samlify 2.9.0 → 2.10.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/build/index.js +17 -7
- package/build/index.js.map +1 -1
- package/build/src/api.js +3 -4
- package/build/src/api.js.map +1 -1
- package/build/src/binding-post.js +25 -15
- package/build/src/binding-post.js.map +1 -1
- package/build/src/binding-redirect.js +17 -7
- package/build/src/binding-redirect.js.map +1 -1
- package/build/src/binding-simplesign.js +24 -14
- package/build/src/binding-simplesign.js.map +1 -1
- package/build/src/entity-idp.js +4 -4
- package/build/src/entity-idp.js.map +1 -1
- package/build/src/entity-sp.js +2 -2
- package/build/src/entity-sp.js.map +1 -1
- package/build/src/entity.js +17 -7
- package/build/src/entity.js.map +1 -1
- package/build/src/extractor.js +2 -2
- package/build/src/extractor.js.map +1 -1
- package/build/src/flow.js +4 -5
- package/build/src/flow.js.map +1 -1
- package/build/src/libsaml.js +162 -83
- package/build/src/libsaml.js.map +1 -1
- package/build/src/metadata-idp.js +9 -9
- package/build/src/metadata-idp.js.map +1 -1
- package/build/src/metadata-sp.js +9 -9
- package/build/src/metadata-sp.js.map +1 -1
- package/build/src/metadata.js +17 -7
- package/build/src/metadata.js.map +1 -1
- package/build/src/urn.js +4 -4
- package/build/src/urn.js.map +1 -1
- package/build/src/utility.js +12 -13
- package/build/src/utility.js.map +1 -1
- package/build/src/validator.js +1 -2
- package/build/src/validator.js.map +1 -1
- package/package.json +2 -2
- package/src/libsaml.ts +82 -47
- package/types/src/binding-post.d.ts +1 -1
- package/types/src/binding-simplesign.d.ts +1 -1
- package/types/src/entity.d.ts +1 -2
- package/types/src/extractor.d.ts +1 -1
- package/types/src/libsaml.d.ts +15 -11
- package/types/src/metadata.d.ts +0 -1
- package/types/src/types.d.ts +7 -8
- package/types/src/utility.d.ts +1 -2
- package/types/src/validator.d.ts +1 -1
package/build/src/metadata-sp.js
CHANGED
|
@@ -30,6 +30,7 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
|
30
30
|
};
|
|
31
31
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
32
32
|
exports.SpMetadata = void 0;
|
|
33
|
+
exports.default = default_1;
|
|
33
34
|
/**
|
|
34
35
|
* @file metadata-sp.ts
|
|
35
36
|
* @author tngan
|
|
@@ -46,22 +47,21 @@ var xml_1 = __importDefault(require("xml"));
|
|
|
46
47
|
function default_1(meta) {
|
|
47
48
|
return new SpMetadata(meta);
|
|
48
49
|
}
|
|
49
|
-
exports.default = default_1;
|
|
50
50
|
/**
|
|
51
51
|
* @desc SP Metadata is for creating Service Provider, provides a set of API to manage the actions in SP.
|
|
52
52
|
*/
|
|
53
53
|
var SpMetadata = /** @class */ (function (_super) {
|
|
54
|
-
var e_1, _a, e_2, _b;
|
|
55
54
|
__extends(SpMetadata, _super);
|
|
56
55
|
/**
|
|
57
56
|
* @param {object/string} meta (either xml string or configuration in object)
|
|
58
57
|
* @return {object} prototypes including public functions
|
|
59
58
|
*/
|
|
60
59
|
function SpMetadata(meta) {
|
|
60
|
+
var e_1, _a, e_2, _b;
|
|
61
61
|
var isFile = (0, utility_1.isString)(meta) || meta instanceof Buffer;
|
|
62
62
|
// use object configuration instead of importing metadata file directly
|
|
63
63
|
if (!isFile) {
|
|
64
|
-
var
|
|
64
|
+
var _c = meta, _d = _c.elementsOrder, elementsOrder = _d === void 0 ? urn_1.elementsOrder.default : _d, entityID = _c.entityID, signingCert = _c.signingCert, encryptCert = _c.encryptCert, _e = _c.authnRequestsSigned, authnRequestsSigned = _e === void 0 ? false : _e, _f = _c.wantAssertionsSigned, wantAssertionsSigned = _f === void 0 ? false : _f, _g = _c.wantMessageSigned, wantMessageSigned = _g === void 0 ? false : _g, signatureConfig = _c.signatureConfig, _h = _c.nameIDFormat, nameIDFormat = _h === void 0 ? [] : _h, _j = _c.singleLogoutService, singleLogoutService = _j === void 0 ? [] : _j, _k = _c.assertionConsumerService, assertionConsumerService = _k === void 0 ? [] : _k;
|
|
65
65
|
var descriptors_1 = {
|
|
66
66
|
KeyDescriptor: [],
|
|
67
67
|
NameIDFormat: [],
|
|
@@ -80,28 +80,28 @@ var SpMetadata = /** @class */ (function (_super) {
|
|
|
80
80
|
console.warn('Construct service provider - missing signatureConfig');
|
|
81
81
|
}
|
|
82
82
|
try {
|
|
83
|
-
for (var
|
|
84
|
-
var cert =
|
|
83
|
+
for (var _l = __values((0, utility_1.castArrayOpt)(signingCert)), _m = _l.next(); !_m.done; _m = _l.next()) {
|
|
84
|
+
var cert = _m.value;
|
|
85
85
|
descriptors_1.KeyDescriptor.push(libsaml_1.default.createKeySection('signing', cert).KeyDescriptor);
|
|
86
86
|
}
|
|
87
87
|
}
|
|
88
88
|
catch (e_1_1) { e_1 = { error: e_1_1 }; }
|
|
89
89
|
finally {
|
|
90
90
|
try {
|
|
91
|
-
if (
|
|
91
|
+
if (_m && !_m.done && (_a = _l.return)) _a.call(_l);
|
|
92
92
|
}
|
|
93
93
|
finally { if (e_1) throw e_1.error; }
|
|
94
94
|
}
|
|
95
95
|
try {
|
|
96
|
-
for (var
|
|
97
|
-
var cert =
|
|
96
|
+
for (var _o = __values((0, utility_1.castArrayOpt)(encryptCert)), _p = _o.next(); !_p.done; _p = _o.next()) {
|
|
97
|
+
var cert = _p.value;
|
|
98
98
|
descriptors_1.KeyDescriptor.push(libsaml_1.default.createKeySection('encryption', cert).KeyDescriptor);
|
|
99
99
|
}
|
|
100
100
|
}
|
|
101
101
|
catch (e_2_1) { e_2 = { error: e_2_1 }; }
|
|
102
102
|
finally {
|
|
103
103
|
try {
|
|
104
|
-
if (
|
|
104
|
+
if (_p && !_p.done && (_b = _o.return)) _b.call(_o);
|
|
105
105
|
}
|
|
106
106
|
finally { if (e_2) throw e_2.error; }
|
|
107
107
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"metadata-sp.js","sourceRoot":"","sources":["../../src/metadata-sp.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
|
|
1
|
+
{"version":3,"file":"metadata-sp.js","sourceRoot":"","sources":["../../src/metadata-sp.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA4BA,4BAEC;AA9BD;;;;EAIE;AACF,wDAAyD;AAEzD,6BAA0D;AAC1D,sDAAgC;AAChC,qCAAoE;AACpE,4CAAsB;AAetB;;GAEG;AACH,mBAAwB,IAA2B;IACjD,OAAO,IAAI,UAAU,CAAC,IAAI,CAAC,CAAC;AAC9B,CAAC;AAED;;EAEE;AACF;IAAgC,8BAAQ;IAEtC;;;MAGE;IACF,oBAAY,IAA2B;;QAErC,IAAM,MAAM,GAAG,IAAA,kBAAQ,EAAC,IAAI,CAAC,IAAI,IAAI,YAAY,MAAM,CAAC;QAExD,uEAAuE;QACvE,IAAI,CAAC,MAAM,EAAE,CAAC;YAEN,IAAA,KAYF,IAAyB,EAX3B,qBAA6B,EAA7B,aAAa,mBAAG,mBAAK,CAAC,OAAO,KAAA,EAC7B,QAAQ,cAAA,EACR,WAAW,iBAAA,EACX,WAAW,iBAAA,EACX,2BAA2B,EAA3B,mBAAmB,mBAAG,KAAK,KAAA,EAC3B,4BAA4B,EAA5B,oBAAoB,mBAAG,KAAK,KAAA,EAC5B,yBAAyB,EAAzB,iBAAiB,mBAAG,KAAK,KAAA,EACzB,eAAe,qBAAA,EACf,oBAAiB,EAAjB,YAAY,mBAAG,EAAE,KAAA,EACjB,2BAAwB,EAAxB,mBAAmB,mBAAG,EAAE,KAAA,EACxB,gCAA6B,EAA7B,wBAAwB,mBAAG,EAAE,KACF,CAAC;YAE9B,IAAM,aAAW,GAAgB;gBAC/B,aAAa,EAAE,EAAE;gBACjB,YAAY,EAAE,EAAE;gBAChB,mBAAmB,EAAE,EAAE;gBACvB,wBAAwB,EAAE,EAAE;gBAC5B,yBAAyB,EAAE,EAAE;aAC9B,CAAC;YAEF,IAAM,iBAAe,GAAU,CAAC;oBAC9B,KAAK,EAAE;wBACL,mBAAmB,EAAE,MAAM,CAAC,mBAAmB,CAAC;wBAChD,oBAAoB,EAAE,MAAM,CAAC,oBAAoB,CAAC;wBAClD,0BAA0B,EAAE,eAAS,CAAC,KAAK,CAAC,QAAQ;qBACrD;iBACF,CAAC,CAAC;YAEH,IAAI,iBAAiB,IAAI,eAAe,KAAK,SAAS,EAAE,CAAC;gBACvD,OAAO,CAAC,IAAI,CAAC,sDAAsD,CAAC,CAAC;YACvE,CAAC;;gBAED,KAAkB,IAAA,KAAA,SAAA,IAAA,sBAAY,EAAC,WAAW,CAAC,CAAA,gBAAA,4BAAE,CAAC;oBAA1C,IAAM,IAAI,WAAA;oBACZ,aAAW,CAAC,aAAc,CAAC,IAAI,CAAC,iBAAO,CAAC,gBAAgB,CAAC,SAAS,EAAE,IAAI,CAAC,CAAC,aAAa,CAAC,CAAC;gBAC3F,CAAC;;;;;;;;;;gBAED,KAAkB,IAAA,KAAA,SAAA,IAAA,sBAAY,EAAC,WAAW,CAAC,CAAA,gBAAA,4BAAE,CAAC;oBAA1C,IAAM,IAAI,WAAA;oBACZ,aAAW,CAAC,aAAc,CAAC,IAAI,CAAC,iBAAO,CAAC,gBAAgB,CAAC,YAAY,EAAE,IAAI,CAAC,CAAC,aAAa,CAAC,CAAC;gBAC9F,CAAC;;;;;;;;;YAED,IAAI,IAAA,yBAAe,EAAC,YAAY,CAAC,EAAE,CAAC;gBAClC,YAAY,CAAC,OAAO,CAAC,UAAA,CAAC,IAAI,OAAA,aAAW,CAAC,YAAa,CAAC,IAAI,CAAC,CAAC,CAAC,EAAjC,CAAiC,CAAC,CAAC;YAC/D,CAAC;iBAAM,CAAC;gBACN,gBAAgB;gBAChB,aAAW,CAAC,YAAa,CAAC,IAAI,CAAC,eAAS,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;YAChE,CAAC;YAED,IAAI,IAAA,yBAAe,EAAC,mBAAmB,CAAC,EAAE,CAAC;gBACzC,mBAAmB,CAAC,OAAO,CAAC,UAAA,CAAC;oBAC3B,IAAM,IAAI,GAAQ;wBAChB,OAAO,EAAE,CAAC,CAAC,OAAO;wBAClB,QAAQ,EAAE,CAAC,CAAC,QAAQ;qBACrB,CAAC;oBACF,IAAI,CAAC,CAAC,SAAS,EAAE,CAAC;wBAChB,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC;oBACxB,CAAC;oBACD,aAAW,CAAC,mBAAoB,CAAC,IAAI,CAAC,CAAC,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;gBAC3D,CAAC,CAAC,CAAC;YACL,CAAC;YAED,IAAI,IAAA,yBAAe,EAAC,wBAAwB,CAAC,EAAE,CAAC;gBAC9C,IAAI,YAAU,GAAG,CAAC,CAAC;gBACnB,wBAAwB,CAAC,OAAO,CAAC,UAAA,CAAC;oBAChC,IAAM,IAAI,GAAQ;wBAChB,KAAK,EAAE,MAAM,CAAC,YAAU,EAAE,CAAC;wBAC3B,OAAO,EAAE,CAAC,CAAC,OAAO;wBAClB,QAAQ,EAAE,CAAC,CAAC,QAAQ;qBACrB,CAAC;oBACF,IAAI,CAAC,CAAC,SAAS,EAAE,CAAC;wBAChB,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC;oBACxB,CAAC;oBACD,aAAW,CAAC,wBAAyB,CAAC,IAAI,CAAC,CAAC,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;gBAChE,CAAC,CAAC,CAAC;YACL,CAAC;iBAAM,CAAC;gBACN,gEAAgE;YAClE,CAAC;YAED,uBAAuB;YACvB,IAAM,eAAe,GAAG,aAAa,CAAC,MAAM,CAAC,UAAA,IAAI,IAAI,OAAA,IAAA,yBAAe,EAAC,aAAW,CAAC,IAAI,CAAC,CAAC,EAAlC,CAAkC,CAAC,CAAC;YACzF,eAAe,CAAC,OAAO,CAAC,UAAA,IAAI;gBAC1B,aAAW,CAAC,IAAI,CAAC,CAAC,OAAO,CAAC,UAAA,CAAC;;oBAAI,OAAA,iBAAe,CAAC,IAAI,WAAG,GAAC,IAAI,IAAG,CAAC,MAAG;gBAAnC,CAAmC,CAAC,CAAC;YACtE,CAAC,CAAC,CAAC;YAEH,0FAA0F;YAC1F,IAAI,GAAG,IAAA,aAAG,EAAC,CAAC;oBACV,gBAAgB,EAAE,CAAC;4BACjB,KAAK,EAAE;gCACL,QAAQ,UAAA;gCACR,OAAO,EAAE,eAAS,CAAC,KAAK,CAAC,QAAQ;gCACjC,iBAAiB,EAAE,eAAS,CAAC,KAAK,CAAC,SAAS;gCAC5C,UAAU,EAAE,oCAAoC;6BACjD;yBACF,EAAE,EAAE,eAAe,mBAAA,EAAE,CAAC;iBACxB,CAAC,CAAC,CAAC;QAEN,CAAC;QAED,iDAAiD;QACjD,OAAA,MAAK,YAAC,IAAuB,EAAE;YAC7B;gBACE,GAAG,EAAE,iBAAiB;gBACtB,SAAS,EAAE,CAAC,kBAAkB,EAAE,iBAAiB,CAAC;gBAClD,UAAU,EAAE,CAAC,sBAAsB,EAAE,qBAAqB,CAAC;aAC5D;YACD;gBACE,GAAG,EAAE,0BAA0B;gBAC/B,SAAS,EAAE,CAAC,kBAAkB,EAAE,iBAAiB,EAAE,0BAA0B,CAAC;gBAC9E,UAAU,EAAE,CAAC,SAAS,EAAE,UAAU,EAAE,WAAW,EAAE,OAAO,CAAC;aAC1D;SACF,CAAC,SAAC;IAEL,CAAC;IAED;;;MAGE;IACK,2CAAsB,GAA7B;QACE,OAAO,IAAI,CAAC,IAAI,CAAC,eAAe,CAAC,oBAAoB,KAAK,MAAM,CAAC;IACnE,CAAC;IACD;;;MAGE;IACK,yCAAoB,GAA3B;QACE,OAAO,IAAI,CAAC,IAAI,CAAC,eAAe,CAAC,mBAAmB,KAAK,MAAM,CAAC;IAClE,CAAC;IACD;;;;MAIE;IACK,gDAA2B,GAAlC,UAAmC,OAAe;QAChD,IAAI,IAAA,kBAAQ,EAAC,OAAO,CAAC,EAAE,CAAC;YACtB,IAAI,UAAQ,CAAC;YACb,IAAM,UAAQ,GAAG,eAAS,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;YAC5C,IAAI,IAAA,yBAAe,EAAC,IAAI,CAAC,IAAI,CAAC,wBAAwB,CAAC,EAAE,CAAC;gBACxD,IAAI,CAAC,IAAI,CAAC,wBAAwB,CAAC,OAAO,CAAC,UAAA,GAAG;oBAC5C,IAAI,GAAG,CAAC,OAAO,KAAK,UAAQ,EAAE,CAAC;wBAC7B,UAAQ,GAAG,GAAG,CAAC,QAAQ,CAAC;wBACxB,OAAO;oBACT,CAAC;gBACH,CAAC,CAAC,CAAC;YACL,CAAC;iBAAM,CAAC;gBACN,IAAI,IAAI,CAAC,IAAI,CAAC,wBAAwB,CAAC,OAAO,KAAK,UAAQ,EAAE,CAAC;oBAC5D,UAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,wBAAwB,CAAC,QAAQ,CAAC;gBACzD,CAAC;YACH,CAAC;YACD,OAAO,UAAQ,CAAC;QAClB,CAAC;QACD,OAAO,IAAI,CAAC,IAAI,CAAC,wBAAwB,CAAC;IAC5C,CAAC;IACH,iBAAC;AAAD,CAAC,AAvKD,CAAgC,kBAAQ,GAuKvC;AAvKY,gCAAU"}
|
package/build/src/metadata.js
CHANGED
|
@@ -15,13 +15,23 @@ var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (
|
|
|
15
15
|
}) : function(o, v) {
|
|
16
16
|
o["default"] = v;
|
|
17
17
|
});
|
|
18
|
-
var __importStar = (this && this.__importStar) || function (
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
};
|
|
18
|
+
var __importStar = (this && this.__importStar) || (function () {
|
|
19
|
+
var ownKeys = function(o) {
|
|
20
|
+
ownKeys = Object.getOwnPropertyNames || function (o) {
|
|
21
|
+
var ar = [];
|
|
22
|
+
for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
|
|
23
|
+
return ar;
|
|
24
|
+
};
|
|
25
|
+
return ownKeys(o);
|
|
26
|
+
};
|
|
27
|
+
return function (mod) {
|
|
28
|
+
if (mod && mod.__esModule) return mod;
|
|
29
|
+
var result = {};
|
|
30
|
+
if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
|
|
31
|
+
__setModuleDefault(result, mod);
|
|
32
|
+
return result;
|
|
33
|
+
};
|
|
34
|
+
})();
|
|
25
35
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
26
36
|
/**
|
|
27
37
|
* @file metadata.ts
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"metadata.js","sourceRoot":"","sources":["../../src/metadata.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"metadata.js","sourceRoot":"","sources":["../../src/metadata.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;;;;EAIE;AACF,qCAAyB;AACzB,6BAAkC;AAClC,yCAAsC;AACtC,qCAAqC;AAarC;IAKE;;;MAGE;IACF,kBAAY,GAAoB,EAAE,UAAoB;QAApB,2BAAA,EAAA,eAAoB;QACpD,IAAI,CAAC,SAAS,GAAG,GAAG,CAAC,QAAQ,EAAE,CAAC;QAChC,IAAI,CAAC,IAAI,GAAG,IAAA,mBAAO,EAAC,IAAI,CAAC,SAAS,EAAE,UAAU,CAAC,MAAM,CAAC;YACpD;gBACE,GAAG,EAAE,kBAAkB;gBACvB,SAAS,EAAE,CAAC,kBAAkB,CAAC;gBAC/B,UAAU,EAAE,EAAE;gBACd,OAAO,EAAE,IAAI;aACd;YACD;gBACE,GAAG,EAAE,UAAU;gBACf,SAAS,EAAE,CAAC,kBAAkB,CAAC;gBAC/B,UAAU,EAAE,CAAC,UAAU,CAAC;aACzB;YACD;gBACE,qDAAqD;gBACrD,GAAG,EAAE,mBAAmB;gBACxB,SAAS,EAAE,CAAC,kBAAkB,EAAE,gBAAgB,EAAE,eAAe,EAAE,SAAS,EAAE,UAAU,EAAE,iBAAiB,CAAC;gBAC5G,UAAU,EAAE,EAAE;aACf;YACD;gBACE,8DAA8D;gBAC9D,GAAG,EAAE,aAAa;gBAClB,SAAS,EAAE,CAAC,kBAAkB,EAAE,gBAAgB,EAAE,eAAe,CAAC;gBAClE,KAAK,EAAE,CAAC,KAAK,CAAC;gBACd,aAAa,EAAE,CAAC,SAAS,EAAE,UAAU,EAAE,iBAAiB,CAAC;gBACzD,UAAU,EAAE,EAAE;aACf;YACD;gBACE,GAAG,EAAE,qBAAqB;gBAC1B,SAAS,EAAE,CAAC,kBAAkB,EAAE,gBAAgB,EAAE,qBAAqB,CAAC;gBACxE,UAAU,EAAE,CAAC,SAAS,EAAE,UAAU,CAAC;aACpC;YACD;gBACE,GAAG,EAAE,cAAc;gBACnB,SAAS,EAAE,CAAC,kBAAkB,EAAE,gBAAgB,EAAE,cAAc,CAAC;gBACjE,UAAU,EAAE,EAAE;aACf;SACF,CAAC,CAAC,CAAC;QAEJ,yBAAyB;QACzB,IAAM,iBAAiB,GAAG,IAAI,CAAC,IAAI,CAAC,iBAAiB,CAAC;QACtD,IAAI,OAAO,iBAAiB,KAAK,QAAQ,EAAE,CAAC;YAC1C,IAAI,CAAC,IAAI,CAAC,WAAW,GAAG;gBACtB,OAAO,EAAE,iBAAiB;gBAC1B,UAAU,EAAE,iBAAiB;aAC9B,CAAC;YACF,OAAO,IAAI,CAAC,IAAI,CAAC,iBAAiB,CAAC;QACrC,CAAC;QAED,IACE,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,gBAAgB,CAAC;YACzC,IAAI,CAAC,IAAI,CAAC,gBAAgB,CAAC,MAAM,GAAG,CAAC,EACrC,CAAC;YACD,MAAM,IAAI,KAAK,CAAC,wCAAwC,CAAC,CAAC;QAC5D,CAAC;IAEH,CAAC;IAED;;;MAGE;IACK,8BAAW,GAAlB;QACE,OAAO,IAAI,CAAC,SAAS,CAAC;IACxB,CAAC;IAED;;;MAGE;IACK,iCAAc,GAArB,UAAsB,UAAkB;QACtC,EAAE,CAAC,aAAa,CAAC,UAAU,EAAE,IAAI,CAAC,SAAS,CAAC,CAAC;IAC/C,CAAC;IAED;;;MAGE;IACK,8BAAW,GAAlB;QACE,OAAO,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC;IAC5B,CAAC;IAED;;;;MAIE;IACK,qCAAkB,GAAzB,UAA0B,GAAW;QACnC,OAAO,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,IAAI,IAAI,CAAC;IAC5C,CAAC;IAED;;;MAGE;IACK,kCAAe,GAAtB;QACE,OAAO,IAAI,CAAC,IAAI,CAAC,YAAY,CAAC;IAChC,CAAC;IAED;;;;MAIE;IACK,yCAAsB,GAA7B,UAA8B,OAA2B;QACvD,IAAI,OAAO,IAAI,IAAA,kBAAQ,EAAC,OAAO,CAAC,EAAE,CAAC;YACjC,IAAM,UAAQ,GAAG,eAAS,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;YAC5C,IAAI,mBAAmB,GAAG,IAAI,CAAC,IAAI,CAAC,mBAAmB,CAAC;YACxD,IAAI,CAAC,CAAC,mBAAmB,YAAY,KAAK,CAAC,EAAE,CAAC;gBAC5C,mBAAmB,GAAG,CAAC,mBAAmB,CAAC,CAAC;YAC7C,CAAC;YACF,IAAM,OAAO,GAAG,mBAAmB,CAAC,IAAI,CAAC,UAAA,GAAG,IAAI,OAAA,GAAG,CAAC,OAAO,KAAK,UAAQ,EAAxB,CAAwB,CAAC,CAAC;YAC1E,IAAI,OAAO,EAAE,CAAC;gBACZ,OAAO,OAAO,CAAC,QAAQ,CAAC;YAC1B,CAAC;QACH,CAAC;QACD,OAAO,IAAI,CAAC,IAAI,CAAC,mBAAmB,CAAC;IACvC,CAAC;IAED;;;;MAIE;IACK,qCAAkB,GAAzB,UAA0B,QAAkB;QAC1C,IAAI,eAAe,GAAG,EAAE,CAAC;QACzB,IAAI,QAAQ,EAAE,CAAC;YACb,eAAe,GAAG,QAAQ,CAAC,MAAM,CAAC,UAAC,GAAQ,EAAE,OAAO;gBAClD,IAAM,cAAc,GAAG,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC;gBAC/C,OAAO,GAAG,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;YAClC,CAAC,EAAE,EAAE,CAAC,CAAC;QACT,CAAC;QACD,OAAO,eAAe,CAAC;IACzB,CAAC;IACH,eAAC;AAAD,CAAC,AAhJD,IAgJC"}
|
package/build/src/urn.js
CHANGED
|
@@ -12,12 +12,12 @@ var BindingNamespace;
|
|
|
12
12
|
BindingNamespace["Post"] = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST";
|
|
13
13
|
BindingNamespace["SimpleSign"] = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign";
|
|
14
14
|
BindingNamespace["Artifact"] = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact";
|
|
15
|
-
})(BindingNamespace
|
|
15
|
+
})(BindingNamespace || (exports.BindingNamespace = BindingNamespace = {}));
|
|
16
16
|
var MessageSignatureOrder;
|
|
17
17
|
(function (MessageSignatureOrder) {
|
|
18
18
|
MessageSignatureOrder["STE"] = "sign-then-encrypt";
|
|
19
19
|
MessageSignatureOrder["ETS"] = "encrypt-then-sign";
|
|
20
|
-
})(MessageSignatureOrder
|
|
20
|
+
})(MessageSignatureOrder || (exports.MessageSignatureOrder = MessageSignatureOrder = {}));
|
|
21
21
|
var StatusCode;
|
|
22
22
|
(function (StatusCode) {
|
|
23
23
|
// top-tier
|
|
@@ -45,7 +45,7 @@ var StatusCode;
|
|
|
45
45
|
StatusCode["UnknownAttrProfile"] = "urn:oasis:names:tc:SAML:2.0:status:UnknownAttrProfile";
|
|
46
46
|
StatusCode["UnknownPrincipal"] = "urn:oasis:names:tc:SAML:2.0:status:UnknownPrincipal";
|
|
47
47
|
StatusCode["UnsupportedBinding"] = "urn:oasis:names:tc:SAML:2.0:status:UnsupportedBinding";
|
|
48
|
-
})(StatusCode
|
|
48
|
+
})(StatusCode || (exports.StatusCode = StatusCode = {}));
|
|
49
49
|
var namespace = {
|
|
50
50
|
binding: {
|
|
51
51
|
redirect: 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
|
|
@@ -174,7 +174,7 @@ var ParserType;
|
|
|
174
174
|
ParserType["SAMLResponse"] = "SAMLResponse";
|
|
175
175
|
ParserType["LogoutRequest"] = "LogoutRequest";
|
|
176
176
|
ParserType["LogoutResponse"] = "LogoutResponse";
|
|
177
|
-
})(ParserType
|
|
177
|
+
})(ParserType || (exports.ParserType = ParserType = {}));
|
|
178
178
|
var wording = {
|
|
179
179
|
urlParams: {
|
|
180
180
|
samlRequest: 'SAMLRequest',
|
package/build/src/urn.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"urn.js","sourceRoot":"","sources":["../../src/urn.ts"],"names":[],"mappings":";AAAA;;;;EAIE;;;AAEF,IAAY,gBAKX;AALD,WAAY,gBAAgB;IAC1B,mFAA+D,CAAA;IAC/D,2EAAuD,CAAA;IACvD,4FAAwE,CAAA;IACxE,mFAA+D,CAAA;AACjE,CAAC,EALW,gBAAgB,
|
|
1
|
+
{"version":3,"file":"urn.js","sourceRoot":"","sources":["../../src/urn.ts"],"names":[],"mappings":";AAAA;;;;EAIE;;;AAEF,IAAY,gBAKX;AALD,WAAY,gBAAgB;IAC1B,mFAA+D,CAAA;IAC/D,2EAAuD,CAAA;IACvD,4FAAwE,CAAA;IACxE,mFAA+D,CAAA;AACjE,CAAC,EALW,gBAAgB,gCAAhB,gBAAgB,QAK3B;AAED,IAAY,qBAGX;AAHD,WAAY,qBAAqB;IAC/B,kDAAyB,CAAA;IACzB,kDAAyB,CAAA;AAC3B,CAAC,EAHW,qBAAqB,qCAArB,qBAAqB,QAGhC;AAED,IAAY,UA0BX;AA1BD,WAAY,UAAU;IACpB,WAAW;IACX,oEAAsD,CAAA;IACtD,wEAA0D,CAAA;IAC1D,wEAA0D,CAAA;IAC1D,oFAAsE,CAAA;IACtE,0CAA0C;IAC1C,2EAA6D,CAAA;IAC7D,kGAAoF,CAAA;IACpF,4FAA8E,CAAA;IAC9E,kFAAoE,CAAA;IACpE,kFAAoE,CAAA;IACpE,wEAA0D,CAAA;IAC1D,kFAAoE,CAAA;IACpE,gFAAkE,CAAA;IAClE,0FAA4E,CAAA;IAC5E,gFAAkE,CAAA;IAClE,0FAA4E,CAAA;IAC5E,sGAAwF,CAAA;IACxF,gGAAkF,CAAA;IAClF,8FAAgF,CAAA;IAChF,gGAAkF,CAAA;IAClF,sFAAwE,CAAA;IACxE,0FAA4E,CAAA;IAC5E,sFAAwE,CAAA;IACxE,0FAA4E,CAAA;AAC9E,CAAC,EA1BW,UAAU,0BAAV,UAAU,QA0BrB;AAED,IAAM,SAAS,GAAG;IAChB,OAAO,EAAE;QACP,QAAQ,EAAE,oDAAoD;QAC9D,IAAI,EAAE,gDAAgD;QACtD,UAAU,EAAE,2DAA2D;QACvE,QAAQ,EAAE,oDAAoD;KAC/D;IACD,KAAK,EAAE;QACL,QAAQ,EAAE,sCAAsC;QAChD,SAAS,EAAE,uCAAuC;QAClD,QAAQ,EAAE,sCAAsC;QAChD,UAAU,EAAE,yCAAyC;QACrD,WAAW,EAAE,0CAA0C;KACxD;IACD,oBAAoB,EAAE;QACpB,QAAQ,EAAE,iDAAiD;QAC3D,0BAA0B,EAAE,mEAAmE;KAChG;IACD,MAAM,EAAE;QACN,YAAY,EAAE,wDAAwD;QACtE,UAAU,EAAE,sDAAsD;QAClE,SAAS,EAAE,qDAAqD;QAChE,MAAM,EAAE,kDAAkD;QAC1D,WAAW,EAAE,uDAAuD;QACpE,QAAQ,EAAE,oDAAoD;QAC9D,0BAA0B,EAAE,sEAAsE;QAClG,eAAe,EAAE,2DAA2D;KAC7E;IACD,UAAU,EAAE;QACV,qCAAqC;QACrC,OAAO,EAAE,4CAA4C;QACrD,SAAS,EAAE,8CAA8C;QACzD,SAAS,EAAE,8CAA8C;QACzD,eAAe,EAAE,oDAAoD;QACrE,4BAA4B;QAC5B,UAAU,EAAE,gDAAgD;QAC5D,sBAAsB,EAAE,2DAA2D;QACnF,mBAAmB,EAAE,wDAAwD;QAC7E,cAAc,EAAE,mDAAmD;QACnE,cAAc,EAAE,mDAAmD;QACnE,SAAS,EAAE,8CAA8C;QACzD,cAAc,EAAE,mDAAmD;QACnE,aAAa,EAAE,kDAAkD;QACjE,kBAAkB,EAAE,uDAAuD;QAC3E,aAAa,EAAE,kDAAkD;QACjE,kBAAkB,EAAE,uDAAuD;QAC3E,wBAAwB,EAAE,6DAA6D;QACvF,qBAAqB,EAAE,0DAA0D;QACjF,oBAAoB,EAAE,yDAAyD;QAC/E,qBAAqB,EAAE,0DAA0D;QACjF,gBAAgB,EAAE,qDAAqD;QACvE,kBAAkB,EAAE,uDAAuD;QAC3E,gBAAgB,EAAE,qDAAqD;QACvE,kBAAkB,EAAE,uDAAuD;KAC5E;CACF,CAAC;AA4GO,8BAAS;AA1GlB,IAAM,IAAI,GAAG;IACX,OAAO,EAAE;QACP,WAAW,EAAE,eAAe;QAC5B,2BAA2B,EAAE,+BAA+B;QAC5D,oBAAoB,EAAE,wBAAwB;QAC9C,WAAW,EAAE,eAAe;QAC5B,QAAQ,EAAE,YAAY;QACtB,cAAc,EAAE,kBAAkB;QAClC,kBAAkB,EAAE,sBAAsB;QAC1C,mBAAmB,EAAE,uBAAuB;QAC5C,sBAAsB,EAAE,0BAA0B;QAClD,WAAW,EAAE,eAAe;QAC5B,QAAQ,EAAE,YAAY;QACtB,EAAE,EAAE,MAAM;QACV,MAAM,EAAE,UAAU;QAClB,YAAY,EAAE,gBAAgB;QAC9B,YAAY,EAAE,gBAAgB;QAC9B,MAAM,EAAE,UAAU;QAClB,YAAY,EAAE,gBAAgB;QAC9B,eAAe,EAAE,mBAAmB;QACpC,YAAY,EAAE,gBAAgB;QAC9B,gBAAgB,EAAE,oBAAoB;QACtC,mCAAmC,EAAE,uCAAuC;QAC5E,UAAU,EAAE,cAAc;KAC3B;IACD,MAAM,EAAE;QACN,YAAY,EAAE,cAAc;QAC5B,aAAa,EAAE,eAAe;QAC9B,aAAa,EAAE,UAAU;QACzB,cAAc,EAAE,gBAAgB;KACjC;CACF,CAAC;AA2EkB,oBAAI;AAzExB,IAAM,qBAAqB,GAAG;IAC5B,YAAY,EAAE;QACZ,iBAAiB,EAAE,mBAAmB;QACtC,iBAAiB,EAAE,mBAAmB;KACvC;CACF,CAAC;AAoE4D,sDAAqB;AAlEnF,IAAM,UAAU,GAAG;IACjB,SAAS,EAAE;QACT,QAAQ,EAAE,4CAA4C;QACtD,UAAU,EAAE,mDAAmD;QAC/D,UAAU,EAAE,mDAAmD;KAChE;IACD,UAAU,EAAE;QACV,IAAI,EAAE;YACJ,OAAO,EAAE,6CAA6C;YACtD,OAAO,EAAE,6CAA6C;YACtD,OAAO,EAAE,gDAAgD;YACzD,WAAW,EAAE,4CAA4C;SAC1D;QACD,GAAG,EAAE;YACH,cAAc,EAAE,iDAAiD;YACjE,OAAO,EAAE,0CAA0C;SACpD;KACF;IACD,MAAM,EAAE;QACN,4CAA4C,EAAE,wCAAwC;QACtF,mDAAmD,EAAE,yCAAyC;QAC9F,mDAAmD,EAAE,yCAAyC,EAAE,6DAA6D;KAC9J;CACF,CAAC;AA2CwB,gCAAU;AAzCpC,IAAY,UAKX;AALD,WAAY,UAAU;IACpB,yCAA2B,CAAA;IAC3B,2CAA6B,CAAA;IAC7B,6CAA+B,CAAA;IAC/B,+CAAiC,CAAA;AACnC,CAAC,EALW,UAAU,0BAAV,UAAU,QAKrB;AAED,IAAM,OAAO,GAAG;IACd,SAAS,EAAE;QACT,WAAW,EAAE,aAAa;QAC1B,YAAY,EAAE,cAAc;QAC5B,aAAa,EAAE,eAAe;QAC9B,cAAc,EAAE,gBAAgB;QAChC,MAAM,EAAE,QAAQ;QAChB,SAAS,EAAE,WAAW;QACtB,UAAU,EAAE,YAAY;KACzB;IACD,OAAO,EAAE;QACP,QAAQ,EAAE,UAAU;QACpB,IAAI,EAAE,MAAM;QACZ,UAAU,EAAE,YAAY;QACxB,QAAQ,EAAE,UAAU;KACrB;IACD,OAAO,EAAE;QACP,OAAO,EAAE,SAAS;QAClB,OAAO,EAAE,YAAY;KACtB;IACD,QAAQ,EAAE;QACR,EAAE,EAAE,aAAa;QACjB,GAAG,EAAE,cAAc;KACpB;CACF,CAAC;AAUoC,0BAAO;AAR7C,uEAAuE;AACvE,iEAAiE;AACjE,IAAM,aAAa,GAAG;IACpB,OAAO,EAAE,CAAC,eAAe,EAAE,cAAc,EAAE,qBAAqB,EAAE,0BAA0B,CAAC;IAC7F,QAAQ,EAAE,CAAC,eAAe,EAAE,cAAc,EAAE,qBAAqB,EAAE,0BAA0B,CAAC;IAC9F,UAAU,EAAE,CAAC,eAAe,EAAE,qBAAqB,EAAE,cAAc,EAAE,0BAA0B,EAAE,2BAA2B,CAAC;CAC9H,CAAC;AAE6C,sCAAa"}
|
package/build/src/utility.js
CHANGED
|
@@ -25,7 +25,18 @@ var __spreadArray = (this && this.__spreadArray) || function (to, from, pack) {
|
|
|
25
25
|
return to.concat(ar || Array.prototype.slice.call(from));
|
|
26
26
|
};
|
|
27
27
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
28
|
-
exports.
|
|
28
|
+
exports.zipObject = zipObject;
|
|
29
|
+
exports.flattenDeep = flattenDeep;
|
|
30
|
+
exports.last = last;
|
|
31
|
+
exports.uniq = uniq;
|
|
32
|
+
exports.get = get;
|
|
33
|
+
exports.isString = isString;
|
|
34
|
+
exports.base64Decode = base64Decode;
|
|
35
|
+
exports.inflateString = inflateString;
|
|
36
|
+
exports.readPrivateKey = readPrivateKey;
|
|
37
|
+
exports.isNonEmptyArray = isNonEmptyArray;
|
|
38
|
+
exports.castArrayOpt = castArrayOpt;
|
|
39
|
+
exports.notEmpty = notEmpty;
|
|
29
40
|
/**
|
|
30
41
|
* @file utility.ts
|
|
31
42
|
* @author tngan
|
|
@@ -57,7 +68,6 @@ function zipObject(arr1, arr2, skipDuplicated) {
|
|
|
57
68
|
return res;
|
|
58
69
|
}, {});
|
|
59
70
|
}
|
|
60
|
-
exports.zipObject = zipObject;
|
|
61
71
|
/**
|
|
62
72
|
* @desc Alternative to lodash.flattenDeep
|
|
63
73
|
* @reference https://github.com/you-dont-need/You-Dont-Need-Lodash-Underscore#_flattendeep
|
|
@@ -68,7 +78,6 @@ function flattenDeep(input) {
|
|
|
68
78
|
? input.reduce(function (a, b) { return a.concat(flattenDeep(b)); }, [])
|
|
69
79
|
: [input];
|
|
70
80
|
}
|
|
71
|
-
exports.flattenDeep = flattenDeep;
|
|
72
81
|
/**
|
|
73
82
|
* @desc Alternative to lodash.last
|
|
74
83
|
* @reference https://github.com/you-dont-need/You-Dont-Need-Lodash-Underscore#_last
|
|
@@ -77,7 +86,6 @@ exports.flattenDeep = flattenDeep;
|
|
|
77
86
|
function last(input) {
|
|
78
87
|
return input.slice(-1)[0];
|
|
79
88
|
}
|
|
80
|
-
exports.last = last;
|
|
81
89
|
/**
|
|
82
90
|
* @desc Alternative to lodash.uniq
|
|
83
91
|
* @reference https://github.com/you-dont-need/You-Dont-Need-Lodash-Underscore#_uniq
|
|
@@ -87,7 +95,6 @@ function uniq(input) {
|
|
|
87
95
|
var set = new Set(input);
|
|
88
96
|
return __spreadArray([], __read(set), false);
|
|
89
97
|
}
|
|
90
|
-
exports.uniq = uniq;
|
|
91
98
|
/**
|
|
92
99
|
* @desc Alternative to lodash.get
|
|
93
100
|
* @reference https://github.com/you-dont-need/You-Dont-Need-Lodash-Underscore#_get
|
|
@@ -99,7 +106,6 @@ function get(obj, path, defaultValue) {
|
|
|
99
106
|
return path.split('.')
|
|
100
107
|
.reduce(function (a, c) { return (a && a[c] ? a[c] : (defaultValue || null)); }, obj);
|
|
101
108
|
}
|
|
102
|
-
exports.get = get;
|
|
103
109
|
/**
|
|
104
110
|
* @desc Check if the input is string
|
|
105
111
|
* @param {any} input
|
|
@@ -107,7 +113,6 @@ exports.get = get;
|
|
|
107
113
|
function isString(input) {
|
|
108
114
|
return typeof input === 'string';
|
|
109
115
|
}
|
|
110
|
-
exports.isString = isString;
|
|
111
116
|
/**
|
|
112
117
|
* @desc Encode string with base64 format
|
|
113
118
|
* @param {string} message plain-text message
|
|
@@ -126,7 +131,6 @@ function base64Decode(base64Message, isBytes) {
|
|
|
126
131
|
var bytes = Buffer.from(base64Message, BASE64_STR);
|
|
127
132
|
return Boolean(isBytes) ? bytes : bytes.toString();
|
|
128
133
|
}
|
|
129
|
-
exports.base64Decode = base64Decode;
|
|
130
134
|
/**
|
|
131
135
|
* @desc Compress the string
|
|
132
136
|
* @param {string} message
|
|
@@ -148,7 +152,6 @@ function inflateString(compressedString) {
|
|
|
148
152
|
.map(function (byte) { return String.fromCharCode(byte); })
|
|
149
153
|
.join('');
|
|
150
154
|
}
|
|
151
|
-
exports.inflateString = inflateString;
|
|
152
155
|
/**
|
|
153
156
|
* @desc Abstract the normalizeCerString and normalizePemString
|
|
154
157
|
* @param {buffer} File stream or string
|
|
@@ -221,7 +224,6 @@ function getPublicKeyPemFromCertificate(x509Certificate) {
|
|
|
221
224
|
function readPrivateKey(keyString, passphrase, isOutputString) {
|
|
222
225
|
return isString(passphrase) ? this.convertToString(node_forge_1.pki.privateKeyToPem(node_forge_1.pki.decryptRsaPrivateKey(String(keyString), passphrase)), isOutputString) : keyString;
|
|
223
226
|
}
|
|
224
|
-
exports.readPrivateKey = readPrivateKey;
|
|
225
227
|
/**
|
|
226
228
|
* @desc Inline syntax sugar
|
|
227
229
|
*/
|
|
@@ -234,17 +236,14 @@ function convertToString(input, isOutputString) {
|
|
|
234
236
|
function isNonEmptyArray(a) {
|
|
235
237
|
return Array.isArray(a) && a.length > 0;
|
|
236
238
|
}
|
|
237
|
-
exports.isNonEmptyArray = isNonEmptyArray;
|
|
238
239
|
function castArrayOpt(a) {
|
|
239
240
|
if (a === undefined)
|
|
240
241
|
return [];
|
|
241
242
|
return Array.isArray(a) ? a : [a];
|
|
242
243
|
}
|
|
243
|
-
exports.castArrayOpt = castArrayOpt;
|
|
244
244
|
function notEmpty(value) {
|
|
245
245
|
return value !== null && value !== undefined;
|
|
246
246
|
}
|
|
247
|
-
exports.notEmpty = notEmpty;
|
|
248
247
|
var utility = {
|
|
249
248
|
isString: isString,
|
|
250
249
|
base64Encode: base64Encode,
|
package/build/src/utility.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"utility.js","sourceRoot":"","sources":["../../src/utility.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"utility.js","sourceRoot":"","sources":["../../src/utility.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;AAeA,8BAmBC;AAMD,kCAIC;AAMD,oBAEC;AAMD,oBAGC;AAQD,kBAGC;AAKD,4BAEC;AAeD,oCAGC;AAeD,sCAMC;AAqED,wCAEC;AAUD,0CAEC;AAED,oCAGC;AAED,4BAEC;AAlND;;;;EAIE;AACF,yCAA6C;AAC7C,6BAAwC;AAExC,IAAM,UAAU,GAAG,QAAQ,CAAC;AAE5B;;;;GAIG;AACH,SAAgB,SAAS,CAAC,IAAc,EAAE,IAAW,EAAE,cAAqB;IAArB,+BAAA,EAAA,qBAAqB;IAC1E,OAAO,IAAI,CAAC,MAAM,CAAC,UAAC,GAAG,EAAE,CAAC,EAAE,CAAC;QAE3B,IAAI,cAAc,EAAE,CAAC;YACnB,GAAG,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;YACjB,OAAO,GAAG,CAAC;QACb,CAAC;QACD,2EAA2E;QAC3E,IAAI,GAAG,CAAC,CAAC,CAAC,KAAK,SAAS,EAAE,CAAC;YACzB,GAAG,CAAC,CAAC,CAAC,GAAG,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;gBAC5B,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;gBACxB,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC;YAC7B,OAAO,GAAG,CAAC;QACb,CAAC;QAED,GAAG,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;QACjB,OAAO,GAAG,CAAC;IAEb,CAAC,EAAE,EAAE,CAAC,CAAC;AACT,CAAC;AACD;;;;GAIG;AACH,SAAgB,WAAW,CAAC,KAAY;IACtC,OAAO,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC;QAC3B,CAAC,CAAC,KAAK,CAAC,MAAM,CAAE,UAAC,CAAC,EAAE,CAAC,IAAK,OAAA,CAAC,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,EAAxB,CAAwB,EAAG,EAAE,CAAC;QACxD,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC;AACZ,CAAC;AACD;;;;GAIG;AACH,SAAgB,IAAI,CAAC,KAAY;IAC/B,OAAO,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;AAC5B,CAAC;AACD;;;;GAIG;AACH,SAAgB,IAAI,CAAC,KAAe;IAClC,IAAM,GAAG,GAAG,IAAI,GAAG,CAAC,KAAK,CAAC,CAAC;IAC3B,gCAAY,GAAG,UAAE;AACnB,CAAC;AACD;;;;;;GAMG;AACH,SAAgB,GAAG,CAAC,GAAG,EAAE,IAAI,EAAE,YAAY;IACzC,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC;SACrB,MAAM,CAAC,UAAC,CAAC,EAAE,CAAC,IAAK,OAAA,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,YAAY,IAAI,IAAI,CAAC,CAAC,EAA3C,CAA2C,EAAE,GAAG,CAAC,CAAC;AACtE,CAAC;AACD;;;GAGG;AACH,SAAgB,QAAQ,CAAC,KAAU;IACjC,OAAO,OAAO,KAAK,KAAK,QAAQ,CAAC;AACnC,CAAC;AACD;;;;EAIE;AACF,SAAS,YAAY,CAAC,OAA0B;IAC9C,OAAO,MAAM,CAAC,IAAI,CAAC,OAAiB,CAAC,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC;AAC7D,CAAC;AACD;;;;;EAKE;AACF,SAAgB,YAAY,CAAC,aAAqB,EAAE,OAAiB;IACnE,IAAM,KAAK,GAAG,MAAM,CAAC,IAAI,CAAC,aAAa,EAAE,UAAU,CAAC,CAAC;IACrD,OAAO,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,QAAQ,EAAE,CAAC;AACrD,CAAC;AACD;;;;EAIE;AACF,SAAS,aAAa,CAAC,OAAe;IACpC,IAAM,KAAK,GAAG,KAAK,CAAC,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC,OAAO,EAAE,UAAA,IAAI,IAAI,OAAA,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,EAAlB,CAAkB,CAAC,CAAC;IAC5E,OAAO,KAAK,CAAC,IAAI,CAAC,IAAA,cAAO,EAAC,KAAK,EAAE,EAAE,GAAG,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;AACnD,CAAC;AACD;;;;EAIE;AACF,SAAgB,aAAa,CAAC,gBAAwB;IACpD,IAAM,WAAW,GAAG,MAAM,CAAC,IAAI,CAAC,gBAAgB,EAAE,UAAU,CAAC,CAAC;IAC9D,IAAM,KAAK,GAAG,KAAK,CAAC,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,UAAA,IAAI,IAAI,OAAA,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,EAAlB,CAAkB,CAAC,CAAC;IACnG,OAAO,KAAK,CAAC,IAAI,CAAC,IAAA,cAAO,EAAC,KAAK,EAAE,EAAE,GAAG,EAAE,IAAI,EAAE,CAAC,CAAC;SAC7C,GAAG,CAAC,UAAC,IAAY,IAAK,OAAA,MAAM,CAAC,YAAY,CAAC,IAAI,CAAC,EAAzB,CAAyB,CAAC;SAChD,IAAI,CAAC,EAAE,CAAC,CAAC;AACd,CAAC;AACD;;;;;EAKE;AACF,SAAS,mBAAmB,CAAC,GAAoB,EAAE,MAAc;IAC/D,OAAO,GAAG,CAAC,QAAQ,EAAE,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC,OAAO,CAAC,qBAAc,MAAM,UAAO,EAAE,EAAE,CAAC,CAAC,OAAO,CAAC,mBAAY,MAAM,UAAO,EAAE,EAAE,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;AACnL,CAAC;AACD;;;;EAIE;AACF,SAAS,kBAAkB,CAAC,UAA2B;IACrD,OAAO,mBAAmB,CAAC,UAAU,EAAE,aAAa,CAAC,CAAC;AACxD,CAAC;AACD;;;;EAIE;AACF,SAAS,kBAAkB,CAAC,SAA0B;IACpD,OAAO,mBAAmB,CAAC,SAAS,CAAC,QAAQ,EAAE,EAAE,iBAAiB,CAAC,CAAC;AACtE,CAAC;AACD;;;;EAIE;AACF,SAAS,UAAU,CAAC,GAAG;IACrB,OAAO,UAAG,GAAG,CAAC,QAAQ,gBAAM,GAAG,CAAC,GAAG,CAAC,MAAM,CAAC,SAAG,GAAG,CAAC,WAAW,CAAE,CAAC;AAClE,CAAC;AACD;;;;EAIE;AACF,SAAS,WAAW,CAAC,GAAG,EAAE,YAAiB;IAAjB,6BAAA,EAAA,iBAAiB;IACzC,OAAO,GAAG,IAAI,YAAY,CAAC;AAC7B,CAAC;AACD;;;;;EAKE;AACF,SAAS,YAAY,CAAC,IAAI,EAAE,IAAI;IAC9B,OAAO,MAAM,CAAC,MAAM,CAAC,EAAE,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC;AACvC,CAAC;AACD;;;;EAIE;AACF,SAAS,8BAA8B,CAAC,eAAuB;IAC7D,IAAM,YAAY,GAAG,iBAAI,CAAC,QAAQ,CAAC,eAAe,CAAC,CAAC;IACpD,IAAM,GAAG,GAAG,iBAAI,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;IACvC,IAAM,IAAI,GAAG,gBAAG,CAAC,mBAAmB,CAAC,GAAG,CAAC,CAAC;IAC1C,OAAO,gBAAG,CAAC,cAAc,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;AAC5C,CAAC;AACD;;;;;;EAME;AACF,SAAgB,cAAc,CAAC,SAA0B,EAAE,UAA8B,EAAE,cAAwB;IACjH,OAAO,QAAQ,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,eAAe,CAAC,gBAAG,CAAC,eAAe,CAAC,gBAAG,CAAC,oBAAoB,CAAC,MAAM,CAAC,SAAS,CAAC,EAAE,UAAU,CAAC,CAAC,EAAE,cAAc,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;AAC/J,CAAC;AACD;;EAEE;AACF,SAAS,eAAe,CAAC,KAAK,EAAE,cAAc;IAC5C,OAAO,OAAO,CAAC,cAAc,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC;AACzD,CAAC;AACD;;GAEG;AACH,SAAgB,eAAe,CAAC,CAAC;IAC/B,OAAO,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC;AAC1C,CAAC;AAED,SAAgB,YAAY,CAAI,CAAW;IACzC,IAAI,CAAC,KAAK,SAAS;QAAE,OAAO,EAAE,CAAA;IAC9B,OAAO,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAA;AACnC,CAAC;AAED,SAAgB,QAAQ,CAAS,KAAgC;IAC/D,OAAO,KAAK,KAAK,IAAI,IAAI,KAAK,KAAK,SAAS,CAAC;AAC/C,CAAC;AAED,IAAM,OAAO,GAAG;IACd,QAAQ,UAAA;IACR,YAAY,cAAA;IACZ,YAAY,cAAA;IACZ,aAAa,eAAA;IACb,aAAa,eAAA;IACb,kBAAkB,oBAAA;IAClB,kBAAkB,oBAAA;IAClB,UAAU,YAAA;IACV,WAAW,aAAA;IACX,YAAY,cAAA;IACZ,8BAA8B,gCAAA;IAC9B,cAAc,gBAAA;IACd,eAAe,iBAAA;IACf,eAAe,iBAAA;CAChB,CAAC;AAEF,kBAAe,OAAO,CAAC"}
|
package/build/src/validator.js
CHANGED
|
@@ -16,7 +16,7 @@ var __read = (this && this.__read) || function (o, n) {
|
|
|
16
16
|
return ar;
|
|
17
17
|
};
|
|
18
18
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
19
|
-
exports.verifyTime =
|
|
19
|
+
exports.verifyTime = verifyTime;
|
|
20
20
|
function verifyTime(utcNotBefore, utcNotOnOrAfter, drift) {
|
|
21
21
|
if (drift === void 0) { drift = [0, 0]; }
|
|
22
22
|
var now = new Date();
|
|
@@ -41,5 +41,4 @@ function verifyTime(utcNotBefore, utcNotOnOrAfter, drift) {
|
|
|
41
41
|
return (+notBeforeLocal + notBeforeDrift <= +now &&
|
|
42
42
|
+now < +notOnOrAfterLocal + notOnOrAfterDrift);
|
|
43
43
|
}
|
|
44
|
-
exports.verifyTime = verifyTime;
|
|
45
44
|
//# sourceMappingURL=validator.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"validator.js","sourceRoot":"","sources":["../../src/validator.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"validator.js","sourceRoot":"","sources":["../../src/validator.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;AA0CE,gCAAU;AAvCZ,SAAS,UAAU,CACjB,YAAgC,EAChC,eAAmC,EACnC,KAA8B;IAA9B,sBAAA,EAAA,SAAyB,CAAC,EAAE,CAAC,CAAC;IAG9B,IAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;IAEvB,IAAI,CAAC,YAAY,IAAI,CAAC,eAAe,EAAE,CAAC;QACtC,kHAAkH;QAClH,OAAO,CAAC,IAAI,CAAC,2FAA2F,CAAC,CAAC;QAC1G,OAAO,IAAI,CAAC;IACd,CAAC;IAED,IAAI,cAAc,GAAgB,IAAI,CAAC;IACvC,IAAI,iBAAiB,GAAgB,IAAI,CAAC;IAEpC,IAAA,KAAA,OAAsC,KAAK,IAAA,EAA1C,cAAc,QAAA,EAAE,iBAAiB,QAAS,CAAC;IAElD,IAAI,YAAY,IAAI,CAAC,eAAe,EAAE,CAAC;QACrC,cAAc,GAAG,IAAI,IAAI,CAAC,YAAY,CAAC,CAAC;QACxC,OAAO,CAAC,cAAc,GAAG,cAAc,IAAI,CAAC,GAAG,CAAC;IAClD,CAAC;IACD,IAAI,CAAC,YAAY,IAAI,eAAe,EAAE,CAAC;QACrC,iBAAiB,GAAG,IAAI,IAAI,CAAC,eAAe,CAAC,CAAC;QAC9C,OAAO,CAAC,GAAG,GAAG,CAAC,iBAAiB,GAAG,iBAAiB,CAAC;IACvD,CAAC;IAED,cAAc,GAAG,IAAI,IAAI,CAAC,YAAa,CAAC,CAAC;IACzC,iBAAiB,GAAG,IAAI,IAAI,CAAC,eAAgB,CAAC,CAAC;IAE/C,OAAO,CACL,CAAC,cAAc,GAAG,cAAc,IAAI,CAAC,GAAG;QACxC,CAAC,GAAG,GAAG,CAAC,iBAAiB,GAAG,iBAAiB,CAC9C,CAAC;AAEJ,CAAC"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "samlify",
|
|
3
|
-
"version": "2.
|
|
3
|
+
"version": "2.10.0",
|
|
4
4
|
"description": "High-level API for Single Sign On (SAML 2.0)",
|
|
5
5
|
"main": "build/index.js",
|
|
6
6
|
"keywords": [
|
|
@@ -39,7 +39,7 @@
|
|
|
39
39
|
"pako": "^1.0.10",
|
|
40
40
|
"uuid": "^8.3.2",
|
|
41
41
|
"xml": "^1.0.1",
|
|
42
|
-
"xml-crypto": "^
|
|
42
|
+
"xml-crypto": "^6.1.0",
|
|
43
43
|
"xml-escape": "^1.1.0",
|
|
44
44
|
"xpath": "^0.0.32"
|
|
45
45
|
},
|
package/src/libsaml.ts
CHANGED
|
@@ -9,12 +9,14 @@ import { algorithms, wording, namespace } from './urn';
|
|
|
9
9
|
import { select } from 'xpath';
|
|
10
10
|
import { MetadataInterface } from './metadata';
|
|
11
11
|
import nrsa, { SigningSchemeHash } from 'node-rsa';
|
|
12
|
-
import { SignedXml
|
|
12
|
+
import { SignedXml } from 'xml-crypto';
|
|
13
13
|
import * as xmlenc from '@authenio/xml-encryption';
|
|
14
14
|
import { extract } from './extractor';
|
|
15
15
|
import camelCase from 'camelcase';
|
|
16
16
|
import { getContext } from './api';
|
|
17
17
|
import xmlEscape from 'xml-escape';
|
|
18
|
+
import * as fs from 'fs';
|
|
19
|
+
import {DOMParser} from '@xmldom/xmldom';
|
|
18
20
|
|
|
19
21
|
const signatureAlgorithms = algorithms.signature;
|
|
20
22
|
const digestAlgorithms = algorithms.digest;
|
|
@@ -95,6 +97,7 @@ export interface LibSamlInterface {
|
|
|
95
97
|
verifySignature: (xml: string, opts: SignatureVerifierOptions) => [boolean, any];
|
|
96
98
|
createKeySection: (use: KeyUse, cert: string | Buffer) => {};
|
|
97
99
|
constructMessageSignature: (octetString: string, key: string, passphrase?: string, isBase64?: boolean, signingAlgorithm?: string) => string;
|
|
100
|
+
|
|
98
101
|
verifyMessageSignature: (metadata, octetString: string, signature: string | Buffer, verifyAlgorithm?: string) => boolean;
|
|
99
102
|
getKeyInfo: (x509Certificate: string, signatureConfig?: any) => void;
|
|
100
103
|
encryptAssertion: (sourceEntity, targetEntity, entireXML: string) => Promise<string>;
|
|
@@ -204,14 +207,10 @@ const libSaml = () => {
|
|
|
204
207
|
* @private
|
|
205
208
|
* @desc Get the digest algorithms by signature algorithms
|
|
206
209
|
* @param {string} sigAlg signature algorithm
|
|
207
|
-
* @return {string/
|
|
210
|
+
* @return {string/undefined} digest algorithm
|
|
208
211
|
*/
|
|
209
|
-
function getDigestMethod(sigAlg: string): string |
|
|
210
|
-
|
|
211
|
-
if (!(digestAlg === undefined)) {
|
|
212
|
-
return digestAlg;
|
|
213
|
-
}
|
|
214
|
-
return null; // default value
|
|
212
|
+
function getDigestMethod(sigAlg: string): string | undefined {
|
|
213
|
+
return digestAlgorithms[sigAlg];
|
|
215
214
|
}
|
|
216
215
|
/**
|
|
217
216
|
* @public
|
|
@@ -239,10 +238,12 @@ const libSaml = () => {
|
|
|
239
238
|
return prefix + camelContent.charAt(0).toUpperCase() + camelContent.slice(1);
|
|
240
239
|
}
|
|
241
240
|
|
|
242
|
-
function escapeTag(
|
|
243
|
-
return (
|
|
241
|
+
function escapeTag(replacement: unknown): (...args: string[]) => string {
|
|
242
|
+
return (_match: string, quote?: string) => {
|
|
243
|
+
const text: string = (replacement === null || replacement === undefined) ? '' : String(replacement);
|
|
244
|
+
|
|
244
245
|
// not having a quote means this interpolation isn't for an attribute, and so does not need escaping
|
|
245
|
-
return quote ? `${quote}${xmlEscape(text
|
|
246
|
+
return quote ? `${quote}${xmlEscape(text)}` : text;
|
|
246
247
|
}
|
|
247
248
|
}
|
|
248
249
|
|
|
@@ -263,7 +264,7 @@ const libSaml = () => {
|
|
|
263
264
|
* @param {array} tagValues tag values
|
|
264
265
|
* @return {string}
|
|
265
266
|
*/
|
|
266
|
-
replaceTagsByValue(rawXML: string, tagValues:
|
|
267
|
+
replaceTagsByValue(rawXML: string, tagValues: Record<string, unknown>): string {
|
|
267
268
|
Object.keys(tagValues).forEach(t => {
|
|
268
269
|
rawXML = rawXML.replace(
|
|
269
270
|
new RegExp(`("?)\\{${t}\\}`, 'g'),
|
|
@@ -328,28 +329,28 @@ const libSaml = () => {
|
|
|
328
329
|
} = opts;
|
|
329
330
|
const sig = new SignedXml();
|
|
330
331
|
// Add assertion sections as reference
|
|
332
|
+
const digestAlgorithm = getDigestMethod(signatureAlgorithm);
|
|
331
333
|
if (referenceTagXPath) {
|
|
332
|
-
sig.addReference(
|
|
333
|
-
referenceTagXPath,
|
|
334
|
-
transformationAlgorithms,
|
|
335
|
-
|
|
336
|
-
);
|
|
334
|
+
sig.addReference({
|
|
335
|
+
xpath: referenceTagXPath,
|
|
336
|
+
transforms: transformationAlgorithms,
|
|
337
|
+
digestAlgorithm: digestAlgorithm
|
|
338
|
+
});
|
|
337
339
|
}
|
|
338
340
|
if (isMessageSigned) {
|
|
339
|
-
sig.addReference(
|
|
341
|
+
sig.addReference({
|
|
340
342
|
// reference to the root node
|
|
341
|
-
'/*',
|
|
342
|
-
transformationAlgorithms,
|
|
343
|
-
|
|
344
|
-
|
|
345
|
-
'',
|
|
346
|
-
'',
|
|
347
|
-
false,
|
|
348
|
-
);
|
|
343
|
+
xpath: '/*',
|
|
344
|
+
transforms: transformationAlgorithms,
|
|
345
|
+
digestAlgorithm
|
|
346
|
+
});
|
|
349
347
|
}
|
|
350
348
|
sig.signatureAlgorithm = signatureAlgorithm;
|
|
351
|
-
sig.
|
|
352
|
-
sig.
|
|
349
|
+
sig.publicCert = this.getKeyInfo(signingCert, signatureConfig).getKey();
|
|
350
|
+
sig.getKeyInfoContent = this.getKeyInfo(signingCert, signatureConfig).getKeyInfo;
|
|
351
|
+
sig.privateKey = utility.readPrivateKey(privateKey, privateKeyPass, true);
|
|
352
|
+
sig.canonicalizationAlgorithm = 'http://www.w3.org/2001/10/xml-exc-c14n#';
|
|
353
|
+
|
|
353
354
|
if (signatureConfig) {
|
|
354
355
|
sig.computeSignature(rawSamlMessage, signatureConfig);
|
|
355
356
|
} else {
|
|
@@ -361,11 +362,15 @@ const libSaml = () => {
|
|
|
361
362
|
* @desc Verify the XML signature
|
|
362
363
|
* @param {string} xml xml
|
|
363
364
|
* @param {SignatureVerifierOptions} opts cert declares the X509 certificate
|
|
364
|
-
|
|
365
|
-
|
|
365
|
+
* @return {[boolean, string | null]} - A tuple where:
|
|
366
|
+
* - The first element is `true` if the signature is valid, `false` otherwise.
|
|
367
|
+
* - The second element is the cryptographically authenticated assertion node as a string, or `null` if not found.
|
|
368
|
+
*/
|
|
366
369
|
verifySignature(xml: string, opts: SignatureVerifierOptions) {
|
|
367
370
|
const { dom } = getContext();
|
|
368
371
|
const doc = dom.parseFromString(xml);
|
|
372
|
+
|
|
373
|
+
const docParser = new DOMParser();
|
|
369
374
|
// In order to avoid the wrapping attack, we have changed to use absolute xpath instead of naively fetching the signature element
|
|
370
375
|
// message signature (logout response / saml response)
|
|
371
376
|
const messageSignatureXpath = "/*[contains(local-name(), 'Response') or contains(local-name(), 'Request')]/*[local-name(.)='Signature']";
|
|
@@ -376,7 +381,6 @@ const libSaml = () => {
|
|
|
376
381
|
|
|
377
382
|
// select the signature node
|
|
378
383
|
let selection: any = [];
|
|
379
|
-
let assertionNode: string | null = null;
|
|
380
384
|
const messageSignatureNode = select(messageSignatureXpath, doc);
|
|
381
385
|
const assertionSignatureNode = select(assertionSignatureXpath, doc);
|
|
382
386
|
const wrappingElementNode = select(wrappingElementsXPath, doc);
|
|
@@ -394,10 +398,11 @@ const libSaml = () => {
|
|
|
394
398
|
throw new Error('ERR_ZERO_SIGNATURE');
|
|
395
399
|
}
|
|
396
400
|
|
|
397
|
-
|
|
398
|
-
let verified = true;
|
|
401
|
+
|
|
399
402
|
// need to refactor later on
|
|
400
|
-
|
|
403
|
+
for (const signatureNode of selection){
|
|
404
|
+
const sig = new SignedXml();
|
|
405
|
+
let verified = false;
|
|
401
406
|
|
|
402
407
|
sig.signatureAlgorithm = opts.signatureAlgorithm!;
|
|
403
408
|
|
|
@@ -406,7 +411,7 @@ const libSaml = () => {
|
|
|
406
411
|
}
|
|
407
412
|
|
|
408
413
|
if (opts.keyFile) {
|
|
409
|
-
sig.
|
|
414
|
+
sig.publicCert = fs.readFileSync(opts.keyFile)
|
|
410
415
|
}
|
|
411
416
|
|
|
412
417
|
if (opts.metadata) {
|
|
@@ -442,28 +447,56 @@ const libSaml = () => {
|
|
|
442
447
|
throw new Error('ERROR_UNMATCH_CERTIFICATE_DECLARATION_IN_METADATA');
|
|
443
448
|
}
|
|
444
449
|
|
|
445
|
-
sig.
|
|
450
|
+
sig.publicCert = this.getKeyInfo(x509Certificate).getKey();
|
|
446
451
|
|
|
447
452
|
} else {
|
|
448
453
|
// Select first one from metadata
|
|
449
|
-
sig.
|
|
454
|
+
sig.publicCert = this.getKeyInfo(metadataCert[0]).getKey();
|
|
450
455
|
}
|
|
451
|
-
|
|
452
456
|
}
|
|
453
457
|
|
|
454
458
|
sig.loadSignature(signatureNode);
|
|
455
459
|
|
|
456
460
|
doc.removeChild(signatureNode);
|
|
457
461
|
|
|
458
|
-
verified =
|
|
462
|
+
verified = sig.checkSignature(doc.toString());
|
|
459
463
|
|
|
460
464
|
// immediately throw error when any one of the signature is failed to get verified
|
|
461
465
|
if (!verified) {
|
|
462
466
|
throw new Error('ERR_FAILED_TO_VERIFY_SIGNATURE');
|
|
463
467
|
}
|
|
468
|
+
// attempt is made to get the signed Reference as a string();
|
|
469
|
+
// note, we don't have access to the actual signedReferences API unfortunately
|
|
470
|
+
// mainly a sanity check here for SAML. (Although ours would still be secure, if multiple references are used)
|
|
471
|
+
if (!(sig.getReferences().length >= 1)) {
|
|
472
|
+
throw new Error('NO_SIGNATURE_REFERENCES')
|
|
473
|
+
}
|
|
474
|
+
const signedVerifiedXML = sig.getSignedReferences()[0];
|
|
475
|
+
const rootNode = docParser.parseFromString(signedVerifiedXML, 'text/xml').documentElement;
|
|
476
|
+
// process the verified signature:
|
|
477
|
+
// case 1, rootSignedDoc is a response:
|
|
478
|
+
if (rootNode.localName === 'Response') {
|
|
479
|
+
|
|
480
|
+
// try getting the Xml from the first assertion
|
|
481
|
+
const assertions = select(
|
|
482
|
+
"./*[local-name()='Assertion']",
|
|
483
|
+
rootNode
|
|
484
|
+
);
|
|
485
|
+
// now we can process the assertion as an assertion
|
|
486
|
+
if (assertions.length === 1) {
|
|
487
|
+
return [true, assertions[0].toString()];
|
|
488
|
+
}
|
|
489
|
+
} else if (rootNode.localName === 'Assertion') {
|
|
490
|
+
return [true, rootNode.toString()];
|
|
491
|
+
} else {
|
|
492
|
+
return [true, null]; // signature is valid. But there is no assertion node here. It could be metadata node, hence return null
|
|
493
|
+
}
|
|
494
|
+
};
|
|
464
495
|
|
|
465
|
-
|
|
496
|
+
// something has gone seriously wrong if we are still here
|
|
497
|
+
throw new Error('ERR_ZERO_SIGNATURE');
|
|
466
498
|
|
|
499
|
+
/*
|
|
467
500
|
// response must be signed, either entire document or assertion
|
|
468
501
|
// default we will take the assertion section under root
|
|
469
502
|
if (messageSignatureNode.length === 1) {
|
|
@@ -505,7 +538,7 @@ const libSaml = () => {
|
|
|
505
538
|
assertionNode = verifiedDoc.assertion.toString();
|
|
506
539
|
}
|
|
507
540
|
|
|
508
|
-
return [verified, assertionNode]
|
|
541
|
+
return [verified, assertionNode];*/
|
|
509
542
|
},
|
|
510
543
|
/**
|
|
511
544
|
* @desc Helper function to create the key section in metadata (abstraction for signing and encrypt use)
|
|
@@ -588,12 +621,14 @@ const libSaml = () => {
|
|
|
588
621
|
* @return {string} public key
|
|
589
622
|
*/
|
|
590
623
|
getKeyInfo(x509Certificate: string, signatureConfig: any = {}) {
|
|
591
|
-
|
|
592
|
-
|
|
593
|
-
|
|
594
|
-
|
|
595
|
-
|
|
596
|
-
|
|
624
|
+
const prefix = signatureConfig.prefix ? `${signatureConfig.prefix}:` : '';
|
|
625
|
+
return {
|
|
626
|
+
getKeyInfo: () => {
|
|
627
|
+
return `<${prefix}X509Data><${prefix}X509Certificate>${x509Certificate}</${prefix}X509Certificate></${prefix}X509Data>`;
|
|
628
|
+
},
|
|
629
|
+
getKey: () => {
|
|
630
|
+
return utility.getPublicKeyPemFromCertificate(x509Certificate).toString();
|
|
631
|
+
},
|
|
597
632
|
};
|
|
598
633
|
},
|
|
599
634
|
/**
|
|
@@ -19,7 +19,7 @@ declare function base64LoginRequest(referenceTagXPath: string, entity: any, cust
|
|
|
19
19
|
* @param {function} customTagReplacement used when developers have their own login response template
|
|
20
20
|
* @param {boolean} encryptThenSign whether or not to encrypt then sign first (if signing). Defaults to sign-then-encrypt
|
|
21
21
|
*/
|
|
22
|
-
declare function base64LoginResponse(requestInfo: any, entity: any, user?: any, customTagReplacement?: (template: string) => BindingContext, encryptThenSign?: boolean): Promise<BindingContext>;
|
|
22
|
+
declare function base64LoginResponse(requestInfo: any | undefined, entity: any, user?: any, customTagReplacement?: (template: string) => BindingContext, encryptThenSign?: boolean): Promise<BindingContext>;
|
|
23
23
|
/**
|
|
24
24
|
* @desc Generate a base64 encoded logout request
|
|
25
25
|
* @param {object} user current logged user (e.g. req.user)
|