mirror of
https://github.com/overleaf/overleaf.git
synced 2024-12-01 19:23:57 -05:00
Merge pull request #12411 from overleaf/jel-saml-cert-check
[web] Add script to check certificate dates from IdP SAML metadata GitOrigin-RevId: 9a1153c5a636dea798bdd112d400f370355c5783
This commit is contained in:
parent
dfda9d0677
commit
17525532d0
1 changed files with 67 additions and 0 deletions
67
services/web/scripts/ukamf/check-idp-metadata.js
Normal file
67
services/web/scripts/ukamf/check-idp-metadata.js
Normal file
|
@ -0,0 +1,67 @@
|
||||||
|
/*
|
||||||
|
Checks the SAML metadata provided by the IdP.
|
||||||
|
Currently, only checking the valid from and to dates for the certificate
|
||||||
|
Run with: node check-idp-metadata /path/idp-metadata.xml
|
||||||
|
*/
|
||||||
|
|
||||||
|
const { Certificate } = require('@fidm/x509')
|
||||||
|
const _ = require('lodash')
|
||||||
|
const moment = require('moment')
|
||||||
|
const fs = require('fs-extra')
|
||||||
|
const xml2js = require('xml2js')
|
||||||
|
|
||||||
|
function checkCertDates(signingKey) {
|
||||||
|
let cert = _.get(signingKey, [
|
||||||
|
'ds:KeyInfo',
|
||||||
|
0,
|
||||||
|
'ds:X509Data',
|
||||||
|
0,
|
||||||
|
'ds:X509Certificate',
|
||||||
|
0,
|
||||||
|
])
|
||||||
|
if (!cert) {
|
||||||
|
throw new Error('no cert')
|
||||||
|
}
|
||||||
|
cert = cert.replace(/\s/g, '')
|
||||||
|
|
||||||
|
const certificate = Certificate.fromPEM(
|
||||||
|
Buffer.from(
|
||||||
|
`-----BEGIN CERTIFICATE-----\n${cert}\n-----END CERTIFICATE-----`,
|
||||||
|
'utf8'
|
||||||
|
)
|
||||||
|
)
|
||||||
|
|
||||||
|
const validFrom = moment(certificate.validFrom)
|
||||||
|
const validTo = moment(certificate.validTo)
|
||||||
|
|
||||||
|
return {
|
||||||
|
validFrom,
|
||||||
|
validTo,
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
async function main() {
|
||||||
|
const [, , file] = process.argv
|
||||||
|
|
||||||
|
console.log('Checking SAML metadata')
|
||||||
|
|
||||||
|
const data = await fs.readFile(file, 'utf8')
|
||||||
|
const parser = new xml2js.Parser()
|
||||||
|
const xml = await parser.parseStringPromise(data)
|
||||||
|
|
||||||
|
const idp = xml.EntityDescriptor.IDPSSODescriptor
|
||||||
|
const keys = idp[0].KeyDescriptor
|
||||||
|
|
||||||
|
const signingKey =
|
||||||
|
keys.length === 1
|
||||||
|
? keys[0]
|
||||||
|
: keys.find(key => _.get(key, ['$', 'use']) === 'signing')
|
||||||
|
|
||||||
|
const certDates = checkCertDates(signingKey)
|
||||||
|
|
||||||
|
console.log(
|
||||||
|
`SSO certificate is valid from ${certDates.validFrom} to ${certDates.validTo}`
|
||||||
|
)
|
||||||
|
}
|
||||||
|
|
||||||
|
main()
|
Loading…
Reference in a new issue