samlify 2.11.0 → 2.13.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +1 -1
- package/build/src/api.js +52 -3
- package/build/src/api.js.map +1 -1
- package/build/src/binding-post.js +236 -182
- package/build/src/binding-post.js.map +1 -1
- package/build/src/binding-redirect.js +303 -215
- package/build/src/binding-redirect.js.map +1 -1
- package/build/src/binding-simplesign.js +285 -137
- package/build/src/binding-simplesign.js.map +1 -1
- package/build/src/entity-idp.js +130 -47
- package/build/src/entity-idp.js.map +1 -1
- package/build/src/entity-sp.js +81 -39
- package/build/src/entity-sp.js.map +1 -1
- package/build/src/entity.js +100 -62
- package/build/src/entity.js.map +1 -1
- package/build/src/extractor.js +119 -155
- package/build/src/extractor.js.map +1 -1
- package/build/src/flow.js +100 -96
- package/build/src/flow.js.map +1 -1
- package/build/src/libsaml.js +318 -261
- package/build/src/libsaml.js.map +1 -1
- package/build/src/metadata-idp.js +60 -30
- package/build/src/metadata-idp.js.map +1 -1
- package/build/src/metadata-sp.js +51 -41
- package/build/src/metadata-sp.js.map +1 -1
- package/build/src/metadata.js +47 -43
- package/build/src/metadata.js.map +1 -1
- package/build/src/options.js +73 -0
- package/build/src/options.js.map +1 -0
- package/build/src/urn.js +28 -1
- package/build/src/urn.js.map +1 -1
- package/build/src/utility.js +165 -83
- package/build/src/utility.js.map +1 -1
- package/build/src/validator.js +27 -10
- package/build/src/validator.js.map +1 -1
- package/package.json +17 -7
- package/types/src/api.d.ts +33 -3
- package/types/src/binding-post.d.ts +67 -34
- package/types/src/binding-redirect.d.ts +58 -31
- package/types/src/binding-simplesign.d.ts +77 -21
- package/types/src/entity-idp.d.ts +40 -31
- package/types/src/entity-sp.d.ts +37 -27
- package/types/src/entity.d.ts +71 -77
- package/types/src/extractor.d.ts +31 -22
- package/types/src/flow.d.ts +24 -2
- package/types/src/libsaml.d.ts +172 -118
- package/types/src/metadata-idp.d.ts +27 -11
- package/types/src/metadata-sp.d.ts +29 -19
- package/types/src/metadata.d.ts +59 -34
- package/types/src/options.d.ts +37 -0
- package/types/src/types.d.ts +250 -24
- package/types/src/urn.d.ts +7 -0
- package/types/src/utility.d.ts +144 -89
- package/types/src/validator.d.ts +21 -0
- package/.circleci/config.yml +0 -98
- package/.editorconfig +0 -19
- package/.github/FUNDING.yml +0 -1
- package/.github/workflows/deploy-docs.yml +0 -56
- package/.pre-commit.sh +0 -15
- package/.snyk +0 -4
- package/Makefile +0 -25
- package/index.ts +0 -28
- package/src/api.ts +0 -36
- package/src/binding-post.ts +0 -336
- package/src/binding-redirect.ts +0 -335
- package/src/binding-simplesign.ts +0 -231
- package/src/entity-idp.ts +0 -145
- package/src/entity-sp.ts +0 -114
- package/src/entity.ts +0 -243
- package/src/extractor.ts +0 -399
- package/src/flow.ts +0 -469
- package/src/libsaml.ts +0 -777
- package/src/metadata-idp.ts +0 -146
- package/src/metadata-sp.ts +0 -203
- package/src/metadata.ts +0 -166
- package/src/types.ts +0 -127
- package/src/urn.ts +0 -210
- package/src/utility.ts +0 -231
- package/src/validator.ts +0 -44
- package/tsconfig.json +0 -41
- package/tslint.json +0 -35
- package/types.d.ts +0 -2
- package/vitest.config.ts +0 -12
package/build/src/metadata.js
CHANGED
|
@@ -34,19 +34,21 @@ var __importStar = (this && this.__importStar) || (function () {
|
|
|
34
34
|
})();
|
|
35
35
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
36
36
|
/**
|
|
37
|
-
* @file metadata.ts
|
|
38
|
-
* @author tngan
|
|
39
|
-
* @desc
|
|
40
|
-
*/
|
|
37
|
+
* @file metadata.ts
|
|
38
|
+
* @author tngan
|
|
39
|
+
* @desc Abstraction for SAML entity metadata (IdP and SP share this base).
|
|
40
|
+
*/
|
|
41
41
|
var fs = __importStar(require("fs"));
|
|
42
42
|
var urn_1 = require("./urn");
|
|
43
43
|
var extractor_1 = require("./extractor");
|
|
44
44
|
var utility_1 = require("./utility");
|
|
45
45
|
var Metadata = /** @class */ (function () {
|
|
46
46
|
/**
|
|
47
|
-
|
|
48
|
-
|
|
49
|
-
|
|
47
|
+
* Parse a SAML metadata XML document and hydrate a typed `meta` bag.
|
|
48
|
+
*
|
|
49
|
+
* @param xml raw metadata XML (string or Buffer)
|
|
50
|
+
* @param extraParse additional extractor fields merged into the standard set
|
|
51
|
+
*/
|
|
50
52
|
function Metadata(xml, extraParse) {
|
|
51
53
|
if (extraParse === void 0) { extraParse = []; }
|
|
52
54
|
this.xmlString = xml.toString();
|
|
@@ -55,18 +57,18 @@ var Metadata = /** @class */ (function () {
|
|
|
55
57
|
key: 'entityDescriptor',
|
|
56
58
|
localPath: ['EntityDescriptor'],
|
|
57
59
|
attributes: [],
|
|
58
|
-
context: true
|
|
60
|
+
context: true,
|
|
59
61
|
},
|
|
60
62
|
{
|
|
61
63
|
key: 'entityID',
|
|
62
64
|
localPath: ['EntityDescriptor'],
|
|
63
|
-
attributes: ['entityID']
|
|
65
|
+
attributes: ['entityID'],
|
|
64
66
|
},
|
|
65
67
|
{
|
|
66
68
|
// shared certificate for both encryption and signing
|
|
67
69
|
key: 'sharedCertificate',
|
|
68
70
|
localPath: ['EntityDescriptor', '~SSODescriptor', 'KeyDescriptor', 'KeyInfo', 'X509Data', 'X509Certificate'],
|
|
69
|
-
attributes: []
|
|
71
|
+
attributes: [],
|
|
70
72
|
},
|
|
71
73
|
{
|
|
72
74
|
// explicit certificate declaration for encryption and signing
|
|
@@ -74,25 +76,24 @@ var Metadata = /** @class */ (function () {
|
|
|
74
76
|
localPath: ['EntityDescriptor', '~SSODescriptor', 'KeyDescriptor'],
|
|
75
77
|
index: ['use'],
|
|
76
78
|
attributePath: ['KeyInfo', 'X509Data', 'X509Certificate'],
|
|
77
|
-
attributes: []
|
|
79
|
+
attributes: [],
|
|
78
80
|
},
|
|
79
81
|
{
|
|
80
82
|
key: 'singleLogoutService',
|
|
81
83
|
localPath: ['EntityDescriptor', '~SSODescriptor', 'SingleLogoutService'],
|
|
82
|
-
attributes: ['Binding', 'Location']
|
|
84
|
+
attributes: ['Binding', 'Location'],
|
|
83
85
|
},
|
|
84
86
|
{
|
|
85
87
|
key: 'nameIDFormat',
|
|
86
88
|
localPath: ['EntityDescriptor', '~SSODescriptor', 'NameIDFormat'],
|
|
87
89
|
attributes: [],
|
|
88
|
-
}
|
|
90
|
+
},
|
|
89
91
|
]));
|
|
90
|
-
// get shared certificate
|
|
91
92
|
var sharedCertificate = this.meta.sharedCertificate;
|
|
92
93
|
if (typeof sharedCertificate === 'string') {
|
|
93
94
|
this.meta.certificate = {
|
|
94
95
|
signing: sharedCertificate,
|
|
95
|
-
encryption: sharedCertificate
|
|
96
|
+
encryption: sharedCertificate,
|
|
96
97
|
};
|
|
97
98
|
delete this.meta.sharedCertificate;
|
|
98
99
|
}
|
|
@@ -102,46 +103,48 @@ var Metadata = /** @class */ (function () {
|
|
|
102
103
|
}
|
|
103
104
|
}
|
|
104
105
|
/**
|
|
105
|
-
|
|
106
|
-
|
|
107
|
-
*/
|
|
106
|
+
* Return the underlying metadata XML.
|
|
107
|
+
*/
|
|
108
108
|
Metadata.prototype.getMetadata = function () {
|
|
109
109
|
return this.xmlString;
|
|
110
110
|
};
|
|
111
111
|
/**
|
|
112
|
-
|
|
113
|
-
|
|
114
|
-
|
|
112
|
+
* Write the metadata XML to disk at the given path.
|
|
113
|
+
*
|
|
114
|
+
* @param exportFile absolute file path
|
|
115
|
+
*/
|
|
115
116
|
Metadata.prototype.exportMetadata = function (exportFile) {
|
|
116
117
|
fs.writeFileSync(exportFile, this.xmlString);
|
|
117
118
|
};
|
|
118
119
|
/**
|
|
119
|
-
|
|
120
|
-
|
|
121
|
-
*/
|
|
120
|
+
* Return the metadata `entityID`.
|
|
121
|
+
*/
|
|
122
122
|
Metadata.prototype.getEntityID = function () {
|
|
123
123
|
return this.meta.entityID;
|
|
124
124
|
};
|
|
125
125
|
/**
|
|
126
|
-
|
|
127
|
-
|
|
128
|
-
|
|
129
|
-
|
|
126
|
+
* Return the X.509 certificate(s) declared in metadata for a given use.
|
|
127
|
+
*
|
|
128
|
+
* @param use `signing` or `encryption`
|
|
129
|
+
* @returns certificate body or list, or `null` when missing
|
|
130
|
+
*/
|
|
130
131
|
Metadata.prototype.getX509Certificate = function (use) {
|
|
131
|
-
|
|
132
|
+
var certificate = this.meta.certificate;
|
|
133
|
+
return (certificate && certificate[use]) || null;
|
|
132
134
|
};
|
|
133
135
|
/**
|
|
134
|
-
|
|
135
|
-
|
|
136
|
-
*/
|
|
136
|
+
* Return the supported NameID formats declared in metadata.
|
|
137
|
+
*/
|
|
137
138
|
Metadata.prototype.getNameIDFormat = function () {
|
|
138
139
|
return this.meta.nameIDFormat;
|
|
139
140
|
};
|
|
140
141
|
/**
|
|
141
|
-
|
|
142
|
-
|
|
143
|
-
|
|
144
|
-
|
|
142
|
+
* Return the single-logout service endpoint for the requested binding.
|
|
143
|
+
* When no binding is provided, returns the raw service list.
|
|
144
|
+
*
|
|
145
|
+
* @param binding `redirect`, `post`, etc.
|
|
146
|
+
* @returns endpoint URL or raw service list
|
|
147
|
+
*/
|
|
145
148
|
Metadata.prototype.getSingleLogoutService = function (binding) {
|
|
146
149
|
if (binding && (0, utility_1.isString)(binding)) {
|
|
147
150
|
var bindType_1 = urn_1.namespace.binding[binding];
|
|
@@ -157,17 +160,18 @@ var Metadata = /** @class */ (function () {
|
|
|
157
160
|
return this.meta.singleLogoutService;
|
|
158
161
|
};
|
|
159
162
|
/**
|
|
160
|
-
|
|
161
|
-
|
|
162
|
-
|
|
163
|
-
|
|
163
|
+
* Reduce a service descriptor array to the list of bindings it declares.
|
|
164
|
+
*
|
|
165
|
+
* @param services list of service descriptor objects
|
|
166
|
+
* @returns supported binding keys
|
|
167
|
+
*/
|
|
164
168
|
Metadata.prototype.getSupportBindings = function (services) {
|
|
165
169
|
var supportBindings = [];
|
|
166
170
|
if (services) {
|
|
167
|
-
|
|
171
|
+
services.forEach(function (service) {
|
|
168
172
|
var supportBinding = Object.keys(service)[0];
|
|
169
|
-
|
|
170
|
-
}
|
|
173
|
+
supportBindings.push(supportBinding);
|
|
174
|
+
});
|
|
171
175
|
}
|
|
172
176
|
return supportBindings;
|
|
173
177
|
};
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"metadata.js","sourceRoot":"","sources":["../../src/metadata.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;;;;
|
|
1
|
+
{"version":3,"file":"metadata.js","sourceRoot":"","sources":["../../src/metadata.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;;;;GAIG;AACH,qCAAyB;AACzB,6BAAkC;AAClC,yCAAsC;AACtC,qCAAqC;AA0BrC;IAKE;;;;;OAKG;IACH,kBAAY,GAAoB,EAAE,UAAgC;QAAhC,2BAAA,EAAA,eAAgC;QAChE,IAAI,CAAC,SAAS,GAAG,GAAG,CAAC,QAAQ,EAAE,CAAC;QAChC,IAAI,CAAC,IAAI,GAAG,IAAA,mBAAO,EAAC,IAAI,CAAC,SAAS,EAAE,UAAU,CAAC,MAAM,CAAC;YACpD;gBACE,GAAG,EAAE,kBAAkB;gBACvB,SAAS,EAAE,CAAC,kBAAkB,CAAC;gBAC/B,UAAU,EAAE,EAAE;gBACd,OAAO,EAAE,IAAI;aACd;YACD;gBACE,GAAG,EAAE,UAAU;gBACf,SAAS,EAAE,CAAC,kBAAkB,CAAC;gBAC/B,UAAU,EAAE,CAAC,UAAU,CAAC;aACzB;YACD;gBACE,qDAAqD;gBACrD,GAAG,EAAE,mBAAmB;gBACxB,SAAS,EAAE,CAAC,kBAAkB,EAAE,gBAAgB,EAAE,eAAe,EAAE,SAAS,EAAE,UAAU,EAAE,iBAAiB,CAAC;gBAC5G,UAAU,EAAE,EAAE;aACf;YACD;gBACE,8DAA8D;gBAC9D,GAAG,EAAE,aAAa;gBAClB,SAAS,EAAE,CAAC,kBAAkB,EAAE,gBAAgB,EAAE,eAAe,CAAC;gBAClE,KAAK,EAAE,CAAC,KAAK,CAAC;gBACd,aAAa,EAAE,CAAC,SAAS,EAAE,UAAU,EAAE,iBAAiB,CAAC;gBACzD,UAAU,EAAE,EAAE;aACf;YACD;gBACE,GAAG,EAAE,qBAAqB;gBAC1B,SAAS,EAAE,CAAC,kBAAkB,EAAE,gBAAgB,EAAE,qBAAqB,CAAC;gBACxE,UAAU,EAAE,CAAC,SAAS,EAAE,UAAU,CAAC;aACpC;YACD;gBACE,GAAG,EAAE,cAAc;gBACnB,SAAS,EAAE,CAAC,kBAAkB,EAAE,gBAAgB,EAAE,cAAc,CAAC;gBACjE,UAAU,EAAE,EAAE;aACf;SACF,CAAC,CAAgB,CAAC;QAEnB,IAAM,iBAAiB,GAAG,IAAI,CAAC,IAAI,CAAC,iBAAiB,CAAC;QACtD,IAAI,OAAO,iBAAiB,KAAK,QAAQ,EAAE,CAAC;YAC1C,IAAI,CAAC,IAAI,CAAC,WAAW,GAAG;gBACtB,OAAO,EAAE,iBAAiB;gBAC1B,UAAU,EAAE,iBAAiB;aAC9B,CAAC;YACF,OAAO,IAAI,CAAC,IAAI,CAAC,iBAAiB,CAAC;QACrC,CAAC;QAED,IACE,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,gBAAgB,CAAC;YACzC,IAAI,CAAC,IAAI,CAAC,gBAAgB,CAAC,MAAM,GAAG,CAAC,EACrC,CAAC;YACD,MAAM,IAAI,KAAK,CAAC,wCAAwC,CAAC,CAAC;QAC5D,CAAC;IACH,CAAC;IAED;;OAEG;IACI,8BAAW,GAAlB;QACE,OAAO,IAAI,CAAC,SAAS,CAAC;IACxB,CAAC;IAED;;;;OAIG;IACI,iCAAc,GAArB,UAAsB,UAAkB;QACtC,EAAE,CAAC,aAAa,CAAC,UAAU,EAAE,IAAI,CAAC,SAAS,CAAC,CAAC;IAC/C,CAAC;IAED;;OAEG;IACI,8BAAW,GAAlB;QACE,OAAO,IAAI,CAAC,IAAI,CAAC,QAAkB,CAAC;IACtC,CAAC;IAED;;;;;OAKG;IACI,qCAAkB,GAAzB,UAA0B,GAAW;QACnC,IAAM,WAAW,GAAG,IAAI,CAAC,IAAI,CAAC,WAA4D,CAAC;QAC3F,OAAO,CAAC,WAAW,IAAI,WAAW,CAAC,GAAG,CAAC,CAAC,IAAK,IAA0B,CAAC;IAC1E,CAAC;IAED;;OAEG;IACI,kCAAe,GAAtB;QACE,OAAO,IAAI,CAAC,IAAI,CAAC,YAAwB,CAAC;IAC5C,CAAC;IAED;;;;;;OAMG;IACI,yCAAsB,GAA7B,UAA8B,OAA2B;QACvD,IAAI,OAAO,IAAI,IAAA,kBAAQ,EAAC,OAAO,CAAC,EAAE,CAAC;YACjC,IAAM,UAAQ,GAAG,eAAS,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;YAC5C,IAAI,mBAAmB,GAAG,IAAI,CAAC,IAAI,CAAC,mBAAmB,CAAC;YACxD,IAAI,CAAC,CAAC,mBAAmB,YAAY,KAAK,CAAC,EAAE,CAAC;gBAC5C,mBAAmB,GAAG,CAAC,mBAA4D,CAAC,CAAC;YACvF,CAAC;YACD,IAAM,OAAO,GAAG,mBAAmB,CAAC,IAAI,CAAC,UAAA,GAAG,IAAI,OAAA,GAAG,CAAC,OAAO,KAAK,UAAQ,EAAxB,CAAwB,CAAC,CAAC;YAC1E,IAAI,OAAO,EAAE,CAAC;gBACZ,OAAO,OAAO,CAAC,QAAQ,CAAC;YAC1B,CAAC;QACH,CAAC;QACD,OAAO,IAAI,CAAC,IAAI,CAAC,mBAAwC,CAAC;IAC5D,CAAC;IAED;;;;;OAKG;IACI,qCAAkB,GAAzB,UAA0B,QAAkB;QAC1C,IAAM,eAAe,GAAa,EAAE,CAAC;QACrC,IAAI,QAAQ,EAAE,CAAC;YACb,QAAQ,CAAC,OAAO,CAAC,UAAA,OAAO;gBACtB,IAAM,cAAc,GAAG,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC;gBAC/C,eAAe,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;YACvC,CAAC,CAAC,CAAC;QACL,CAAC;QACD,OAAO,eAAe,CAAC;IACzB,CAAC;IACH,eAAC;AAAD,CAAC,AAnJD,IAmJC"}
|
|
@@ -0,0 +1,73 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.normalizeCreateLoginRequestOptions = normalizeCreateLoginRequestOptions;
|
|
4
|
+
exports.normalizeCreateLoginResponseOptions = normalizeCreateLoginResponseOptions;
|
|
5
|
+
exports.normalizeCreateLogoutRequestOptions = normalizeCreateLogoutRequestOptions;
|
|
6
|
+
exports.normalizeCreateLogoutResponseOptions = normalizeCreateLogoutResponseOptions;
|
|
7
|
+
/**
|
|
8
|
+
* Resolve the 3rd-position parameter of `ServiceProvider#createLoginRequest`.
|
|
9
|
+
* Accepts a callback (legacy), an options bag, or undefined.
|
|
10
|
+
*/
|
|
11
|
+
function normalizeCreateLoginRequestOptions(input) {
|
|
12
|
+
if (input == null)
|
|
13
|
+
return {};
|
|
14
|
+
if (typeof input === 'function')
|
|
15
|
+
return { customTagReplacement: input };
|
|
16
|
+
return input;
|
|
17
|
+
}
|
|
18
|
+
/**
|
|
19
|
+
* Resolve the 5th-position parameter of `IdentityProvider#createLoginResponse`.
|
|
20
|
+
* Accepts a callback (legacy), an options bag, or undefined.
|
|
21
|
+
*
|
|
22
|
+
* Legacy positional `encryptThenSign` (6th) and `relayState` (7th) are
|
|
23
|
+
* folded into the bag when the 5th argument is the legacy callback form.
|
|
24
|
+
*/
|
|
25
|
+
function normalizeCreateLoginResponseOptions(optionsOrCallback, legacyEncryptThenSign, legacyRelayState) {
|
|
26
|
+
if (optionsOrCallback == null) {
|
|
27
|
+
return { encryptThenSign: legacyEncryptThenSign, relayState: legacyRelayState };
|
|
28
|
+
}
|
|
29
|
+
if (typeof optionsOrCallback === 'function') {
|
|
30
|
+
return {
|
|
31
|
+
customTagReplacement: optionsOrCallback,
|
|
32
|
+
encryptThenSign: legacyEncryptThenSign,
|
|
33
|
+
relayState: legacyRelayState,
|
|
34
|
+
};
|
|
35
|
+
}
|
|
36
|
+
return optionsOrCallback;
|
|
37
|
+
}
|
|
38
|
+
/**
|
|
39
|
+
* Resolve the 4th-position parameter of `Entity#createLogoutRequest`.
|
|
40
|
+
* Accepts a string (legacy `relayState`), an options bag, or undefined.
|
|
41
|
+
*
|
|
42
|
+
* Legacy positional `customTagReplacement` (5th) is folded into the bag
|
|
43
|
+
* when the 4th argument is the legacy string form.
|
|
44
|
+
*/
|
|
45
|
+
function normalizeCreateLogoutRequestOptions(optionsOrRelayState, legacyCustomTagReplacement) {
|
|
46
|
+
if (optionsOrRelayState == null) {
|
|
47
|
+
return { customTagReplacement: legacyCustomTagReplacement };
|
|
48
|
+
}
|
|
49
|
+
if (typeof optionsOrRelayState === 'string') {
|
|
50
|
+
return {
|
|
51
|
+
relayState: optionsOrRelayState,
|
|
52
|
+
customTagReplacement: legacyCustomTagReplacement,
|
|
53
|
+
};
|
|
54
|
+
}
|
|
55
|
+
return optionsOrRelayState;
|
|
56
|
+
}
|
|
57
|
+
/**
|
|
58
|
+
* Resolve the 4th-position parameter of `Entity#createLogoutResponse`.
|
|
59
|
+
* Same dispatch rules as {@link normalizeCreateLogoutRequestOptions}.
|
|
60
|
+
*/
|
|
61
|
+
function normalizeCreateLogoutResponseOptions(optionsOrRelayState, legacyCustomTagReplacement) {
|
|
62
|
+
if (optionsOrRelayState == null) {
|
|
63
|
+
return { customTagReplacement: legacyCustomTagReplacement };
|
|
64
|
+
}
|
|
65
|
+
if (typeof optionsOrRelayState === 'string') {
|
|
66
|
+
return {
|
|
67
|
+
relayState: optionsOrRelayState,
|
|
68
|
+
customTagReplacement: legacyCustomTagReplacement,
|
|
69
|
+
};
|
|
70
|
+
}
|
|
71
|
+
return optionsOrRelayState;
|
|
72
|
+
}
|
|
73
|
+
//# sourceMappingURL=options.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"options.js","sourceRoot":"","sources":["../../src/options.ts"],"names":[],"mappings":";;AAsBA,gFAMC;AASD,kFAgBC;AASD,kFAcC;AAMD,oFAcC;AA9ED;;;GAGG;AACH,SAAgB,kCAAkC,CAChD,KAAmE;IAEnE,IAAI,KAAK,IAAI,IAAI;QAAE,OAAO,EAAE,CAAC;IAC7B,IAAI,OAAO,KAAK,KAAK,UAAU;QAAE,OAAO,EAAE,oBAAoB,EAAE,KAAK,EAAE,CAAC;IACxE,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;;;;;GAMG;AACH,SAAgB,mCAAmC,CACjD,iBAAgF,EAChF,qBAA+B,EAC/B,gBAAyB;IAEzB,IAAI,iBAAiB,IAAI,IAAI,EAAE,CAAC;QAC9B,OAAO,EAAE,eAAe,EAAE,qBAAqB,EAAE,UAAU,EAAE,gBAAgB,EAAE,CAAC;IAClF,CAAC;IACD,IAAI,OAAO,iBAAiB,KAAK,UAAU,EAAE,CAAC;QAC5C,OAAO;YACL,oBAAoB,EAAE,iBAAiB;YACvC,eAAe,EAAE,qBAAqB;YACtC,UAAU,EAAE,gBAAgB;SAC7B,CAAC;IACJ,CAAC;IACD,OAAO,iBAAiB,CAAC;AAC3B,CAAC;AAED;;;;;;GAMG;AACH,SAAgB,mCAAmC,CACjD,mBAAoE,EACpE,0BAAiD;IAEjD,IAAI,mBAAmB,IAAI,IAAI,EAAE,CAAC;QAChC,OAAO,EAAE,oBAAoB,EAAE,0BAA0B,EAAE,CAAC;IAC9D,CAAC;IACD,IAAI,OAAO,mBAAmB,KAAK,QAAQ,EAAE,CAAC;QAC5C,OAAO;YACL,UAAU,EAAE,mBAAmB;YAC/B,oBAAoB,EAAE,0BAA0B;SACjD,CAAC;IACJ,CAAC;IACD,OAAO,mBAAmB,CAAC;AAC7B,CAAC;AAED;;;GAGG;AACH,SAAgB,oCAAoC,CAClD,mBAAqE,EACrE,0BAAiD;IAEjD,IAAI,mBAAmB,IAAI,IAAI,EAAE,CAAC;QAChC,OAAO,EAAE,oBAAoB,EAAE,0BAA0B,EAAE,CAAC;IAC9D,CAAC;IACD,IAAI,OAAO,mBAAmB,KAAK,QAAQ,EAAE,CAAC;QAC5C,OAAO;YACL,UAAU,EAAE,mBAAmB;YAC/B,oBAAoB,EAAE,0BAA0B;SACjD,CAAC;IACJ,CAAC;IACD,OAAO,mBAAmB,CAAC;AAC7B,CAAC"}
|
package/build/src/urn.js
CHANGED
|
@@ -148,6 +148,12 @@ var algorithms = {
|
|
|
148
148
|
RSA_SHA1: 'http://www.w3.org/2000/09/xmldsig#rsa-sha1',
|
|
149
149
|
RSA_SHA256: 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256',
|
|
150
150
|
RSA_SHA512: 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha512',
|
|
151
|
+
// RSASSA-PSS with MGF1 — `xmldsig-core §6.4.2`, `xmldsig-more` (W3C
|
|
152
|
+
// Note, 2007-05). Recommended over PKCS#1 v1.5 for new deployments
|
|
153
|
+
// per `saml-sec-consider §6.5` and the audit follow-up F-7
|
|
154
|
+
// (`.skills/audits/2026-04-security-audit.md`). The default signing
|
|
155
|
+
// algorithm remains RSA-SHA256 (PKCS#1 v1.5); PSS is opt-in.
|
|
156
|
+
RSA_SHA256_MGF1: 'http://www.w3.org/2007/05/xmldsig-more#sha256-rsa-MGF1',
|
|
151
157
|
},
|
|
152
158
|
encryption: {
|
|
153
159
|
data: {
|
|
@@ -165,6 +171,9 @@ var algorithms = {
|
|
|
165
171
|
'http://www.w3.org/2000/09/xmldsig#rsa-sha1': 'http://www.w3.org/2000/09/xmldsig#sha1',
|
|
166
172
|
'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256': 'http://www.w3.org/2001/04/xmlenc#sha256',
|
|
167
173
|
'http://www.w3.org/2001/04/xmldsig-more#rsa-sha512': 'http://www.w3.org/2001/04/xmlenc#sha512', // support hashing algorithm sha512 in xml-crypto after 0.8.0
|
|
174
|
+
// PSS variant — `xmldsig-more` (2007-05) — pairs with the SHA-256
|
|
175
|
+
// digest URI per the OASIS-published mapping.
|
|
176
|
+
'http://www.w3.org/2007/05/xmldsig-more#sha256-rsa-MGF1': 'http://www.w3.org/2001/04/xmlenc#sha256',
|
|
168
177
|
},
|
|
169
178
|
};
|
|
170
179
|
exports.algorithms = algorithms;
|
|
@@ -202,11 +211,29 @@ var wording = {
|
|
|
202
211
|
};
|
|
203
212
|
exports.wording = wording;
|
|
204
213
|
// https://wiki.shibboleth.net/confluence/display/CONCEPT/MetadataForSP
|
|
205
|
-
// some idps restrict the order of elements in entity descriptors
|
|
214
|
+
// some idps restrict the order of elements in entity descriptors.
|
|
215
|
+
//
|
|
216
|
+
// Top-level keys (default / onelogin / shibboleth) describe SP-side
|
|
217
|
+
// orderings and are kept at the root for backwards compatibility with
|
|
218
|
+
// callers that read `Constants.elementsOrder.shibboleth` directly.
|
|
219
|
+
//
|
|
220
|
+
// IdP-side orderings live under the `idp` sub-key. The default sequence
|
|
221
|
+
// matches `saml-metadata §2.4.3` (the schema-declared `<IDPSSODescriptor>`
|
|
222
|
+
// child sequence) restricted to the elements samlify currently emits.
|
|
206
223
|
var elementsOrder = {
|
|
207
224
|
default: ['KeyDescriptor', 'NameIDFormat', 'SingleLogoutService', 'AssertionConsumerService'],
|
|
208
225
|
onelogin: ['KeyDescriptor', 'NameIDFormat', 'SingleLogoutService', 'AssertionConsumerService'],
|
|
209
226
|
shibboleth: ['KeyDescriptor', 'SingleLogoutService', 'NameIDFormat', 'AssertionConsumerService', 'AttributeConsumingService'],
|
|
227
|
+
idp: {
|
|
228
|
+
// Default mirrors the historical (pre-#429) emission order so callers
|
|
229
|
+
// that don't supply `elementsOrder` continue to receive byte-identical
|
|
230
|
+
// metadata XML. saml-metadata §2.4.3 permits this subset.
|
|
231
|
+
default: ['KeyDescriptor', 'NameIDFormat', 'SingleSignOnService', 'SingleLogoutService'],
|
|
232
|
+
// OneLogin-style: NameIDFormat ahead of the service endpoints.
|
|
233
|
+
onelogin: ['KeyDescriptor', 'NameIDFormat', 'SingleLogoutService', 'SingleSignOnService'],
|
|
234
|
+
// Shibboleth IdP convention puts SLO ahead of NameIDFormat.
|
|
235
|
+
shibboleth: ['KeyDescriptor', 'SingleLogoutService', 'NameIDFormat', 'SingleSignOnService'],
|
|
236
|
+
},
|
|
210
237
|
};
|
|
211
238
|
exports.elementsOrder = elementsOrder;
|
|
212
239
|
//# sourceMappingURL=urn.js.map
|
package/build/src/urn.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"urn.js","sourceRoot":"","sources":["../../src/urn.ts"],"names":[],"mappings":";AAAA;;;;EAIE;;;AAEF,IAAY,gBAKX;AALD,WAAY,gBAAgB;IAC1B,mFAA+D,CAAA;IAC/D,2EAAuD,CAAA;IACvD,4FAAwE,CAAA;IACxE,mFAA+D,CAAA;AACjE,CAAC,EALW,gBAAgB,gCAAhB,gBAAgB,QAK3B;AAED,IAAY,qBAGX;AAHD,WAAY,qBAAqB;IAC/B,kDAAyB,CAAA;IACzB,kDAAyB,CAAA;AAC3B,CAAC,EAHW,qBAAqB,qCAArB,qBAAqB,QAGhC;AAED,IAAY,UA0BX;AA1BD,WAAY,UAAU;IACpB,WAAW;IACX,oEAAsD,CAAA;IACtD,wEAA0D,CAAA;IAC1D,wEAA0D,CAAA;IAC1D,oFAAsE,CAAA;IACtE,0CAA0C;IAC1C,2EAA6D,CAAA;IAC7D,kGAAoF,CAAA;IACpF,4FAA8E,CAAA;IAC9E,kFAAoE,CAAA;IACpE,kFAAoE,CAAA;IACpE,wEAA0D,CAAA;IAC1D,kFAAoE,CAAA;IACpE,gFAAkE,CAAA;IAClE,0FAA4E,CAAA;IAC5E,gFAAkE,CAAA;IAClE,0FAA4E,CAAA;IAC5E,sGAAwF,CAAA;IACxF,gGAAkF,CAAA;IAClF,8FAAgF,CAAA;IAChF,gGAAkF,CAAA;IAClF,sFAAwE,CAAA;IACxE,0FAA4E,CAAA;IAC5E,sFAAwE,CAAA;IACxE,0FAA4E,CAAA;AAC9E,CAAC,EA1BW,UAAU,0BAAV,UAAU,QA0BrB;AAED,IAAM,SAAS,GAAG;IAChB,OAAO,EAAE;QACP,QAAQ,EAAE,oDAAoD;QAC9D,IAAI,EAAE,gDAAgD;QACtD,UAAU,EAAE,2DAA2D;QACvE,QAAQ,EAAE,oDAAoD;KAC/D;IACD,KAAK,EAAE;QACL,QAAQ,EAAE,sCAAsC;QAChD,SAAS,EAAE,uCAAuC;QAClD,QAAQ,EAAE,sCAAsC;QAChD,UAAU,EAAE,yCAAyC;QACrD,WAAW,EAAE,0CAA0C;KACxD;IACD,oBAAoB,EAAE;QACpB,QAAQ,EAAE,iDAAiD;QAC3D,0BAA0B,EAAE,mEAAmE;KAChG;IACD,MAAM,EAAE;QACN,YAAY,EAAE,wDAAwD;QACtE,UAAU,EAAE,sDAAsD;QAClE,SAAS,EAAE,qDAAqD;QAChE,MAAM,EAAE,kDAAkD;QAC1D,WAAW,EAAE,uDAAuD;QACpE,QAAQ,EAAE,oDAAoD;QAC9D,0BAA0B,EAAE,sEAAsE;QAClG,eAAe,EAAE,2DAA2D;KAC7E;IACD,UAAU,EAAE;QACV,qCAAqC;QACrC,OAAO,EAAE,4CAA4C;QACrD,SAAS,EAAE,8CAA8C;QACzD,SAAS,EAAE,8CAA8C;QACzD,eAAe,EAAE,oDAAoD;QACrE,4BAA4B;QAC5B,UAAU,EAAE,gDAAgD;QAC5D,sBAAsB,EAAE,2DAA2D;QACnF,mBAAmB,EAAE,wDAAwD;QAC7E,cAAc,EAAE,mDAAmD;QACnE,cAAc,EAAE,mDAAmD;QACnE,SAAS,EAAE,8CAA8C;QACzD,cAAc,EAAE,mDAAmD;QACnE,aAAa,EAAE,kDAAkD;QACjE,kBAAkB,EAAE,uDAAuD;QAC3E,aAAa,EAAE,kDAAkD;QACjE,kBAAkB,EAAE,uDAAuD;QAC3E,wBAAwB,EAAE,6DAA6D;QACvF,qBAAqB,EAAE,0DAA0D;QACjF,oBAAoB,EAAE,yDAAyD;QAC/E,qBAAqB,EAAE,0DAA0D;QACjF,gBAAgB,EAAE,qDAAqD;QACvE,kBAAkB,EAAE,uDAAuD;QAC3E,gBAAgB,EAAE,qDAAqD;QACvE,kBAAkB,EAAE,uDAAuD;KAC5E;CACF,CAAC;
|
|
1
|
+
{"version":3,"file":"urn.js","sourceRoot":"","sources":["../../src/urn.ts"],"names":[],"mappings":";AAAA;;;;EAIE;;;AAEF,IAAY,gBAKX;AALD,WAAY,gBAAgB;IAC1B,mFAA+D,CAAA;IAC/D,2EAAuD,CAAA;IACvD,4FAAwE,CAAA;IACxE,mFAA+D,CAAA;AACjE,CAAC,EALW,gBAAgB,gCAAhB,gBAAgB,QAK3B;AAED,IAAY,qBAGX;AAHD,WAAY,qBAAqB;IAC/B,kDAAyB,CAAA;IACzB,kDAAyB,CAAA;AAC3B,CAAC,EAHW,qBAAqB,qCAArB,qBAAqB,QAGhC;AAED,IAAY,UA0BX;AA1BD,WAAY,UAAU;IACpB,WAAW;IACX,oEAAsD,CAAA;IACtD,wEAA0D,CAAA;IAC1D,wEAA0D,CAAA;IAC1D,oFAAsE,CAAA;IACtE,0CAA0C;IAC1C,2EAA6D,CAAA;IAC7D,kGAAoF,CAAA;IACpF,4FAA8E,CAAA;IAC9E,kFAAoE,CAAA;IACpE,kFAAoE,CAAA;IACpE,wEAA0D,CAAA;IAC1D,kFAAoE,CAAA;IACpE,gFAAkE,CAAA;IAClE,0FAA4E,CAAA;IAC5E,gFAAkE,CAAA;IAClE,0FAA4E,CAAA;IAC5E,sGAAwF,CAAA;IACxF,gGAAkF,CAAA;IAClF,8FAAgF,CAAA;IAChF,gGAAkF,CAAA;IAClF,sFAAwE,CAAA;IACxE,0FAA4E,CAAA;IAC5E,sFAAwE,CAAA;IACxE,0FAA4E,CAAA;AAC9E,CAAC,EA1BW,UAAU,0BAAV,UAAU,QA0BrB;AAED,IAAM,SAAS,GAAG;IAChB,OAAO,EAAE;QACP,QAAQ,EAAE,oDAAoD;QAC9D,IAAI,EAAE,gDAAgD;QACtD,UAAU,EAAE,2DAA2D;QACvE,QAAQ,EAAE,oDAAoD;KAC/D;IACD,KAAK,EAAE;QACL,QAAQ,EAAE,sCAAsC;QAChD,SAAS,EAAE,uCAAuC;QAClD,QAAQ,EAAE,sCAAsC;QAChD,UAAU,EAAE,yCAAyC;QACrD,WAAW,EAAE,0CAA0C;KACxD;IACD,oBAAoB,EAAE;QACpB,QAAQ,EAAE,iDAAiD;QAC3D,0BAA0B,EAAE,mEAAmE;KAChG;IACD,MAAM,EAAE;QACN,YAAY,EAAE,wDAAwD;QACtE,UAAU,EAAE,sDAAsD;QAClE,SAAS,EAAE,qDAAqD;QAChE,MAAM,EAAE,kDAAkD;QAC1D,WAAW,EAAE,uDAAuD;QACpE,QAAQ,EAAE,oDAAoD;QAC9D,0BAA0B,EAAE,sEAAsE;QAClG,eAAe,EAAE,2DAA2D;KAC7E;IACD,UAAU,EAAE;QACV,qCAAqC;QACrC,OAAO,EAAE,4CAA4C;QACrD,SAAS,EAAE,8CAA8C;QACzD,SAAS,EAAE,8CAA8C;QACzD,eAAe,EAAE,oDAAoD;QACrE,4BAA4B;QAC5B,UAAU,EAAE,gDAAgD;QAC5D,sBAAsB,EAAE,2DAA2D;QACnF,mBAAmB,EAAE,wDAAwD;QAC7E,cAAc,EAAE,mDAAmD;QACnE,cAAc,EAAE,mDAAmD;QACnE,SAAS,EAAE,8CAA8C;QACzD,cAAc,EAAE,mDAAmD;QACnE,aAAa,EAAE,kDAAkD;QACjE,kBAAkB,EAAE,uDAAuD;QAC3E,aAAa,EAAE,kDAAkD;QACjE,kBAAkB,EAAE,uDAAuD;QAC3E,wBAAwB,EAAE,6DAA6D;QACvF,qBAAqB,EAAE,0DAA0D;QACjF,oBAAoB,EAAE,yDAAyD;QAC/E,qBAAqB,EAAE,0DAA0D;QACjF,gBAAgB,EAAE,qDAAqD;QACvE,kBAAkB,EAAE,uDAAuD;QAC3E,gBAAgB,EAAE,qDAAqD;QACvE,kBAAkB,EAAE,uDAAuD;KAC5E;CACF,CAAC;AAuIO,8BAAS;AArIlB,IAAM,IAAI,GAAG;IACX,OAAO,EAAE;QACP,WAAW,EAAE,eAAe;QAC5B,2BAA2B,EAAE,+BAA+B;QAC5D,oBAAoB,EAAE,wBAAwB;QAC9C,WAAW,EAAE,eAAe;QAC5B,QAAQ,EAAE,YAAY;QACtB,cAAc,EAAE,kBAAkB;QAClC,kBAAkB,EAAE,sBAAsB;QAC1C,mBAAmB,EAAE,uBAAuB;QAC5C,sBAAsB,EAAE,0BAA0B;QAClD,WAAW,EAAE,eAAe;QAC5B,QAAQ,EAAE,YAAY;QACtB,EAAE,EAAE,MAAM;QACV,MAAM,EAAE,UAAU;QAClB,YAAY,EAAE,gBAAgB;QAC9B,YAAY,EAAE,gBAAgB;QAC9B,MAAM,EAAE,UAAU;QAClB,YAAY,EAAE,gBAAgB;QAC9B,eAAe,EAAE,mBAAmB;QACpC,YAAY,EAAE,gBAAgB;QAC9B,gBAAgB,EAAE,oBAAoB;QACtC,mCAAmC,EAAE,uCAAuC;QAC5E,UAAU,EAAE,cAAc;KAC3B;IACD,MAAM,EAAE;QACN,YAAY,EAAE,cAAc;QAC5B,aAAa,EAAE,eAAe;QAC9B,aAAa,EAAE,UAAU;QACzB,cAAc,EAAE,gBAAgB;KACjC;CACF,CAAC;AAsGkB,oBAAI;AApGxB,IAAM,qBAAqB,GAAG;IAC5B,YAAY,EAAE;QACZ,iBAAiB,EAAE,mBAAmB;QACtC,iBAAiB,EAAE,mBAAmB;KACvC;CACF,CAAC;AA+F4D,sDAAqB;AA7FnF,IAAM,UAAU,GAAG;IACjB,SAAS,EAAE;QACT,QAAQ,EAAE,4CAA4C;QACtD,UAAU,EAAE,mDAAmD;QAC/D,UAAU,EAAE,mDAAmD;QAC/D,oEAAoE;QACpE,mEAAmE;QACnE,2DAA2D;QAC3D,oEAAoE;QACpE,6DAA6D;QAC7D,eAAe,EAAE,wDAAwD;KAC1E;IACD,UAAU,EAAE;QACV,IAAI,EAAE;YACJ,OAAO,EAAE,6CAA6C;YACtD,OAAO,EAAE,6CAA6C;YACtD,OAAO,EAAE,gDAAgD;YACzD,WAAW,EAAE,4CAA4C;SAC1D;QACD,GAAG,EAAE;YACH,cAAc,EAAE,iDAAiD;YACjE,OAAO,EAAE,0CAA0C;SACpD;KACF;IACD,MAAM,EAAE;QACN,4CAA4C,EAAE,wCAAwC;QACtF,mDAAmD,EAAE,yCAAyC;QAC9F,mDAAmD,EAAE,yCAAyC,EAAE,6DAA6D;QAC7J,kEAAkE;QAClE,8CAA8C;QAC9C,wDAAwD,EAAE,yCAAyC;KACpG;CACF,CAAC;AA6DwB,gCAAU;AA3DpC,IAAY,UAKX;AALD,WAAY,UAAU;IACpB,yCAA2B,CAAA;IAC3B,2CAA6B,CAAA;IAC7B,6CAA+B,CAAA;IAC/B,+CAAiC,CAAA;AACnC,CAAC,EALW,UAAU,0BAAV,UAAU,QAKrB;AAED,IAAM,OAAO,GAAG;IACd,SAAS,EAAE;QACT,WAAW,EAAE,aAAa;QAC1B,YAAY,EAAE,cAAc;QAC5B,aAAa,EAAE,eAAe;QAC9B,cAAc,EAAE,gBAAgB;QAChC,MAAM,EAAE,QAAQ;QAChB,SAAS,EAAE,WAAW;QACtB,UAAU,EAAE,YAAY;KACzB;IACD,OAAO,EAAE;QACP,QAAQ,EAAE,UAAU;QACpB,IAAI,EAAE,MAAM;QACZ,UAAU,EAAE,YAAY;QACxB,QAAQ,EAAE,UAAU;KACrB;IACD,OAAO,EAAE;QACP,OAAO,EAAE,SAAS;QAClB,OAAO,EAAE,YAAY;KACtB;IACD,QAAQ,EAAE;QACR,EAAE,EAAE,aAAa;QACjB,GAAG,EAAE,cAAc;KACpB;CACF,CAAC;AA4BoC,0BAAO;AA1B7C,uEAAuE;AACvE,kEAAkE;AAClE,EAAE;AACF,oEAAoE;AACpE,sEAAsE;AACtE,mEAAmE;AACnE,EAAE;AACF,wEAAwE;AACxE,2EAA2E;AAC3E,sEAAsE;AACtE,IAAM,aAAa,GAAG;IACpB,OAAO,EAAE,CAAC,eAAe,EAAE,cAAc,EAAE,qBAAqB,EAAE,0BAA0B,CAAC;IAC7F,QAAQ,EAAE,CAAC,eAAe,EAAE,cAAc,EAAE,qBAAqB,EAAE,0BAA0B,CAAC;IAC9F,UAAU,EAAE,CAAC,eAAe,EAAE,qBAAqB,EAAE,cAAc,EAAE,0BAA0B,EAAE,2BAA2B,CAAC;IAC7H,GAAG,EAAE;QACH,sEAAsE;QACtE,uEAAuE;QACvE,0DAA0D;QAC1D,OAAO,EAAE,CAAC,eAAe,EAAE,cAAc,EAAE,qBAAqB,EAAE,qBAAqB,CAAC;QACxF,+DAA+D;QAC/D,QAAQ,EAAE,CAAC,eAAe,EAAE,cAAc,EAAE,qBAAqB,EAAE,qBAAqB,CAAC;QACzF,4DAA4D;QAC5D,UAAU,EAAE,CAAC,eAAe,EAAE,qBAAqB,EAAE,cAAc,EAAE,qBAAqB,CAAC;KAC5F;CACF,CAAC;AAE6C,sCAAa"}
|