Merge pull request #12411 from overleaf/jel-saml-cert-check

[web] Add script to check certificate dates from IdP SAML metadata

GitOrigin-RevId: 9a1153c5a636dea798bdd112d400f370355c5783
This commit is contained in:
Jessica Lawshe 2023-04-03 08:57:26 -05:00 committed by Copybot
parent dfda9d0677
commit 17525532d0

View file

@ -0,0 +1,67 @@
/*
Checks the SAML metadata provided by the IdP.
Currently, only checking the valid from and to dates for the certificate
Run with: node check-idp-metadata /path/idp-metadata.xml
*/
const { Certificate } = require('@fidm/x509')
const _ = require('lodash')
const moment = require('moment')
const fs = require('fs-extra')
const xml2js = require('xml2js')
function checkCertDates(signingKey) {
let cert = _.get(signingKey, [
'ds:KeyInfo',
0,
'ds:X509Data',
0,
'ds:X509Certificate',
0,
])
if (!cert) {
throw new Error('no cert')
}
cert = cert.replace(/\s/g, '')
const certificate = Certificate.fromPEM(
Buffer.from(
`-----BEGIN CERTIFICATE-----\n${cert}\n-----END CERTIFICATE-----`,
'utf8'
)
)
const validFrom = moment(certificate.validFrom)
const validTo = moment(certificate.validTo)
return {
validFrom,
validTo,
}
}
async function main() {
const [, , file] = process.argv
console.log('Checking SAML metadata')
const data = await fs.readFile(file, 'utf8')
const parser = new xml2js.Parser()
const xml = await parser.parseStringPromise(data)
const idp = xml.EntityDescriptor.IDPSSODescriptor
const keys = idp[0].KeyDescriptor
const signingKey =
keys.length === 1
? keys[0]
: keys.find(key => _.get(key, ['$', 'use']) === 'signing')
const certDates = checkCertDates(signingKey)
console.log(
`SSO certificate is valid from ${certDates.validFrom} to ${certDates.validTo}`
)
}
main()