overleaf/services/web/scripts/ukamf/check-idp-metadata.js

68 lines
1.5 KiB
JavaScript
Raw Normal View History

/*
Checks the SAML metadata provided by the IdP.
Currently, only checking the valid from and to dates for the certificate
Run with: node check-idp-metadata /path/idp-metadata.xml
*/
import { Certificate } from '@fidm/x509'
import _ from 'lodash'
import moment from 'moment'
import fs from 'fs-extra'
import xml2js from 'xml2js'
function checkCertDates(signingKey) {
let cert = _.get(signingKey, [
'ds:KeyInfo',
0,
'ds:X509Data',
0,
'ds:X509Certificate',
0,
])
if (!cert) {
throw new Error('no cert')
}
cert = cert.replace(/\s/g, '')
const certificate = Certificate.fromPEM(
Buffer.from(
`-----BEGIN CERTIFICATE-----\n${cert}\n-----END CERTIFICATE-----`,
'utf8'
)
)
const validFrom = moment(certificate.validFrom)
const validTo = moment(certificate.validTo)
return {
validFrom,
validTo,
}
}
async function main() {
const [, , file] = process.argv
console.log('Checking SAML metadata')
const data = await fs.readFile(file, 'utf8')
const parser = new xml2js.Parser()
const xml = await parser.parseStringPromise(data)
const idp = xml.EntityDescriptor.IDPSSODescriptor
const keys = idp[0].KeyDescriptor
const signingKey =
keys.length === 1
? keys[0]
: keys.find(key => _.get(key, ['$', 'use']) === 'signing')
const certDates = checkCertDates(signingKey)
console.log(
`SSO certificate is valid from ${certDates.validFrom} to ${certDates.validTo}`
)
}
main()