2023-04-03 09:57:26 -04:00
|
|
|
/*
|
|
|
|
Checks the SAML metadata provided by the IdP.
|
|
|
|
Currently, only checking the valid from and to dates for the certificate
|
|
|
|
Run with: node check-idp-metadata /path/idp-metadata.xml
|
|
|
|
*/
|
|
|
|
|
2024-10-24 07:13:04 -04:00
|
|
|
import { Certificate } from '@fidm/x509'
|
|
|
|
import _ from 'lodash'
|
|
|
|
import moment from 'moment'
|
|
|
|
import fs from 'fs-extra'
|
|
|
|
import xml2js from 'xml2js'
|
2023-04-03 09:57:26 -04:00
|
|
|
|
|
|
|
function checkCertDates(signingKey) {
|
|
|
|
let cert = _.get(signingKey, [
|
|
|
|
'ds:KeyInfo',
|
|
|
|
0,
|
|
|
|
'ds:X509Data',
|
|
|
|
0,
|
|
|
|
'ds:X509Certificate',
|
|
|
|
0,
|
|
|
|
])
|
|
|
|
if (!cert) {
|
|
|
|
throw new Error('no cert')
|
|
|
|
}
|
|
|
|
cert = cert.replace(/\s/g, '')
|
|
|
|
|
|
|
|
const certificate = Certificate.fromPEM(
|
|
|
|
Buffer.from(
|
|
|
|
`-----BEGIN CERTIFICATE-----\n${cert}\n-----END CERTIFICATE-----`,
|
|
|
|
'utf8'
|
|
|
|
)
|
|
|
|
)
|
|
|
|
|
|
|
|
const validFrom = moment(certificate.validFrom)
|
|
|
|
const validTo = moment(certificate.validTo)
|
|
|
|
|
|
|
|
return {
|
|
|
|
validFrom,
|
|
|
|
validTo,
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
async function main() {
|
|
|
|
const [, , file] = process.argv
|
|
|
|
|
|
|
|
console.log('Checking SAML metadata')
|
|
|
|
|
|
|
|
const data = await fs.readFile(file, 'utf8')
|
|
|
|
const parser = new xml2js.Parser()
|
|
|
|
const xml = await parser.parseStringPromise(data)
|
|
|
|
|
|
|
|
const idp = xml.EntityDescriptor.IDPSSODescriptor
|
|
|
|
const keys = idp[0].KeyDescriptor
|
|
|
|
|
|
|
|
const signingKey =
|
|
|
|
keys.length === 1
|
|
|
|
? keys[0]
|
|
|
|
: keys.find(key => _.get(key, ['$', 'use']) === 'signing')
|
|
|
|
|
|
|
|
const certDates = checkCertDates(signingKey)
|
|
|
|
|
|
|
|
console.log(
|
|
|
|
`SSO certificate is valid from ${certDates.validFrom} to ${certDates.validTo}`
|
|
|
|
)
|
|
|
|
}
|
|
|
|
|
|
|
|
main()
|