overleaf/services/web/scripts/ukamf/check-idp-metadata.js

/*
  Checks the SAML metadata provided by the IdP.
  Currently, only checking the valid from and to dates for the certificate
  Run with: node check-idp-metadata /path/idp-metadata.xml
*/

const { Certificate } = require('@fidm/x509')
const _ = require('lodash')
const moment = require('moment')
const fs = require('fs-extra')
const xml2js = require('xml2js')

function checkCertDates(signingKey) {
  let cert = _.get(signingKey, [
    'ds:KeyInfo',
    0,
    'ds:X509Data',
    0,
    'ds:X509Certificate',
    0,
  ])
  if (!cert) {
    throw new Error('no cert')
  }
  cert = cert.replace(/\s/g, '')

  const certificate = Certificate.fromPEM(
    Buffer.from(
      `-----BEGIN CERTIFICATE-----\n${cert}\n-----END CERTIFICATE-----`,
      'utf8'
    )
  )

  const validFrom = moment(certificate.validFrom)
  const validTo = moment(certificate.validTo)

  return {
    validFrom,
    validTo,
  }
}

async function main() {
  const [, , file] = process.argv

  console.log('Checking SAML metadata')

  const data = await fs.readFile(file, 'utf8')
  const parser = new xml2js.Parser()
  const xml = await parser.parseStringPromise(data)

  const idp = xml.EntityDescriptor.IDPSSODescriptor
  const keys = idp[0].KeyDescriptor

  const signingKey =
    keys.length === 1
      ? keys[0]
      : keys.find(key => _.get(key, ['$', 'use']) === 'signing')

  const certDates = checkCertDates(signingKey)

  console.log(
    `SSO certificate is valid from ${certDates.validFrom} to ${certDates.validTo}`
  )
}

main()
Merge pull request #12411 from overleaf/jel-saml-cert-check [web] Add script to check certificate dates from IdP SAML metadata GitOrigin-RevId: 9a1153c5a636dea798bdd112d400f370355c5783 2023-04-03 09:57:26 -04:00			`/*`
			`Checks the SAML metadata provided by the IdP.`
			`Currently, only checking the valid from and to dates for the certificate`
			`Run with: node check-idp-metadata /path/idp-metadata.xml`
			`*/`

			`const { Certificate } = require('@fidm/x509')`
			`const _ = require('lodash')`
			`const moment = require('moment')`
			`const fs = require('fs-extra')`
			`const xml2js = require('xml2js')`

			`function checkCertDates(signingKey) {`
			`let cert = _.get(signingKey, [`
			`'ds:KeyInfo',`
			`0,`
			`'ds:X509Data',`
			`0,`
			`'ds:X509Certificate',`
			`0,`
			`])`
			`if (!cert) {`
			`throw new Error('no cert')`
			`}`
			`cert = cert.replace(/\s/g, '')`

			`const certificate = Certificate.fromPEM(`
			`Buffer.from(`
			`-----BEGIN CERTIFICATE-----\n${cert}\n-----END CERTIFICATE-----`,
			`'utf8'`
			`)`
			`)`

			`const validFrom = moment(certificate.validFrom)`
			`const validTo = moment(certificate.validTo)`

			`return {`
			`validFrom,`
			`validTo,`
			`}`
			`}`

			`async function main() {`
			`const [, , file] = process.argv`

			`console.log('Checking SAML metadata')`

			`const data = await fs.readFile(file, 'utf8')`
			`const parser = new xml2js.Parser()`
			`const xml = await parser.parseStringPromise(data)`

			`const idp = xml.EntityDescriptor.IDPSSODescriptor`
			`const keys = idp[0].KeyDescriptor`

			`const signingKey =`
			`keys.length === 1`
			`? keys[0]`
			`: keys.find(key => _.get(key, ['$', 'use']) === 'signing')`

			`const certDates = checkCertDates(signingKey)`

			`console.log(`
			`SSO certificate is valid from ${certDates.validFrom} to ${certDates.validTo}`
			`)`
			`}`

			`main()`