          const certificateNode = select(".//*[local-name(.)='X509Certificate']", signatureNode) as any;
+          const certificateNode = toNodeArray(select(".//*[local-name(.)='X509Certificate']", signatureNode));
           // certificate in metadata
           let metadataCert: any = opts.metadata.getX509Certificate(certUse.signing);
           // flattens the nested array of Certificates from each KeyDescriptor
@@ -434,7 +442,8 @@ const libSaml = () => {
 
           // certificate node in response
           if (certificateNode.length !== 0) {
-            const x509CertificateData = certificateNode[0].firstChild.data;
+            const certEl = certificateNode[0] as Element;
+            const x509CertificateData = certEl.textContent ?? '';
             const x509Certificate = utility.normalizeCerString(x509CertificateData);
 
             if (
@@ -473,15 +482,15 @@ const libSaml = () => {
         // case 1, rootSignedDoc is a response:
         if (rootNode.localName === 'Response') {
           // try getting the Xml from the first assertion
-          const assertions = select(
+          const assertions = toNodeArray(select(
             "./*[local-name()='Assertion']",
             rootNode
-          );
+          ));
 
-          const encryptedAssertions = select(
+          const encryptedAssertions = toNodeArray(select(
             "./*[local-name()='EncryptedAssertion']",
             rootNode
-          );
+          ));
           // now we can process the assertion as an assertion
           if (assertions.length === 1) {
             return [true, assertions[0].toString()];

package/src/utility.ts

@@ -3,8 +3,8 @@
 * @author tngan
 * @desc  Library for some common functions (e.g. de/inflation, en/decoding)
 */
-import { pki, util, asn1 } from 'node-forge';
-import { inflate, deflate } from 'pako';
+import { X509Certificate, createPrivateKey } from 'crypto';
+import { deflateRawSync, inflateRawSync } from 'zlib';
 
 const BASE64_STR = 'base64';
 
@@ -102,8 +102,8 @@ export function base64Decode(base64Message: string, isBytes?: boolean): string |
 * @return {string} compressed string
 */
 function deflateString(message: string): number[] {
-  const input = Array.prototype.map.call(message, char => char.charCodeAt(0));
-  return Array.from(deflate(input, { raw: true }));
+  const input = Buffer.from(message, 'utf8');
+  return Array.from(deflateRawSync(input));
 }
 /**
 * @desc Decompress the compressed string
@@ -112,10 +112,7 @@ function deflateString(message: string): number[] {
 */
 export function inflateString(compressedString: string): string {
   const inputBuffer = Buffer.from(compressedString, BASE64_STR);
-  const input = Array.prototype.map.call(inputBuffer.toString('binary'), char => char.charCodeAt(0));
-  return Array.from(inflate(input, { raw: true }))
-    .map((byte: number) => String.fromCharCode(byte))
-    .join('');
+  return inflateRawSync(inputBuffer).toString('utf8');
 }
 /**
 * @desc Abstract the normalizeCerString and normalizePemString
@@ -173,10 +170,9 @@ function applyDefault(obj1, obj2) {
 * @return {string} public key fetched from the certificate
 */
 function getPublicKeyPemFromCertificate(x509Certificate: string) {
-  const certDerBytes = util.decode64(x509Certificate);
-  const obj = asn1.fromDer(certDerBytes);
-  const cert = pki.certificateFromAsn1(obj);
-  return pki.publicKeyToPem(cert.publicKey);
+  const der = Buffer.from(x509Certificate, 'base64');
+  const cert = new X509Certificate(der);
+  return cert.publicKey.export({ type: 'spki', format: 'pem' });
 }
 /**
 * @desc Read private key from pem-formatted string
@@ -186,7 +182,12 @@ function getPublicKeyPemFromCertificate(x509Certificate: string) {
 * If passphrase is used to protect the .pem content (recommend)
 */
 export function readPrivateKey(keyString: string | Buffer, passphrase: string | undefined, isOutputString?: boolean) {
-  return isString(passphrase) ? this.convertToString(pki.privateKeyToPem(pki.decryptRsaPrivateKey(String(keyString), passphrase)), isOutputString) : keyString;
+  if (isString(passphrase)) {
+    const key = createPrivateKey({ key: keyString, format: 'pem', passphrase });
+    const pem = key.export({ type: 'pkcs1', format: 'pem' });
+    return convertToString(pem, isOutputString);
+  }
+  return keyString;
 }
 /**
 * @desc Inline syntax sugar
@@ -210,6 +211,34 @@ export function notEmpty<TValue>(value: TValue | null | undefined): value is TVa
   return value !== null && value !== undefined;
 }
 
+/**
+ * @desc Escape a string for safe use inside an XPath single-quoted string literal.
+ * Prevents XPath injection by splitting on single quotes and using concat().
+ */
+export function escapeXPathValue(value: string): string {
+  if (!value.includes("'")) {
+    return "'" + value + "'";
+  }
+  // Use XPath concat() to safely handle strings containing single quotes
+  const parts = value.split("'").map(part => "'" + part + "'");
+  return 'concat(' + parts.join(`,"'",`) + ')';
+}
+
+export function camelCase(input: string): string {
+  const words = input
+    .replace(/([a-z\d])([A-Z])/g, '$1\0$2')
+    .replace(/([A-Z]+)([A-Z][a-z])/g, '$1\0$2')
+    .split(/[\0\s\-_\.]+/)
+    .filter(w => w.length > 0);
+
+  return words
+    .map((word, i) => {
+      const lower = word.toLocaleLowerCase('en-US');
+      return i === 0 ? lower : lower.charAt(0).toLocaleUpperCase('en-US') + lower.slice(1);
+    })
+    .join('');
+}
+
 const utility = {
   isString,
   base64Encode,

package/types/src/binding-post.d.ts

@@ -19,7 +19,7 @@ declare function base64LoginRequest(referenceTagXPath: string, entity: any, cust
 * @param  {function} customTagReplacement     used when developers have their own login response template
 * @param  {boolean}  encryptThenSign           whether or not to encrypt then sign first (if signing). Defaults to sign-then-encrypt
 */
-declare function base64LoginResponse(requestInfo: any, entity: any, user?: any, customTagReplacement?: (template: string) => BindingContext, encryptThenSign?: boolean): Promise<BindingContext>;
+declare function base64LoginResponse(requestInfo: any | undefined, entity: any, user?: any, customTagReplacement?: (template: string) => BindingContext, encryptThenSign?: boolean): Promise<BindingContext>;
 /**
 * @desc Generate a base64 encoded logout request
 * @param  {object} user                         current logged user (e.g. req.user)

package/types/src/binding-simplesign.d.ts

@@ -31,7 +31,7 @@ declare function base64LoginRequest(entity: any, customTagReplacement?: (templat
 * @param  {string}  relayState               the relay state
 * @param  {function} customTagReplacement     used when developers have their own login response template
 */
-declare function base64LoginResponse(requestInfo: any, entity: any, user?: any, relayState?: string, customTagReplacement?: (template: string) => BindingContext): Promise<BindingSimpleSignContext>;
+declare function base64LoginResponse(requestInfo: any | undefined, entity: any, user?: any, relayState?: string, customTagReplacement?: (template: string) => BindingContext): Promise<BindingSimpleSignContext>;
 declare const simpleSignBinding: {
     base64LoginRequest: typeof base64LoginRequest;
     base64LoginResponse: typeof base64LoginResponse;

package/types/src/entity.d.ts

@@ -1,4 +1,3 @@
-/// <reference types="node" />
 import { IdpMetadata as IdpMetadataConstructor } from './metadata-idp';
 import { SpMetadata as SpMetadataConstructor } from './metadata-sp';
 import { MetadataIdpConstructor, MetadataSpConstructor, EntitySetting } from './types';
@@ -31,7 +30,7 @@ export interface ParseResult {
     extract: any;
     sigAlg: string;
 }
-export declare type EntityConstructor = (MetadataIdpConstructor | MetadataSpConstructor) & {
+export type EntityConstructor = (MetadataIdpConstructor | MetadataSpConstructor) & {
     metadata?: string | Buffer;
 };
 export default class Entity {

package/types/src/extractor.d.ts

@@ -6,7 +6,7 @@ interface ExtractorField {
     attributePath?: string[];
     context?: boolean;
 }
-export declare type ExtractorFields = ExtractorField[];
+export type ExtractorFields = ExtractorField[];
 export declare const loginRequestFields: ExtractorFields;
 export declare const loginResponseStatusFields: {
     key: string;

package/types/src/libsaml.d.ts

@@ -3,7 +3,6 @@
 * @author tngan
 * @desc  A simple library including some common functions
 */
-/// <reference types="node" />
 import { MetadataInterface } from './metadata';
 export interface SignatureConstructor {
     rawSamlMessage: string;
@@ -58,7 +57,7 @@ export interface LogoutRequestTemplate extends BaseSamlTemplate {
 }
 export interface LogoutResponseTemplate extends BaseSamlTemplate {
 }
-export declare type KeyUse = 'signing' | 'encryption';
+export type KeyUse = 'signing' | 'encryption';
 export interface KeyComponent {
     [key: string]: any;
 }
@@ -86,7 +85,7 @@ export interface LibSamlInterface {
     defaultLogoutResponseTemplate: LogoutResponseTemplate;
 }
 declare const _default: {
-    createXPath: (local: any, isExtractAll?: boolean | undefined) => string;
+    createXPath: (local: any, isExtractAll?: boolean) => string;
     getQueryParamByType: (type: string) => "SAMLRequest" | "SAMLResponse";
     defaultLoginRequestTemplate: {
         context: string;
@@ -166,7 +165,7 @@ declare const _default: {
     * @param  {string} signingAlgorithm          signing algorithm
     * @return {string} message signature
     */
-    constructMessageSignature(octetString: string, key: string, passphrase?: string | undefined, isBase64?: boolean | undefined, signingAlgorithm?: string | undefined): string | Buffer;
+    constructMessageSignature(octetString: string, key: string, passphrase?: string, isBase64?: boolean, signingAlgorithm?: string): string | Buffer<ArrayBufferLike>;
     /**
     * @desc Verifies message signature
     * @param  {Metadata} metadata                 metadata object of identity provider or service provider
@@ -175,7 +174,7 @@ declare const _default: {
     * @param  {string} verifyAlgorithm            algorithm used to verify
     * @return {boolean} verification result
     */
-    verifyMessageSignature(metadata: any, octetString: string, signature: string | Buffer, verifyAlgorithm?: string | undefined): boolean;
+    verifyMessageSignature(metadata: any, octetString: string, signature: string | Buffer, verifyAlgorithm?: string): boolean;
     /**
     * @desc Get the public key in string format
     * @param  {string} x509Certificate certificate
@@ -192,7 +191,7 @@ declare const _default: {
     * @param  {string} xml                      response in xml string format
     * @return {Promise} a promise to resolve the finalized xml
     */
-    encryptAssertion(sourceEntity: any, targetEntity: any, xml?: string | undefined): Promise<string>;
+    encryptAssertion(sourceEntity: any, targetEntity: any, xml?: string): Promise<string>;
     /**
     * @desc Decrypt the assertion section in Response
     * @param  {string} type             only accept SAMLResponse to proceed decryption

package/types/src/metadata.d.ts

@@ -1,4 +1,3 @@
-/// <reference types="node" />
 export interface MetadataInterface {
     xmlString: string;
     getMetadata: () => string;

package/types/src/types.d.ts

@@ -1,11 +1,10 @@
-/// <reference types="node" />
 import { LoginResponseTemplate } from './libsaml';
 export { IdentityProvider as IdentityProviderConstructor } from './entity-idp';
 export { IdpMetadata as IdentityProviderMetadata } from './metadata-idp';
 export { ServiceProvider as ServiceProviderConstructor } from './entity-sp';
 export { SpMetadata as ServiceProviderMetadata } from './metadata-sp';
-export declare type MetadataFile = string | Buffer;
-declare type SSOService = {
+export type MetadataFile = string | Buffer;
+type SSOService = {
     isDefault?: boolean;
     Binding: string;
     Location: string;
@@ -20,7 +19,7 @@ export interface MetadataIdpOptions {
     singleLogoutService?: SSOService[];
     requestSignatureAlgorithm?: string;
 }
-export declare type MetadataIdpConstructor = MetadataIdpOptions | MetadataFile;
+export type MetadataIdpConstructor = MetadataIdpOptions | MetadataFile;
 export interface MetadataSpOptions {
     entityID?: string;
     signingCert?: string | Buffer | (string | Buffer)[];
@@ -37,8 +36,8 @@ export interface MetadataSpOptions {
     assertionConsumerService?: SSOService[];
     elementsOrder?: string[];
 }
-export declare type MetadataSpConstructor = MetadataSpOptions | MetadataFile;
-export declare type EntitySetting = ServiceProviderSettings & IdentityProviderSettings;
+export type MetadataSpConstructor = MetadataSpOptions | MetadataFile;
+export type EntitySetting = ServiceProviderSettings & IdentityProviderSettings;
 export interface SignatureConfig {
     prefix?: string;
     location?: {
@@ -49,7 +48,7 @@ export interface SignatureConfig {
 export interface SAMLDocumentTemplate {
     context?: string;
 }
-export declare type ServiceProviderSettings = {
+export type ServiceProviderSettings = {
     metadata?: string | Buffer;
     entityID?: string;
     authnRequestsSigned?: boolean;
@@ -76,7 +75,7 @@ export declare type ServiceProviderSettings = {
     relayState?: string;
     clockDrifts?: [number, number];
 };
-export declare type IdentityProviderSettings = {
+export type IdentityProviderSettings = {
     metadata?: string | Buffer;
     /** signature algorithm */
     requestSignatureAlgorithm?: string;

package/types/src/utility.d.ts

@@ -1,4 +1,3 @@
-/// <reference types="node" />
 /**
  * @desc Mimic lodash.zipObject
  * @param arr1 {string[]}
@@ -35,7 +34,7 @@ export declare function get(obj: any, path: any, defaultValue: any): any;
  * @desc Check if the input is string
  * @param {any} input
  */
-export declare function isString(input: any): boolean;
+export declare function isString(input: any): input is string;
 /**
 * @desc Encode string with base64 format
 * @param  {string} message                       plain-text message
@@ -116,6 +115,12 @@ declare function convertToString(input: any, isOutputString: any): any;
 export declare function isNonEmptyArray(a: any): boolean;
 export declare function castArrayOpt<T>(a?: T | T[]): T[];
 export declare function notEmpty<TValue>(value: TValue | null | undefined): value is TValue;
+/**
+ * @desc Escape a string for safe use inside an XPath single-quoted string literal.
+ * Prevents XPath injection by splitting on single quotes and using concat().
+ */
+export declare function escapeXPathValue(value: string): string;
+export declare function camelCase(input: string): string;
 declare const utility: {
     isString: typeof isString;
     base64Encode: typeof base64Encode;

package/types/src/validator.d.ts

@@ -1,3 +1,3 @@
-declare type DriftTolerance = [number, number];
+type DriftTolerance = [number, number];
 declare function verifyTime(utcNotBefore: string | undefined, utcNotOnOrAfter: string | undefined, drift?: DriftTolerance): boolean;
 export { verifyTime };

package/.travis.yml

@@ -1,29 +0,0 @@
-language: node_js
-
-node_js:
-  - "16"
-  - "18"
-  - "20"
-
-env:
-  - INSTALL_JDK=1
-  - INSTALL_JDK=0
-
-before_install:
-  - if [[ "$INSTALL_JDK" == "1" ]] ; then make install_jdk ; fi
-
-install:
-  - yarn install --production=true
-
-script:
-  - yarn add @authenio/samlify-xsd-schema-validator
-  - yarn test --timeout=30s
-
-branches:
-  only:
-  - master
-  - /^.*-alpha$/
-  - /^.*-rc.*$/
-  - /^feature\/.*$/
-
-after_success: npm run coverage

package/CHANGELOG.md

@@ -1,7 +0,0 @@
-# 2.10.1
-
-* Changes to libsaml.ts verifySignature. This is an internal function, but we still document changes
-  - Does not raise error when signature is missing/invalid. Instead it now returns false. This is to simplify logic
-  - When there are encrypted assertions, returns the entire response, as the "verifiedAssertionNode"
-
-* Fix logic around handling encrypted assertions

package/types/vitest.config.d.ts

@@ -1,2 +0,0 @@
-declare const _default: import("vite").UserConfig;
-export default _default;