I've made some changes for better parsing and validation

tsconfig.esm.json

@@ -0,0 +1,7 @@
+{
+  "extends": "./tsconfig.json",
+  "compilerOptions": {
+    "module": "ESNext",
+    "moduleResolution": "NodeNext"
+  }
+}

.gitignore

@@ -6,7 +6,7 @@ logs
 pids
 *.pid
 *.seed
-
+types
 # Directory for instrumented libs generated by jscoverage/JSCover
 lib-cov
 
@@ -33,4 +33,4 @@ types/
 
 *.tgz
 
-package-lock.json
+package-lock.json

@types/xml-encryption.d.ts

@@ -5,6 +5,9 @@ declare module "xml-encryption" {
     encryptionAlgorithm: string;
     keyEncryptionAlgorithm: string;
     input_encoding?: string;
+    keyEncryptionDigest?: string,
+    warnInsecureAlgorithm?: boolean,
+    disallowEncryptionWithInsecureAlgorithm?: boolean,
   }
   export interface DecryptOptions {
     key: string | Buffer;

LICENSE

@@ -1,5 +1,5 @@
 The MIT License (MIT)
-
+Copyright (c) 2023 veclea
 Copyright (c) 2016-present Tony Ngan
 
 Permission is hereby granted, free of charge, to any person obtaining a copy

README.md

@@ -1,75 +1,44 @@
-# samlify ·
-
-[![Build Status](https://img.shields.io/circleci/build/github/tngan/samlify?style=for-the-badge&logo=circleci)](https://app.circleci.com/pipelines/github/tngan/samlify)
-[![npm version](https://img.shields.io/npm/v/samlify.svg?style=for-the-badge&logo=npm)](https://www.npmjs.com/package/samlify)
-[![NPM](https://img.shields.io/npm/dm/samlify.svg?style=for-the-badge&logo=npm)](https://www.npmjs.com/package/samlify)
-[![Coverage Status](https://img.shields.io/coveralls/tngan/samlify/master.svg?style=for-the-badge&logo=coveralls)](https://coveralls.io/github/tngan/samlify?branch=master)
-
-Highly configuarable Node.js SAML 2.0 library for Single Sign On
+# samlify · [![构建状态](https://img.shields.io/circleci/build/github/tngan/samlify?style=for-the-badge&logo=circleci)](https://app.circleci.com/pipelines/github/tngan/samlify) [![npm 版本](https://img.shields.io/npm/v/samlify.svg?style=for-the-badge&logo=npm)](https://www.npmjs.com/package/samlify) [![下载量](https://img.shields.io/npm/dm/samlify.svg?style=for-the-badge&logo=npm)](https://www.npmjs.com/package/samlify) [![覆盖率](https://img.shields.io/coveralls/tngan/samlify/master.svg?style=for-the-badge&logo=coveralls)](https://coveralls.io/github/tngan/samlify?branch=master)
+
+---
+[English Version](#README.md) | [中文版本](#readmeCN.md)
+## 🔄 This repository is an improved fork of [samlify](https://github.com/tngan/samlify) by [tngan](https://github.com/tngan)
+
+### Key Improvements
+
+- 📦 Converted from CJS to ESModule
+- ✅ Replaced `@authenio/xml-encryption` with `xml-encryption` and added support for sha256/512 encryption key OAEP digest methods
+- ✅ Upgraded `@xmldom/xmldom` to the latest version
+- 🛠️ Fixed encrypted assertion signature verification by adding `EncryptedAssertion` field extraction logic
+- 📦 Added default `AttributeConsumingService` element generation for ServiceProvider
+- 📦 Added partial Artifact binding support
+- 🗑️ Removed custom template support for IdentityProvider and improved parameter passing
+- 🔒 Upgraded default signature algorithm to SHA-256 and default encryption to AES_256_GCM
+- 🧪 Added built-in XML XSD validator
+- 🐛 Improved handling of HTTP-Redirect binding without DEFLATE compression
+- 🔓 Automatic detection of encrypted assertions without explicit flags
+- 📝 Added AttributeConsumingService to default elementsOrder
+- ✅ Tested against Burp SAML Raider (XSW and XXE attacks)
+- ⚡ Migrated tests to Vitest
+
+---
 
 ## Welcome PRs
 
-Welcome all PRs for maintaining this project, or provide a link to the repositories especially for use cases alongside with different frameworks.
-
-### Installation
-
-Multiple schema validators are currently supported by our system, with couple validator modules available and the option to create custom ones. It is essential to utilize the setSchemaValidator function at the outset to avoid errors.
-
-```js
-import * as samlify from 'samlify';
-import * as validator from '@authenio/samlify-xsd-schema-validator';
-// import * as validator from '@authenio/samlify-validate-with-xmllint';
-// import * as validator from '@authenio/samlify-node-xmllint';
-
-samlify.setSchemaValidator(validator);
-```
-
-Now you can create your own schema validator and even suppress it but you have to take the risk for accepting malicious response.
-
-```typescript
-samlify.setSchemaValidator({
-  validate: (response: string) => {
-    /* implment your own or always returns a resolved promise to skip */
-    return Promise.resolve('skipped');
-  }
-});
-```
-
-For those using Windows, `windows-build-tools` should be installed globally before installing samlify if you are using `libxml` validator.
-
-```console
-yarn global add windows-build-tools
-```
-
-### Development
-
-This project is now developed using TypeScript, also support Yarn which is a new package manager.
-
-```console
-yarn global add typescript
-yarn
-```
-
-### Get Started
-
-```javascript
-const saml = require('samlify');
-```
-
-See full documentation [here](https://samlify.js.org/)
-
-### Example
+Contributions are welcome! Please feel free to submit pull requests or provide integration examples with other frameworks.
 
-[react-samlify](https://github.com/passify/react-samlify) SP example powered by React, TypeScript and Webpack
+---
 
-### Talks
+## How to use?
 
-[An introduction to Single Sign On](http://www.slideshare.net/TonyNgan/an-introduction-of-single-sign-on)
+Refer to the `type/flows.test.ts` test cases and the original documentation at [https://samlify.js.org](https://samlify.js.org). Note that some parameters have been changed in this fork.
 
-### License
+---
 
-[MIT](LICENSE)
+## Generating Keys
 
-### Copyright
+Use OpenSSL to generate keys and certificates for testing. Private keys can be password-protected (optional). Here are the commands:
 
-Copyright (C) 2016-present Tony Ngan, released under the MIT License.
+```bash
+openssl genrsa -passout pass:foobar -out encryptKey.pem 4096
+openssl req -new -x509 -key encryptKey.pem -out encryptionCert.cer -days 3650

build.bat

@@ -0,0 +1,48 @@
+@echo off
+set PROJECT=samlify
+
+if "%1" == "install" goto install
+if "%1" == "clean" goto clean
+if "%1" == "rebuild" goto rebuild
+if "%1" == "pretest" goto pretest
+if "%1" == "doc" goto doc
+if "%1" == "install_jdk" goto install_jdk
+
+echo Usage: build.bat [install^|clean^|rebuild^|pretest^|doc^|install_jdk]
+goto end
+
+:install
+echo Installing %PROJECT%
+npm install
+goto end
+
+:clean
+echo Cleaning node_modules
+rmdir /s /q node_modules
+goto end
+
+:rebuild
+call :clean
+echo Rebuilding...
+mkdir build
+tsc
+goto end
+
+:pretest
+echo Preparing tests...
+mkdir build\test 2>nul
+xcopy test\key build\test\key /E /I /Y
+xcopy test\misc build\test\misc /E /I /Y
+goto end
+
+:doc
+echo Serving docs with docsify...
+docsify serve ./docs
+goto end
+
+:install_jdk
+echo JDK installation is not applicable on Windows via this script.
+echo Please manually install OpenJDK from https://adoptium.net/
+goto end
+
+:end

buils.mjs

@@ -0,0 +1,18 @@
+import { build } from 'esbuild'
+import { dirname } from 'path'
+import { fileURLToPath } from 'url'
+
+// 获取当前目录的 ESM 兼容方式
+const __dirname = dirname(fileURLToPath(import.meta.url))
+
+// 使用 esbuild 进行高级构建
+await build({
+	entryPoints: ['src/index.ts'],  // 入口文件
+	bundle: true,                   // 打包所有依赖
+	minify: true,                   // 压缩代码
+	outfile: 'dist/index.min.js',   // 输出文件路径
+	platform: 'node',               // 目标平台
+	target: 'node20',               // Node.js 20+ 环境
+	format: 'esm',                  // 输出格式为 ESM
+	sourcesContent: false           // 不包含源码内容
+})

index.d.ts

@@ -0,0 +1,10 @@
+import IdentityProvider, { IdentityProvider as IdentityProviderInstance } from './src/entity-idp';
+import ServiceProvider, { ServiceProvider as ServiceProviderInstance } from './src/entity-sp';
+export { default as IdPMetadata } from './src/metadata-idp';
+export { default as SPMetadata } from './src/metadata-sp';
+export { default as Utility } from './src/utility';
+export { default as SamlLib } from './src/libsaml';
+import * as Constants from './src/urn';
+import * as Extractor from './src/extractor';
+import { setSchemaValidator, setDOMParserOptions } from './src/api';
+export { Constants, Extractor, IdentityProvider, IdentityProviderInstance, ServiceProvider, ServiceProviderInstance, setSchemaValidator, setDOMParserOptions };

index.ts

@@ -1,18 +1,19 @@
 // version <= 1.25
-import IdentityProvider, { IdentityProvider as IdentityProviderInstance } from './src/entity-idp';
-import ServiceProvider, { ServiceProvider as ServiceProviderInstance } from './src/entity-sp';
+import IdentityProvider, { IdentityProvider as IdentityProviderInstance } from './src/entity-idp.js';
+import ServiceProvider, { ServiceProvider as ServiceProviderInstance } from './src/entity-sp.js';
 
-export { default as IdPMetadata } from './src/metadata-idp';
-export { default as SPMetadata } from './src/metadata-sp';
-export { default as Utility } from './src/utility';
-export { default as SamlLib } from './src/libsaml';
+export { default as IdPMetadata } from './src/metadata-idp.js';
+export { default as SPMetadata } from './src/metadata-sp.js';
+export { default as Utility } from './src/utility.js';
+export { default as SamlLib } from './src/libsaml.js';
 // roadmap
 // new name convention in version >= 3.0
-import * as Constants from './src/urn';
-import * as Extractor from './src/extractor';
-
+import * as Constants from './src/urn.js';
+import * as Extractor from './src/extractor.js';
+import * as Soap from './src/soap.js';
+import {validate,validateMetadata} from './src/schemaValidator.js'
 // exposed methods for customizing samlify
-import { setSchemaValidator, setDOMParserOptions } from './src/api';
+import { setSchemaValidator, setDOMParserOptions } from './src/api.js';
 
 export {
   Constants,
@@ -24,5 +25,9 @@ export {
   ServiceProviderInstance,
   // set context
   setSchemaValidator,
-  setDOMParserOptions
-};
+  setDOMParserOptions,
+  validate,
+  validateMetadata,
+  Soap
+
+};