also make signatureConfig type-safe by enforcing the xml-crypto type

src/binding-post.ts

@@ -208,7 +208,10 @@ async function base64LoginResponse(
 			transformationAlgorithms: spSetting.transformationAlgorithms,
 			signatureConfig: spSetting.signatureConfig || {
 				prefix: 'ds',
-				location: { reference: "/*[local-name(.)='Response']/*[local-name(.)='Issuer']", action: 'after' },
+				location: {
+					reference: "/*[local-name(.)='Response']/*[local-name(.)='Issuer']",
+					action: 'after',
+				},
 			},
 		});
 	}

src/libsaml.ts

@@ -16,7 +16,7 @@ import type { Entity } from './entity';
 import { SamlifyError, SamlifyErrorCode } from './error';
 import { extract, isNode } from './extractor';
 import type { Metadata } from './metadata';
-import type { RequestSignatureAlgorithm, SAMLDocumentTemplate } from './types';
+import type { RequestSignatureAlgorithm, SAMLDocumentTemplate, SignatureConfig } from './types';
 import { algorithms, names, wording } from './urn';
 import {
 	base64Encode,
@@ -54,7 +54,7 @@ export interface SignatureConstructor {
 	signatureAlgorithm?: RequestSignatureAlgorithm;
 	signingCert: string | Buffer;
 	isBase64Output?: boolean;
-	signatureConfig?: any;
+	signatureConfig?: SignatureConfig;
 	isMessageSigned?: boolean;
 	transformationAlgorithms?: string[];
 }
@@ -545,7 +545,7 @@ const libSaml = () => {
 		 * @param  {string | Buffer} x509Certificate certificate
 		 * @return {string} public key
 		 */
-		getKeyInfoProvider(x509Certificate: string | Buffer, signatureConfig: any) {
+		getKeyInfoProvider(x509Certificate: string | Buffer, signatureConfig: SignatureConfig) {
 			return {
 				getKeyInfo: () => {
 					const prefix = signatureConfig?.prefix ? `${signatureConfig.prefix}:` : '';

src/types.ts

@@ -1,3 +1,4 @@
+import type { SignedXml } from 'xml-crypto';
 import type { EncryptionAlgorithm, KeyEncryptionAlgorithm } from 'xml-encryption';
 import type { LoginResponseTemplate, LogoutResponseTemplate } from './libsaml';
 import type { BindingNamespace, MessageSignatureOrder } from './urn';
@@ -40,7 +41,8 @@ interface MetadataSpOptions extends MetadataOptions {
 	assertionConsumerService?: SSOService[];
 	authnRequestsSigned?: boolean;
 	elementsOrder?: (keyof MetaElement)[];
-	signatureConfig?: { [key: string]: any };
+	// TODO: Not sure if this is used. Consider removing.
+	signatureConfig?: Record<string, any>;
 	wantAssertionsSigned?: boolean;
 	wantMessageSigned?: boolean;
 }
@@ -50,18 +52,12 @@ type MetadataFile = string | Buffer;
 export type MetadataIdpConstructorOptions = MetadataIdpOptions | MetadataFile;
 export type MetadataSpConstructorOptions = MetadataSpOptions | MetadataFile;
 
-export interface SignatureConfig {
-	prefix?: string;
-	location?: {
-		reference?: string;
-		action?: 'append' | 'prepend' | 'before' | 'after';
-	};
-}
-
 export interface SAMLDocumentTemplate {
 	context?: string;
 }
 
+export type SignatureConfig = Parameters<SignedXml['computeSignature']>[1];
+
 export interface EntitySettings {
 	metadata?: string | Buffer;
 	entityID?: string;

test/flow.ts

@@ -136,7 +136,10 @@ const spNoAssertSignCustomConfig = serviceProvider({
 	metadata: spmetaNoAssertSign,
 	signatureConfig: {
 		prefix: 'ds',
-		location: { reference: "/*[local-name(.)='Response']/*[local-name(.)='Issuer']", action: 'after' },
+		location: {
+			reference: "/*[local-name(.)='Response']/*[local-name(.)='Issuer']",
+			action: 'after',
+		},
 	},
 });
 const spWithClockDrift = serviceProvider({ ...defaultSpConfig, clockDrifts: [-2000, 2000] });