some exports cleanup

still a WIP to see if I can continue to attack circular architecture

Author: jimisaacs

src/binding-post.ts

@@ -4,13 +4,13 @@
  * @desc Binding-level API, declare the functions using POST binding
  */
 
-import type { BindingContext, Entity } from './entity';
-import type { IdentityProvider } from './entity-idp';
+import type { BindingContext } from './binding';
+import type { Entity, ParsedLogoutRequest } from './entity';
+import type { IdentityProvider, ParsedLoginRequest } from './entity-idp';
 import type { ServiceProvider } from './entity-sp';
 import { SamlifyError, SamlifyErrorCode } from './error';
 import type { FlowResult } from './flow';
-import libsaml, { CustomTagReplacement } from './libsaml';
-import type { ParsedLoginRequest, ParsedLogoutRequest } from './types';
+import { CustomTagReplacement, libsaml } from './libsaml';
 import { BindingNamespace, StatusCode } from './urn';
 import { base64Decode, base64Encode, isNonEmptyArray } from './utility';
 

src/binding-redirect.ts

@@ -3,13 +3,13 @@
  * @author tngan
  * @desc Binding-level API, declare the functions using Redirect binding
  */
-import type { BindingContext, Entity } from './entity';
+import type { BindingContext } from './binding';
+import type { Entity, ParsedLogoutRequest } from './entity';
 import type { IdentityProvider } from './entity-idp';
 import type { ServiceProvider } from './entity-sp';
 import { SamlifyError, SamlifyErrorCode } from './error';
 import type { FlowResult } from './flow';
-import libsaml, { CustomTagReplacement } from './libsaml';
-import type { ParsedLogoutRequest, RequestSignatureAlgorithm } from './types';
+import { CustomTagReplacement, libsaml, RequestSignatureAlgorithm } from './libsaml';
 import { BindingNamespace, StatusCode, wording } from './urn';
 import { base64Encode, deflateString } from './utility';
 

src/binding.ts

@@ -0,0 +1,16 @@
+export interface ESamlHttpRequest {
+	query?: any;
+	body?: any;
+	octetString?: string;
+}
+
+export interface BindingContext {
+	context: string;
+	id: string;
+}
+
+export interface PostBindingContext extends BindingContext {
+	relayState?: string;
+	entityEndpoint: string;
+	type: 'SAMLRequest' | 'SAMLResponse';
+}

src/entity-idp.ts

@@ -3,20 +3,38 @@
  * @author tngan
  * @desc  Declares the actions taken by identity provider
  */
+import type { ESamlHttpRequest } from './binding';
 import postBinding from './binding-post';
-import { Entity, ESamlHttpRequest } from './entity';
+import { Entity, EntitySettings } from './entity';
 import type { ServiceProvider } from './entity-sp';
 import { SamlifyError, SamlifyErrorCode } from './error';
 import { flow, FlowResult } from './flow';
-import type { CustomTagReplacement } from './libsaml';
-import metadataIdp, { MetadataIdp } from './metadata-idp';
-import type { IdentityProviderSettings, ParsedLoginRequest } from './types';
+import type { CustomTagReplacement, LoginResponseTemplate } from './libsaml';
+import type { SSOService } from './metadata';
+import { metadataIdp, MetadataIdp } from './metadata-idp';
 import { BindingNamespace, ParserType } from './urn';
 
+export interface IdentityProviderSettings extends EntitySettings {
+	/** template of login response */
+	loginResponseTemplate?: LoginResponseTemplate;
+
+	singleSignOnService?: SSOService[];
+	wantAuthnRequestsSigned?: boolean;
+	wantLogoutRequestSignedResponseSigned?: boolean;
+}
+
+export interface ParsedLoginRequest {
+	authnContextClassRef?: string;
+	issuer?: string;
+	nameIDPolicy?: { format?: string; allowCreate?: string };
+	request?: { id?: string; issueInstant?: string; destination?: string; assertionConsumerServiceUrl?: string };
+	signature?: string;
+}
+
 /**
  * Identity prvider can be configured using either metadata importing or idpSetting
  */
-export default function (props: IdentityProviderSettings) {
+export function identityProvider(props: IdentityProviderSettings) {
 	return new IdentityProvider(props);
 }
 

src/entity-sp.ts

@@ -3,21 +3,46 @@
  * @author tngan
  * @desc  Declares the actions taken by service provider
  */
+import type { BindingContext, ESamlHttpRequest, PostBindingContext } from './binding';
 import postBinding from './binding-post';
 import redirectBinding from './binding-redirect';
-import { BindingContext, Entity, ESamlHttpRequest, PostBindingContext } from './entity';
+import { Entity, EntitySettings } from './entity';
 import type { IdentityProvider } from './entity-idp';
 import { SamlifyError, SamlifyErrorCode } from './error';
 import { flow, FlowResult } from './flow';
-import type { CustomTagReplacement } from './libsaml';
-import metadataSp, { MetadataSp } from './metadata-sp';
-import type { ParsedLoginResponse, ServiceProviderSettings } from './types';
+import type { CustomTagReplacement, SAMLDocumentTemplate } from './libsaml';
+import type { SSOService } from './metadata';
+import { metadataSp, MetadataSp } from './metadata-sp';
 import { BindingNamespace, ParserType } from './urn';
 
+export interface ServiceProviderSettings extends EntitySettings {
+	authnRequestsSigned?: boolean;
+	wantAssertionsSigned?: boolean;
+	wantMessageSigned?: boolean;
+	assertionConsumerService?: SSOService[];
+
+	/** template of login request */
+	loginRequestTemplate?: SAMLDocumentTemplate;
+
+	allowCreate?: boolean;
+	// will be deprecated soon
+	relayState?: string;
+}
+
+export interface ParsedLoginResponse {
+	attributes?: Record<string, string>;
+	audience?: string;
+	conditions?: { notBefore: string; notOnOrAfter: string };
+	issuer?: string;
+	nameID?: string;
+	response?: { id?: string; issueInstant?: string; destination?: string; inResponseTo?: string };
+	sessionIndex?: { authnInstant?: string; sessionNotOnOrAfter?: string; sessionIndex?: string };
+}
+
 /*
  * @desc interface function
  */
-export default function (props: ServiceProviderSettings) {
+export function serviceProvider(props: ServiceProviderSettings) {
 	return new ServiceProvider(props);
 }
 

src/entity.ts

@@ -4,14 +4,22 @@
  * @desc  An abstraction for identity provider and service provider.
  */
 import { v4 as uuid } from 'uuid';
+import type { BindingContext, ESamlHttpRequest, PostBindingContext } from './binding';
 import postBinding from './binding-post';
 import redirectBinding from './binding-redirect';
 import { SamlifyError, SamlifyErrorCode } from './error';
 import { flow, FlowResult } from './flow';
-import type { CustomTagReplacement } from './libsaml';
-import type { Metadata } from './metadata';
-import type { EntitySettings, ParsedLogoutRequest, ParsedLogoutResponse } from './types';
-import { algorithms, BindingNamespace, messageConfigurations, ParserType } from './urn';
+import type {
+	CustomTagReplacement,
+	EncryptionAlgorithm,
+	KeyEncryptionAlgorithm,
+	LogoutResponseTemplate,
+	RequestSignatureAlgorithm,
+	SAMLDocumentTemplate,
+	SignatureConfig,
+} from './libsaml';
+import type { Metadata, SSOService } from './metadata';
+import { algorithms, BindingNamespace, messageConfigurations, MessageSignatureOrder, ParserType } from './urn';
 import { isNonEmptyArray, isString } from './utility';
 
 const dataEncryptionAlgorithm = algorithms.encryption.data;
@@ -32,27 +40,58 @@ const defaultEntitySetting = {
 	relayState: '',
 } as const;
 
-export interface ESamlHttpRequest {
-	query?: any;
-	body?: any;
-	octetString?: string;
-}
+export interface EntitySettings {
+	metadata?: string | Buffer;
+	entityID?: string;
+	singleLogoutService?: SSOService[];
+
+	isAssertionEncrypted?: boolean;
+
+	/** signature algorithm */
+	requestSignatureAlgorithm?: RequestSignatureAlgorithm;
+	dataEncryptionAlgorithm?: EncryptionAlgorithm;
+	keyEncryptionAlgorithm?: KeyEncryptionAlgorithm;
+
+	messageSigningOrder?: MessageSignatureOrder;
+	signatureConfig?: SignatureConfig;
+	transformationAlgorithms?: string[];
+	wantLogoutRequestSigned?: boolean;
+	wantLogoutResponseSigned?: boolean;
+
+	signingCert?: string | Buffer;
+	privateKey?: string | Buffer;
+	privateKeyPass?: string;
+
+	encryptCert?: string | Buffer;
+	encPrivateKey?: string | Buffer;
+	encPrivateKeyPass?: string;
+
+	/** template of logout request */
+	logoutRequestTemplate?: SAMLDocumentTemplate;
+	/** template of logout response */
+	logoutResponseTemplate?: LogoutResponseTemplate;
+
+	nameIDFormat?: string[];
+	// https://github.com/tngan/samlify/issues/337
+	clockDrifts?: [number, number];
+	/** customized function used for generating request ID */
+	generateID?: () => string;
 
-export interface BindingContext {
-	context: string;
-	id: string;
+	/** Declare the tag of specific xml document node. `TagPrefixKey` currently supports `encryptedAssertion` only */
+	tagPrefix?: { encryptedAssertion?: string };
 }
 
-export interface PostBindingContext extends BindingContext {
-	relayState?: string;
-	entityEndpoint: string;
-	type: 'SAMLRequest' | 'SAMLResponse';
+export interface ParsedLogoutRequest {
+	request?: { id?: string; issueInstant?: string; destination?: string };
+	issuer?: string;
+	nameID?: string;
+	signature?: string;
 }
 
-export interface ParseResult {
-	samlContent: string;
-	extract: any;
-	sigAlg: string;
+export interface ParsedLogoutResponse {
+	response?: { id?: string; destination?: string; inResponseTo?: string };
+	issuer?: string;
+	signature?: string;
 }
 
 export class Entity<Settings extends EntitySettings = EntitySettings, Meta extends Metadata = Metadata> {

src/flow.ts

@@ -1,4 +1,5 @@
-import type { Entity, ESamlHttpRequest } from './entity';
+import type { ESamlHttpRequest } from './binding';
+import type { Entity } from './entity';
 import { SamlifyError, SamlifyErrorCode } from './error';
 import {
 	extract,
@@ -10,7 +11,7 @@ import {
 	logoutResponseFields,
 	logoutResponseStatusFields,
 } from './extractor';
-import libsaml from './libsaml';
+import { libsaml } from './libsaml';
 import { BindingNamespace, MessageSignatureOrder, ParserType, StatusCode, wording } from './urn';
 import { base64Decode, inflateString } from './utility';
 import { verifyTime } from './validator';

src/index.ts

@@ -1,10 +1,8 @@
 export * from './api';
-export { default as identityProvider } from './entity-idp';
-export { default as serviceProvider } from './entity-sp';
-export * as extractor from './extractor';
-export { default as libsaml } from './libsaml';
-export { default as metadataIdp } from './metadata-idp';
-export { default as metadataSp } from './metadata-sp';
-export * from './types';
+export * from './entity-idp';
+export * from './entity-sp';
+export * from './error';
+export * from './libsaml';
+export * from './metadata-idp';
+export * from './metadata-sp';
 export * from './urn';
-export * as utility from './utility';