mirror of
https://github.com/overleaf/overleaf.git
synced 2024-11-29 14:03:42 -05:00
Merge pull request #12411 from overleaf/jel-saml-cert-check
[web] Add script to check certificate dates from IdP SAML metadata GitOrigin-RevId: 9a1153c5a636dea798bdd112d400f370355c5783
This commit is contained in:
parent
dfda9d0677
commit
17525532d0
1 changed files with 67 additions and 0 deletions
67
services/web/scripts/ukamf/check-idp-metadata.js
Normal file
67
services/web/scripts/ukamf/check-idp-metadata.js
Normal file
|
@ -0,0 +1,67 @@
|
|||
/*
|
||||
Checks the SAML metadata provided by the IdP.
|
||||
Currently, only checking the valid from and to dates for the certificate
|
||||
Run with: node check-idp-metadata /path/idp-metadata.xml
|
||||
*/
|
||||
|
||||
const { Certificate } = require('@fidm/x509')
|
||||
const _ = require('lodash')
|
||||
const moment = require('moment')
|
||||
const fs = require('fs-extra')
|
||||
const xml2js = require('xml2js')
|
||||
|
||||
function checkCertDates(signingKey) {
|
||||
let cert = _.get(signingKey, [
|
||||
'ds:KeyInfo',
|
||||
0,
|
||||
'ds:X509Data',
|
||||
0,
|
||||
'ds:X509Certificate',
|
||||
0,
|
||||
])
|
||||
if (!cert) {
|
||||
throw new Error('no cert')
|
||||
}
|
||||
cert = cert.replace(/\s/g, '')
|
||||
|
||||
const certificate = Certificate.fromPEM(
|
||||
Buffer.from(
|
||||
`-----BEGIN CERTIFICATE-----\n${cert}\n-----END CERTIFICATE-----`,
|
||||
'utf8'
|
||||
)
|
||||
)
|
||||
|
||||
const validFrom = moment(certificate.validFrom)
|
||||
const validTo = moment(certificate.validTo)
|
||||
|
||||
return {
|
||||
validFrom,
|
||||
validTo,
|
||||
}
|
||||
}
|
||||
|
||||
async function main() {
|
||||
const [, , file] = process.argv
|
||||
|
||||
console.log('Checking SAML metadata')
|
||||
|
||||
const data = await fs.readFile(file, 'utf8')
|
||||
const parser = new xml2js.Parser()
|
||||
const xml = await parser.parseStringPromise(data)
|
||||
|
||||
const idp = xml.EntityDescriptor.IDPSSODescriptor
|
||||
const keys = idp[0].KeyDescriptor
|
||||
|
||||
const signingKey =
|
||||
keys.length === 1
|
||||
? keys[0]
|
||||
: keys.find(key => _.get(key, ['$', 'use']) === 'signing')
|
||||
|
||||
const certDates = checkCertDates(signingKey)
|
||||
|
||||
console.log(
|
||||
`SSO certificate is valid from ${certDates.validFrom} to ${certDates.validTo}`
|
||||
)
|
||||
}
|
||||
|
||||
main()
|
Loading…
Reference in a new issue