diff --git a/lib/saml11.js b/lib/saml11.js
index f359aa54..3651f701 100644
--- a/lib/saml11.js
+++ b/lib/saml11.js
@@ -42,7 +42,7 @@ exports.create = function(options, callback) {
algorithms.digest[options.digestAlgorithm]);
sig.signingKey = options.key;
-
+
sig.keyInfoProvider = {
getKeyInfo: function () {
return "" + cert + "";
@@ -66,9 +66,9 @@ exports.create = function(options, callback) {
if (options.lifetimeInSeconds) {
conditions[0].setAttribute('NotBefore', now.format('YYYY-MM-DDTHH:mm:ss.SSS[Z]'));
- conditions[0].setAttribute('NotOnOrAfter', now.add(options.lifetimeInSeconds, 'seconds').format('YYYY-MM-DDTHH:mm:ss.SSS[Z]'));
+ conditions[0].setAttribute('NotOnOrAfter', now.clone().add(options.lifetimeInSeconds, 'seconds').format('YYYY-MM-DDTHH:mm:ss.SSS[Z]'));
}
-
+
if (options.audiences) {
var audiences = options.audiences instanceof Array ? options.audiences : [options.audiences];
audiences.forEach(function (audience) {
@@ -83,7 +83,7 @@ exports.create = function(options, callback) {
var statement = doc.documentElement.getElementsByTagNameNS(NAMESPACE, 'AttributeStatement')[0];
Object.keys(options.attributes).forEach(function(prop) {
if(typeof options.attributes[prop] === 'undefined') return;
-
+
//
// Foo Bar
//
@@ -110,15 +110,15 @@ exports.create = function(options, callback) {
.setAttribute('AuthenticationInstant', now.format('YYYY-MM-DDTHH:mm:ss.SSS[Z]'));
var nameID = doc.documentElement.getElementsByTagNameNS(NAMESPACE, 'NameIdentifier')[0];
-
+
if (options.nameIdentifier) {
nameID.textContent = options.nameIdentifier;
-
+
doc.getElementsByTagName('saml:AuthenticationStatement')[0]
.getElementsByTagName('saml:NameIdentifier')[0]
.textContent = options.nameIdentifier;
}
-
+
if (options.nameIdentifierFormat) {
var nameIDs = doc.documentElement.getElementsByTagNameNS(NAMESPACE, 'NameIdentifier');
nameIDs[0].setAttribute('Format', options.nameIdentifierFormat);
@@ -127,18 +127,18 @@ exports.create = function(options, callback) {
if (!options.encryptionCert) return sign(options, sig, doc, callback);
- // encryption is turned on,
+ // encryption is turned on,
var proofSecret;
async.waterfall([
function(cb) {
- if (!options.subjectConfirmationMethod && options.subjectConfirmationMethod !== 'holder-of-key')
+ if (!options.subjectConfirmationMethod && options.subjectConfirmationMethod !== 'holder-of-key')
return cb();
-
+
crypto.randomBytes(32, function(err, randomBytes) {
proofSecret = randomBytes;
addSubjectConfirmation(options, doc, options.holderOfKeyProofSecret || randomBytes, cb);
});
-
+
},
function(cb) {
sign(options, sig, doc, function(err, signed) {
@@ -150,7 +150,7 @@ exports.create = function(options, callback) {
if (err) return callback(err);
callback(null, result, proofSecret);
});
-};
+};
function addSubjectConfirmation(options, doc, randomBytes, callback) {
var encryptOptions = {
@@ -159,7 +159,7 @@ function addSubjectConfirmation(options, doc, randomBytes, callback) {
keyEncryptionAlgorighm: options.keyEncryptionAlgorighm || 'http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p'
};
- xmlenc.encryptKeyInfo(randomBytes, encryptOptions, function(err, keyinfo) {
+ xmlenc.encryptKeyInfo(randomBytes, encryptOptions, function(err, keyinfo) {
if (err) return cb(err);
var subjectConfirmationNodes = doc.documentElement.getElementsByTagNameNS(NAMESPACE, 'SubjectConfirmation');
@@ -185,9 +185,9 @@ function sign(options, sig, doc, callback) {
var signed;
try {
- var opts = options.xpathToNodeBeforeSignature ? {
- location: {
- reference: options.xpathToNodeBeforeSignature,
+ var opts = options.xpathToNodeBeforeSignature ? {
+ location: {
+ reference: options.xpathToNodeBeforeSignature,
action: 'after'
}
} : {};