diff --git a/package.yaml b/package.yaml index debf297..aea3981 100644 --- a/package.yaml +++ b/package.yaml @@ -61,3 +61,17 @@ tests: - tasty-golden - wai-saml2 - xml-conduit + validation: + main: validation.hs + source-dirs: tests + ghc-options: -Wall -Wcompat + dependencies: + - base + - bytestring + - filepath + - pretty-show + - tasty + - tasty-hunit + - transformers + - wai-saml2 + - xml-conduit diff --git a/tests/validation.hs b/tests/validation.hs new file mode 100644 index 0000000..f2ed9aa --- /dev/null +++ b/tests/validation.hs @@ -0,0 +1,41 @@ + +import Control.Monad.Trans.Except +import Crypto.PubKey.RSA (PublicKey) +import Data.ByteString (ByteString) +import Data.Time.Format.ISO8601 +import Network.Wai.SAML2 +import Network.Wai.SAML2.Validation +import Test.Tasty +import Test.Tasty.HUnit +import qualified Data.X509 as X509 +import qualified Data.X509.Memory as X509 + +parseCertificate :: ByteString -> PublicKey +parseCertificate certificate = case X509.readSignedObjectFromMemory certificate of + [signedCert] -> case X509.certPubKey $ X509.signedObject $ X509.getSigned signedCert of + X509.PubKeyRSA key -> key + other -> error $ "Expected PubKeyRSA, but got " <> show other + xs -> error $ show xs + +run :: ByteString -> String -> ByteString -> IO () +run cert timestamp raw = do + now <- iso8601ParseM timestamp + let pub = parseCertificate cert + cfg = saml2ConfigNoEncryption pub + + assertion <- runExceptT $ do + (responseXmlDoc, samlResponse) <- decodeResponse raw + validateSAMLResponse cfg responseXmlDoc samlResponse now + + case assertion of + Left err -> assertFailure $ show err + Right _ -> pure () + +azureADCertificate :: ByteString +azureADCertificate = "-----BEGIN CERTIFICATE-----\nMIIC8DCCAdigAwIBAgIQafqoqGZ3HoxNh23cdsDACjANBgkqhkiG9w0BAQsFADA0MTIwMAYDVQQDEylNaWNyb3NvZnQgQXp1cmUgRmVkZXJhdGVkIFNTTyBDZXJ0aWZpY2F0ZTAeFw0yMjEwMjQwNDM3MzJaFw0yNTEwMjQwNDM3MzJaMDQxMjAwBgNVBAMTKU1pY3Jvc29mdCBBenVyZSBGZWRlcmF0ZWQgU1NPIENlcnRpZmljYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuIrXrPws5kjzFTAJbXa/pitQ2hZTs9CMOv48iFXJLRRr90GaIUikqbU0X4CL3bewMC0XVBlBQwTGpRIIWbYreZ6lfQYaP/ACGysQ96m2aknH8cUQdlUFCEo94LlzTLqkDf+JWfdBT6AWDS9aLjS/r25HZRUR7xBcdSYOfSEE2UcO8QBH9BvoOD/xBBwAvSo4rjOwr9ZaKAG3Axu7Dh/T2AAE5ZHbCIQEeMEEkofQbexitiTYt0c2CyWdAFoR6MlxEPhWE8sIko62PhDMBMuGu67ZCbBINIVj2CcDr1kBx6OVdgvZYum/A09RRzBTMuFMP2+WG3yCjaUMA3Gn5lpv2QIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQAO0/TzTx1OQYUTPGwafh2mHzVpc9Hk2LIY+YvV4bbVsUwnuV6HKVr2Sn3uLIUiSE/JjTdjy7KE/1LBN2KNMe7vs67gOIjOODf/LMQJMHqu7oJtZdt1omrpxJH6DkA/YmPGyUOcX7ADLbaw4cf2lTt8Pk97HP+EvAM31ZfjLtgyGDlREeWa/y2wWOHOdeO1CGwvK1BKz9Sdg7bAs7lBSX/1Qp8pnnOJb/2wNuc9vw6p5UCEFvlAzGyRRLPZfDiazDzTznTyYDPupzJ5pic3rcogzCGQGUWW5dGG7c6lM6EAYDKNAZ+cv4wWrMA4sAo+DdNkzs8sDSv8Jw1AXGRuOTzQ\n-----END CERTIFICATE-----" + +main :: IO () +main = defaultMain $ testGroup "validation tests" + [ testCase "AzureAD signed assertion" $ run azureADCertificate "2023-05-09T16:00:00Z" "PHNhbWxwOlJlc3BvbnNlIElEPSJfYzA4Mjk0MGQtMzFjZi00MGEyLWE1ODEtMmE3YWYxMjJlN2U1IiBWZXJzaW9uPSIyLjAiIElzc3VlSW5zdGFudD0iMjAyMy0wNS0wOVQxNTo0NToyNC4yOTNaIiBEZXN0aW5hdGlvbj0iaHR0cHM6Ly9sb29wYmFjay5qYS1zb3JlLmRlOjM0NDMvYXV0aC9wYWdlL3NhbWwyL2xvZ2luIiBJblJlc3BvbnNlVG89ImlkMjNkZmZkMDZhMzFmN2FkMTA5NzVjOWM4OTNiZjg2NjgiIHhtbG5zOnNhbWxwPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6cHJvdG9jb2wiPjxJc3N1ZXIgeG1sbnM9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphc3NlcnRpb24iPmh0dHBzOi8vc3RzLndpbmRvd3MubmV0L2IwYTYzYWRlLTNlYzctNGQ4Yi05OTFmLTg3ZWI0MzM2Mjc0YS88L0lzc3Vlcj48c2FtbHA6U3RhdHVzPjxzYW1scDpTdGF0dXNDb2RlIFZhbHVlPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6c3RhdHVzOlN1Y2Nlc3MiLz48L3NhbWxwOlN0YXR1cz48QXNzZXJ0aW9uIElEPSJfN2RkNzFiNzktMDMyMC00YzZiLWI1MjQtNzJmNjk5M2Q4MTAwIiBJc3N1ZUluc3RhbnQ9IjIwMjMtMDUtMDlUMTU6NDU6MjQuMjg4WiIgVmVyc2lvbj0iMi4wIiB4bWxucz0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFzc2VydGlvbiI+PElzc3Vlcj5odHRwczovL3N0cy53aW5kb3dzLm5ldC9iMGE2M2FkZS0zZWM3LTRkOGItOTkxZi04N2ViNDMzNjI3NGEvPC9Jc3N1ZXI+PFNpZ25hdHVyZSB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyI+PFNpZ25lZEluZm8+PENhbm9uaWNhbGl6YXRpb25NZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiLz48U2lnbmF0dXJlTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxkc2lnLW1vcmUjcnNhLXNoYTI1NiIvPjxSZWZlcmVuY2UgVVJJPSIjXzdkZDcxYjc5LTAzMjAtNGM2Yi1iNTI0LTcyZjY5OTNkODEwMCI+PFRyYW5zZm9ybXM+PFRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNlbnZlbG9wZWQtc2lnbmF0dXJlIi8+PFRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIvPjwvVHJhbnNmb3Jtcz48RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMjc2hhMjU2Ii8+PERpZ2VzdFZhbHVlPlNreEh5bGlsT0QzN0tPeEpUNFYwWUxJc0wzVzNBWUhXTStpSVpIbWJ1a2M9PC9EaWdlc3RWYWx1ZT48L1JlZmVyZW5jZT48L1NpZ25lZEluZm8+PFNpZ25hdHVyZVZhbHVlPkVJZzIydnRUcW5FaGl3RTNIWXJ1d25XT1RLUWpzNTdhUVNxZXE0Z25MVjd5b3FRdzBqalBXa2tHVHRvMi8wVGVIV29tWDU4R2oyTUROQ1JqbHdpZDJqUXV5NmpaUVcyK3dEQnVyRWxWQU83dHJjeHJYNDhFYUtuRzlaUGgvMSsrNDBPMWw5NzB6VnpTUndrbkZ2bk9IcGdoV1FzaWI5TmFkclJXQjYvWmJtd3BWaENmWVlBY2Z1OHovbzhUZFFRdEU2NkkyZHI2WUQ4a0FQYkJlL3ZFZUhCVlB5Y2Faais4ZnFpYTVzSXBHQlVuSDdyVHZhVG56QkhvbDF6ZzFZWXlLOE81M3A3YmFRYVFROFdFWjRhZ0JOanRIZUpHYm8yYlA4dXZPMTRGbm9Wb1VRcURBVEpLa0RIcTVyTSs2dFEwUnZaZ1NQNmpqS29pdzVwZmNoZWRwUT09PC9TaWduYXR1cmVWYWx1ZT48S2V5SW5mbz48WDUwOURhdGE+PFg1MDlDZXJ0aWZpY2F0ZT5NSUlDOERDQ0FkaWdBd0lCQWdJUWFmcW9xR1ozSG94TmgyM2Nkc0RBQ2pBTkJna3Foa2lHOXcwQkFRc0ZBREEwTVRJd01BWURWUVFERXlsTmFXTnliM052Wm5RZ1FYcDFjbVVnUm1Wa1pYSmhkR1ZrSUZOVFR5QkRaWEowYVdacFkyRjBaVEFlRncweU1qRXdNalF3TkRNM016SmFGdzB5TlRFd01qUXdORE0zTXpKYU1EUXhNakF3QmdOVkJBTVRLVTFwWTNKdmMyOW1kQ0JCZW5WeVpTQkdaV1JsY21GMFpXUWdVMU5QSUVObGNuUnBabWxqWVhSbE1JSUJJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBUThBTUlJQkNnS0NBUUVBdUlyWHJQd3M1a2p6RlRBSmJYYS9waXRRMmhaVHM5Q01PdjQ4aUZYSkxSUnI5MEdhSVVpa3FiVTBYNENMM2Jld01DMFhWQmxCUXdUR3BSSUlXYllyZVo2bGZRWWFQL0FDR3lzUTk2bTJha25IOGNVUWRsVUZDRW85NExselRMcWtEZitKV2ZkQlQ2QVdEUzlhTGpTL3IyNUhaUlVSN3hCY2RTWU9mU0VFMlVjTzhRQkg5QnZvT0QveEJCd0F2U280cmpPd3I5WmFLQUczQXh1N0RoL1QyQUFFNVpIYkNJUUVlTUVFa29mUWJleGl0aVRZdDBjMkN5V2RBRm9SNk1seEVQaFdFOHNJa282MlBoRE1CTXVHdTY3WkNiQklOSVZqMkNjRHIxa0J4Nk9WZGd2Wll1bS9BMDlSUnpCVE11Rk1QMitXRzN5Q2phVU1BM0duNWxwdjJRSURBUUFCTUEwR0NTcUdTSWIzRFFFQkN3VUFBNElCQVFBTzAvVHpUeDFPUVlVVFBHd2FmaDJtSHpWcGM5SGsyTElZK1l2VjRiYlZzVXdudVY2SEtWcjJTbjN1TElVaVNFL0pqVGRqeTdLRS8xTEJOMktOTWU3dnM2N2dPSWpPT0RmL0xNUUpNSHF1N29KdFpkdDFvbXJweEpINkRrQS9ZbVBHeVVPY1g3QURMYmF3NGNmMmxUdDhQazk3SFArRXZBTTMxWmZqTHRneUdEbFJFZVdhL3kyd1dPSE9kZU8xQ0d3dksxQkt6OVNkZzdiQXM3bEJTWC8xUXA4cG5uT0piLzJ3TnVjOXZ3NnA1VUNFRnZsQXpHeVJSTFBaZkRpYXpEelR6blR5WURQdXB6SjVwaWMzcmNvZ3pDR1FHVVdXNWRHRzdjNmxNNkVBWURLTkFaK2N2NHdXck1BNHNBbytEZE5renM4c0RTdjhKdzFBWEdSdU9UelE8L1g1MDlDZXJ0aWZpY2F0ZT48L1g1MDlEYXRhPjwvS2V5SW5mbz48L1NpZ25hdHVyZT48U3ViamVjdD48TmFtZUlEIEZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6MS4xOm5hbWVpZC1mb3JtYXQ6ZW1haWxBZGRyZXNzIj5mdW1pZXZhbEBoZXJwZGV2Lm9ubWljcm9zb2Z0LmNvbTwvTmFtZUlEPjxTdWJqZWN0Q29uZmlybWF0aW9uIE1ldGhvZD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmNtOmJlYXJlciI+PFN1YmplY3RDb25maXJtYXRpb25EYXRhIEluUmVzcG9uc2VUbz0iaWQyM2RmZmQwNmEzMWY3YWQxMDk3NWM5Yzg5M2JmODY2OCIgTm90T25PckFmdGVyPSIyMDIzLTA1LTA5VDE2OjQ1OjI0LjE5OFoiIFJlY2lwaWVudD0iaHR0cHM6Ly9sb29wYmFjay5qYS1zb3JlLmRlOjM0NDMvYXV0aC9wYWdlL3NhbWwyL2xvZ2luIi8+PC9TdWJqZWN0Q29uZmlybWF0aW9uPjwvU3ViamVjdD48Q29uZGl0aW9ucyBOb3RCZWZvcmU9IjIwMjMtMDUtMDlUMTU6NDA6MjQuMTk4WiIgTm90T25PckFmdGVyPSIyMDIzLTA1LTA5VDE2OjQ1OjI0LjE5OFoiPjxBdWRpZW5jZVJlc3RyaWN0aW9uPjxBdWRpZW5jZT5odHRwczovL2xvb3BiYWNrLmphLXNvcmUuZGU6MzQ0My88L0F1ZGllbmNlPjwvQXVkaWVuY2VSZXN0cmljdGlvbj48L0NvbmRpdGlvbnM+PEF0dHJpYnV0ZVN0YXRlbWVudD48QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLm1pY3Jvc29mdC5jb20vaWRlbnRpdHkvY2xhaW1zL3RlbmFudGlkIj48QXR0cmlidXRlVmFsdWU+YjBhNjNhZGUtM2VjNy00ZDhiLTk5MWYtODdlYjQzMzYyNzRhPC9BdHRyaWJ1dGVWYWx1ZT48L0F0dHJpYnV0ZT48QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLm1pY3Jvc29mdC5jb20vaWRlbnRpdHkvY2xhaW1zL29iamVjdGlkZW50aWZpZXIiPjxBdHRyaWJ1dGVWYWx1ZT41NTIyMDBkNy0zNTE2LTRkODEtOGVhMS1hODdiNDI5ZjA3ZWY8L0F0dHJpYnV0ZVZhbHVlPjwvQXR0cmlidXRlPjxBdHRyaWJ1dGUgTmFtZT0iaHR0cDovL3NjaGVtYXMubWljcm9zb2Z0LmNvbS9pZGVudGl0eS9jbGFpbXMvZGlzcGxheW5hbWUiPjxBdHRyaWJ1dGVWYWx1ZT5mdW1pZXZhbDwvQXR0cmlidXRlVmFsdWU+PC9BdHRyaWJ1dGU+PEF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy5taWNyb3NvZnQuY29tL2lkZW50aXR5L2NsYWltcy9pZGVudGl0eXByb3ZpZGVyIj48QXR0cmlidXRlVmFsdWU+aHR0cHM6Ly9zdHMud2luZG93cy5uZXQvYjBhNjNhZGUtM2VjNy00ZDhiLTk5MWYtODdlYjQzMzYyNzRhLzwvQXR0cmlidXRlVmFsdWU+PC9BdHRyaWJ1dGU+PEF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy5taWNyb3NvZnQuY29tL2NsYWltcy9hdXRobm1ldGhvZHNyZWZlcmVuY2VzIj48QXR0cmlidXRlVmFsdWU+aHR0cDovL3NjaGVtYXMubWljcm9zb2Z0LmNvbS93cy8yMDA4LzA2L2lkZW50aXR5L2F1dGhlbnRpY2F0aW9ubWV0aG9kL3Bhc3N3b3JkPC9BdHRyaWJ1dGVWYWx1ZT48L0F0dHJpYnV0ZT48QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDUvaWRlbnRpdHkvY2xhaW1zL25hbWUiPjxBdHRyaWJ1dGVWYWx1ZT5mdW1pZXZhbEBoZXJwZGV2Lm9ubWljcm9zb2Z0LmNvbTwvQXR0cmlidXRlVmFsdWU+PC9BdHRyaWJ1dGU+PC9BdHRyaWJ1dGVTdGF0ZW1lbnQ+PEF1dGhuU3RhdGVtZW50IEF1dGhuSW5zdGFudD0iMjAyMy0wNS0wOVQwNjoyMToxNy41OTlaIiBTZXNzaW9uSW5kZXg9Il83ZGQ3MWI3OS0wMzIwLTRjNmItYjUyNC03MmY2OTkzZDgxMDAiPjxBdXRobkNvbnRleHQ+PEF1dGhuQ29udGV4dENsYXNzUmVmPnVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphYzpjbGFzc2VzOlBhc3N3b3JkPC9BdXRobkNvbnRleHRDbGFzc1JlZj48L0F1dGhuQ29udGV4dD48L0F1dGhuU3RhdGVtZW50PjwvQXNzZXJ0aW9uPjwvc2FtbHA6UmVzcG9uc2U+" + , testCase "AzureAD signed response" $ run azureADCertificate "2023-05-10T01:20:00Z" "PHNhbWxwOlJlc3BvbnNlIElEPSJfMzI3NmFjYTYtY2FhNC00ZTA4LTg0M2EtZjAzZWVhZmRlMTI2IiBWZXJzaW9uPSIyLjAiIElzc3VlSW5zdGFudD0iMjAyMy0wNS0xMFQwMToxNzozMi42MzRaIiBEZXN0aW5hdGlvbj0iaHR0cHM6Ly9sb29wYmFjay5qYS1zb3JlLmRlOjM0NDMvYXV0aC9wYWdlL3NhbWwyL2xvZ2luIiBJblJlc3BvbnNlVG89ImlkNjNhOTkxMmE1MTQ0NWFhNGQ0ZWMzZGJmMmFhZGExNjYiIHhtbG5zOnNhbWxwPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6cHJvdG9jb2wiPjxJc3N1ZXIgeG1sbnM9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphc3NlcnRpb24iPmh0dHBzOi8vc3RzLndpbmRvd3MubmV0L2IwYTYzYWRlLTNlYzctNGQ4Yi05OTFmLTg3ZWI0MzM2Mjc0YS88L0lzc3Vlcj48U2lnbmF0dXJlIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjIj48U2lnbmVkSW5mbz48Q2Fub25pY2FsaXphdGlvbk1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIvPjxTaWduYXR1cmVNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzA0L3htbGRzaWctbW9yZSNyc2Etc2hhMjU2Ii8+PFJlZmVyZW5jZSBVUkk9IiNfMzI3NmFjYTYtY2FhNC00ZTA4LTg0M2EtZjAzZWVhZmRlMTI2Ij48VHJhbnNmb3Jtcz48VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI2VudmVsb3BlZC1zaWduYXR1cmUiLz48VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8xMC94bWwtZXhjLWMxNG4jIi8+PC9UcmFuc2Zvcm1zPjxEaWdlc3RNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzA0L3htbGVuYyNzaGEyNTYiLz48RGlnZXN0VmFsdWU+c21Lb3I2TEVISzBQK0FsV1RvN3RQYXk2N3VVbGJBZSthYjBpOVNyUDZsOD08L0RpZ2VzdFZhbHVlPjwvUmVmZXJlbmNlPjwvU2lnbmVkSW5mbz48U2lnbmF0dXJlVmFsdWU+bmFDTjRsVlI4UnlxbUxnNGsweGpWMmlNM21hdUJmQnZzd2hKQy95MmlrVWYvaTYxV25Pem13STYrNzF5TThLU1dDd2ljbFFlVWRnUWYxWkhsTlVscXViL292YUhRdzZoNVBONXdOU3hEWHAxTy9ZSjdNaCtKZ2NJQXFLUzVsUXllczBMTzFLQUl1a0VTaGNsYTFtbDRDbm56RWpWUWw3ZEJEc213dTNoUm1rWVNPZUxDaDFMbjBrQ2NsRzFXNUlGSmlEZDJJSkxvb21VR3ZVcTNFaTVzUy9kRkNSZ1BpenU4SWRGWWpBdm81MVd3RkRKR01WSkxGbmZvL3hmK0ZjdFV0OU1XTXRPSjRYMEoyUmVmTGd5QVZ5VDlORnpRV01PRUJQWEhpbkhmbVdwOWJJMUR0UXo0VVpKbndKVzFJaXpObEtwZEUwWXQ4ajBGcXZtQUZId09BPT08L1NpZ25hdHVyZVZhbHVlPjxLZXlJbmZvPjxkczpYNTA5RGF0YSB4bWxuczpkcz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyI+PGRzOlg1MDlDZXJ0aWZpY2F0ZT5NSUlDOERDQ0FkaWdBd0lCQWdJUWFmcW9xR1ozSG94TmgyM2Nkc0RBQ2pBTkJna3Foa2lHOXcwQkFRc0ZBREEwTVRJd01BWURWUVFERXlsTmFXTnliM052Wm5RZ1FYcDFjbVVnUm1Wa1pYSmhkR1ZrSUZOVFR5QkRaWEowYVdacFkyRjBaVEFlRncweU1qRXdNalF3TkRNM016SmFGdzB5TlRFd01qUXdORE0zTXpKYU1EUXhNakF3QmdOVkJBTVRLVTFwWTNKdmMyOW1kQ0JCZW5WeVpTQkdaV1JsY21GMFpXUWdVMU5QSUVObGNuUnBabWxqWVhSbE1JSUJJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBUThBTUlJQkNnS0NBUUVBdUlyWHJQd3M1a2p6RlRBSmJYYS9waXRRMmhaVHM5Q01PdjQ4aUZYSkxSUnI5MEdhSVVpa3FiVTBYNENMM2Jld01DMFhWQmxCUXdUR3BSSUlXYllyZVo2bGZRWWFQL0FDR3lzUTk2bTJha25IOGNVUWRsVUZDRW85NExselRMcWtEZitKV2ZkQlQ2QVdEUzlhTGpTL3IyNUhaUlVSN3hCY2RTWU9mU0VFMlVjTzhRQkg5QnZvT0QveEJCd0F2U280cmpPd3I5WmFLQUczQXh1N0RoL1QyQUFFNVpIYkNJUUVlTUVFa29mUWJleGl0aVRZdDBjMkN5V2RBRm9SNk1seEVQaFdFOHNJa282MlBoRE1CTXVHdTY3WkNiQklOSVZqMkNjRHIxa0J4Nk9WZGd2Wll1bS9BMDlSUnpCVE11Rk1QMitXRzN5Q2phVU1BM0duNWxwdjJRSURBUUFCTUEwR0NTcUdTSWIzRFFFQkN3VUFBNElCQVFBTzAvVHpUeDFPUVlVVFBHd2FmaDJtSHpWcGM5SGsyTElZK1l2VjRiYlZzVXdudVY2SEtWcjJTbjN1TElVaVNFL0pqVGRqeTdLRS8xTEJOMktOTWU3dnM2N2dPSWpPT0RmL0xNUUpNSHF1N29KdFpkdDFvbXJweEpINkRrQS9ZbVBHeVVPY1g3QURMYmF3NGNmMmxUdDhQazk3SFArRXZBTTMxWmZqTHRneUdEbFJFZVdhL3kyd1dPSE9kZU8xQ0d3dksxQkt6OVNkZzdiQXM3bEJTWC8xUXA4cG5uT0piLzJ3TnVjOXZ3NnA1VUNFRnZsQXpHeVJSTFBaZkRpYXpEelR6blR5WURQdXB6SjVwaWMzcmNvZ3pDR1FHVVdXNWRHRzdjNmxNNkVBWURLTkFaK2N2NHdXck1BNHNBbytEZE5renM4c0RTdjhKdzFBWEdSdU9UelE8L2RzOlg1MDlDZXJ0aWZpY2F0ZT48L2RzOlg1MDlEYXRhPjwvS2V5SW5mbz48L1NpZ25hdHVyZT48c2FtbHA6U3RhdHVzPjxzYW1scDpTdGF0dXNDb2RlIFZhbHVlPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6c3RhdHVzOlN1Y2Nlc3MiLz48L3NhbWxwOlN0YXR1cz48QXNzZXJ0aW9uIElEPSJfZjI4ZjkyYmUtOWNjNC00NGRmLWJmYTAtNDI0NTQzNGY5ZDAwIiBJc3N1ZUluc3RhbnQ9IjIwMjMtMDUtMTBUMDE6MTc6MzIuNjMyWiIgVmVyc2lvbj0iMi4wIiB4bWxucz0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFzc2VydGlvbiI+PElzc3Vlcj5odHRwczovL3N0cy53aW5kb3dzLm5ldC9iMGE2M2FkZS0zZWM3LTRkOGItOTkxZi04N2ViNDMzNjI3NGEvPC9Jc3N1ZXI+PFN1YmplY3Q+PE5hbWVJRCBGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjEuMTpuYW1laWQtZm9ybWF0OmVtYWlsQWRkcmVzcyI+ZnVtaWV2YWxAaGVycGRldi5vbm1pY3Jvc29mdC5jb208L05hbWVJRD48U3ViamVjdENvbmZpcm1hdGlvbiBNZXRob2Q9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpjbTpiZWFyZXIiPjxTdWJqZWN0Q29uZmlybWF0aW9uRGF0YSBJblJlc3BvbnNlVG89ImlkNjNhOTkxMmE1MTQ0NWFhNGQ0ZWMzZGJmMmFhZGExNjYiIE5vdE9uT3JBZnRlcj0iMjAyMy0wNS0xMFQwMjoxNzozMi41NjNaIiBSZWNpcGllbnQ9Imh0dHBzOi8vbG9vcGJhY2suamEtc29yZS5kZTozNDQzL2F1dGgvcGFnZS9zYW1sMi9sb2dpbiIvPjwvU3ViamVjdENvbmZpcm1hdGlvbj48L1N1YmplY3Q+PENvbmRpdGlvbnMgTm90QmVmb3JlPSIyMDIzLTA1LTEwVDAxOjEyOjMyLjU2M1oiIE5vdE9uT3JBZnRlcj0iMjAyMy0wNS0xMFQwMjoxNzozMi41NjNaIj48QXVkaWVuY2VSZXN0cmljdGlvbj48QXVkaWVuY2U+aHR0cHM6Ly9sb29wYmFjay5qYS1zb3JlLmRlOjM0NDMvPC9BdWRpZW5jZT48L0F1ZGllbmNlUmVzdHJpY3Rpb24+PC9Db25kaXRpb25zPjxBdHRyaWJ1dGVTdGF0ZW1lbnQ+PEF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy5taWNyb3NvZnQuY29tL2lkZW50aXR5L2NsYWltcy90ZW5hbnRpZCI+PEF0dHJpYnV0ZVZhbHVlPmIwYTYzYWRlLTNlYzctNGQ4Yi05OTFmLTg3ZWI0MzM2Mjc0YTwvQXR0cmlidXRlVmFsdWU+PC9BdHRyaWJ1dGU+PEF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy5taWNyb3NvZnQuY29tL2lkZW50aXR5L2NsYWltcy9vYmplY3RpZGVudGlmaWVyIj48QXR0cmlidXRlVmFsdWU+NTUyMjAwZDctMzUxNi00ZDgxLThlYTEtYTg3YjQyOWYwN2VmPC9BdHRyaWJ1dGVWYWx1ZT48L0F0dHJpYnV0ZT48QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLm1pY3Jvc29mdC5jb20vaWRlbnRpdHkvY2xhaW1zL2Rpc3BsYXluYW1lIj48QXR0cmlidXRlVmFsdWU+ZnVtaWV2YWw8L0F0dHJpYnV0ZVZhbHVlPjwvQXR0cmlidXRlPjxBdHRyaWJ1dGUgTmFtZT0iaHR0cDovL3NjaGVtYXMubWljcm9zb2Z0LmNvbS9pZGVudGl0eS9jbGFpbXMvaWRlbnRpdHlwcm92aWRlciI+PEF0dHJpYnV0ZVZhbHVlPmh0dHBzOi8vc3RzLndpbmRvd3MubmV0L2IwYTYzYWRlLTNlYzctNGQ4Yi05OTFmLTg3ZWI0MzM2Mjc0YS88L0F0dHJpYnV0ZVZhbHVlPjwvQXR0cmlidXRlPjxBdHRyaWJ1dGUgTmFtZT0iaHR0cDovL3NjaGVtYXMubWljcm9zb2Z0LmNvbS9jbGFpbXMvYXV0aG5tZXRob2RzcmVmZXJlbmNlcyI+PEF0dHJpYnV0ZVZhbHVlPmh0dHA6Ly9zY2hlbWFzLm1pY3Jvc29mdC5jb20vd3MvMjAwOC8wNi9pZGVudGl0eS9hdXRoZW50aWNhdGlvbm1ldGhvZC9wYXNzd29yZDwvQXR0cmlidXRlVmFsdWU+PC9BdHRyaWJ1dGU+PEF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9uYW1lIj48QXR0cmlidXRlVmFsdWU+ZnVtaWV2YWxAaGVycGRldi5vbm1pY3Jvc29mdC5jb208L0F0dHJpYnV0ZVZhbHVlPjwvQXR0cmlidXRlPjwvQXR0cmlidXRlU3RhdGVtZW50PjxBdXRoblN0YXRlbWVudCBBdXRobkluc3RhbnQ9IjIwMjMtMDUtMDlUMDY6MjE6MTcuNTk5WiIgU2Vzc2lvbkluZGV4PSJfZjI4ZjkyYmUtOWNjNC00NGRmLWJmYTAtNDI0NTQzNGY5ZDAwIj48QXV0aG5Db250ZXh0PjxBdXRobkNvbnRleHRDbGFzc1JlZj51cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YWM6Y2xhc3NlczpQYXNzd29yZDwvQXV0aG5Db250ZXh0Q2xhc3NSZWY+PC9BdXRobkNvbnRleHQ+PC9BdXRoblN0YXRlbWVudD48L0Fzc2VydGlvbj48L3NhbWxwOlJlc3BvbnNlPg==" + ] diff --git a/wai-saml2.cabal b/wai-saml2.cabal index 8d771da..9cf4662 100644 --- a/wai-saml2.cabal +++ b/wai-saml2.cabal @@ -121,3 +121,44 @@ test-suite parser , xml-conduit , zlib >=0.6.0.0 && <0.7 default-language: Haskell2010 + +test-suite validation + type: exitcode-stdio-1.0 + main-is: validation.hs + other-modules: + Paths_wai_saml2 + hs-source-dirs: + tests + default-extensions: + FlexibleInstances + OverloadedStrings + RecordWildCards + ghc-options: -Wall -Wcompat + build-depends: + base + , base16-bytestring >=0.1 && <1.1 + , base64-bytestring >=0.1 && <2 + , bytestring + , c14n >=0.1.0.1 && <1 + , containers ==0.6.* + , cryptonite <1 + , data-default-class <1 + , filepath + , http-types <1 + , mtl >=2.2.1 && <3 + , network-uri >=2.0 && <3 + , pretty-show + , tasty + , tasty-hunit + , text <2.1 + , time >=1.9 && <2 + , transformers + , vault >=0.3 && <1 + , wai >=3.0 && <4 + , wai-extra >=3.0 && <4 + , wai-saml2 + , x509 <2 + , x509-store <2 + , xml-conduit + , zlib >=0.6.0.0 && <0.7 + default-language: Haskell2010