mirror of
https://github.com/overleaf/overleaf.git
synced 2024-12-29 12:13:32 +00:00
17525532d0
[web] Add script to check certificate dates from IdP SAML metadata GitOrigin-RevId: 9a1153c5a636dea798bdd112d400f370355c5783
67 lines
1.5 KiB
JavaScript
67 lines
1.5 KiB
JavaScript
/*
|
|
Checks the SAML metadata provided by the IdP.
|
|
Currently, only checking the valid from and to dates for the certificate
|
|
Run with: node check-idp-metadata /path/idp-metadata.xml
|
|
*/
|
|
|
|
const { Certificate } = require('@fidm/x509')
|
|
const _ = require('lodash')
|
|
const moment = require('moment')
|
|
const fs = require('fs-extra')
|
|
const xml2js = require('xml2js')
|
|
|
|
function checkCertDates(signingKey) {
|
|
let cert = _.get(signingKey, [
|
|
'ds:KeyInfo',
|
|
0,
|
|
'ds:X509Data',
|
|
0,
|
|
'ds:X509Certificate',
|
|
0,
|
|
])
|
|
if (!cert) {
|
|
throw new Error('no cert')
|
|
}
|
|
cert = cert.replace(/\s/g, '')
|
|
|
|
const certificate = Certificate.fromPEM(
|
|
Buffer.from(
|
|
`-----BEGIN CERTIFICATE-----\n${cert}\n-----END CERTIFICATE-----`,
|
|
'utf8'
|
|
)
|
|
)
|
|
|
|
const validFrom = moment(certificate.validFrom)
|
|
const validTo = moment(certificate.validTo)
|
|
|
|
return {
|
|
validFrom,
|
|
validTo,
|
|
}
|
|
}
|
|
|
|
async function main() {
|
|
const [, , file] = process.argv
|
|
|
|
console.log('Checking SAML metadata')
|
|
|
|
const data = await fs.readFile(file, 'utf8')
|
|
const parser = new xml2js.Parser()
|
|
const xml = await parser.parseStringPromise(data)
|
|
|
|
const idp = xml.EntityDescriptor.IDPSSODescriptor
|
|
const keys = idp[0].KeyDescriptor
|
|
|
|
const signingKey =
|
|
keys.length === 1
|
|
? keys[0]
|
|
: keys.find(key => _.get(key, ['$', 'use']) === 'signing')
|
|
|
|
const certDates = checkCertDates(signingKey)
|
|
|
|
console.log(
|
|
`SSO certificate is valid from ${certDates.validFrom} to ${certDates.validTo}`
|
|
)
|
|
}
|
|
|
|
main()
|