diff --git a/package.yaml b/package.yaml
index afc63e2..60d77d5 100644
--- a/package.yaml
+++ b/package.yaml
@@ -49,8 +49,8 @@ library:
- -W
tests:
- parser:
- main: Parser.hs
+ wai-saml2-test:
+ main: spec.hs
source-dirs: tests
ghc-options: -Wall -Wcompat
dependencies:
@@ -59,6 +59,9 @@ tests:
- filepath
- pretty-show
- tasty
+ - tasty-expected-failure
- tasty-golden
+ - tasty-hunit
+ - transformers
- wai-saml2
- xml-conduit
diff --git a/stack-lts-16.1.yaml b/stack-lts-16.1.yaml
index 8ef18c7..7e6a20c 100644
--- a/stack-lts-16.1.yaml
+++ b/stack-lts-16.1.yaml
@@ -3,7 +3,7 @@ packages:
- .
extra-deps:
- - c14n-0.1.0.1@sha256:c56a513c1363d126ee704656b59d2e2af1cfe878587a97cb69ab0122b82e2d4d,1371
- crypton-0.31@sha256:c0e4aa081bd65d1cb415358ec43e83e7fe703c83b633243a89162bd6eb865850,18286
- crypton-x509-1.7.6
- crypton-x509-store-1.6.9
+ - c14n-0.1.0.3@sha256:71d230741cbe6023e3b3ef43c4acf79d18cc3631d956b2261e4a170302baaebc,1163
diff --git a/stack-lts-16.1.yaml.lock b/stack-lts-16.1.yaml.lock
index 5bb6b8e..0e02088 100644
--- a/stack-lts-16.1.yaml.lock
+++ b/stack-lts-16.1.yaml.lock
@@ -4,37 +4,37 @@
# https://docs.haskellstack.org/en/stable/lock_files
packages:
-- completed:
- hackage: c14n-0.1.0.1@sha256:c56a513c1363d126ee704656b59d2e2af1cfe878587a97cb69ab0122b82e2d4d,1371
- pantry-tree:
- sha256: 67187305166a25d10cb133378ae89c3d76d51ee756edd757a84f71f176eb61e7
- size: 285
- original:
- hackage: c14n-0.1.0.1@sha256:c56a513c1363d126ee704656b59d2e2af1cfe878587a97cb69ab0122b82e2d4d,1371
- completed:
hackage: crypton-0.31@sha256:c0e4aa081bd65d1cb415358ec43e83e7fe703c83b633243a89162bd6eb865850,18286
pantry-tree:
- sha256: 0d73be1794796e4c87e1a20198109ec7364eee8c54dd6cf6c4d202f1f6ca3ac0
size: 23320
+ sha256: 0d73be1794796e4c87e1a20198109ec7364eee8c54dd6cf6c4d202f1f6ca3ac0
original:
hackage: crypton-0.31@sha256:c0e4aa081bd65d1cb415358ec43e83e7fe703c83b633243a89162bd6eb865850,18286
- completed:
hackage: crypton-x509-1.7.6@sha256:c567657a705b6d6521f9dd2de999bf530d618ec00f3b939df76a41fb0fe94281,2339
pantry-tree:
- sha256: 729e7db8dfc0a8b43e08bbd8d1387c9065e39beda6ac39e0fb9f10140810a3eb
size: 1080
+ sha256: 729e7db8dfc0a8b43e08bbd8d1387c9065e39beda6ac39e0fb9f10140810a3eb
original:
hackage: crypton-x509-1.7.6
- completed:
hackage: crypton-x509-store-1.6.9@sha256:422b9b9f87a7382c66385d047615b16fc86a68c08ea22b1e0117c143a2d44050,1750
pantry-tree:
- sha256: 87654d130a7f987ee139c821a1be45736d18df9fa4cb1142c4e054d3802338f3
size: 406
+ sha256: 87654d130a7f987ee139c821a1be45736d18df9fa4cb1142c4e054d3802338f3
original:
hackage: crypton-x509-store-1.6.9
+- completed:
+ hackage: c14n-0.1.0.3@sha256:71d230741cbe6023e3b3ef43c4acf79d18cc3631d956b2261e4a170302baaebc,1163
+ pantry-tree:
+ size: 285
+ sha256: 86277e6f592859bb078ebac3fa6d71880f0079858c1f1ca64c38885586e1b4f8
+ original:
+ hackage: c14n-0.1.0.3@sha256:71d230741cbe6023e3b3ef43c4acf79d18cc3631d956b2261e4a170302baaebc,1163
snapshots:
- completed:
- sha256: 954b6b14b0c8130732cf4773f7ebb4efc9a44600d1a5265d142868bf93462bc6
size: 531237
url: https://raw.githubusercontent.com/commercialhaskell/stackage-snapshots/master/lts/16/1.yaml
+ sha256: 954b6b14b0c8130732cf4773f7ebb4efc9a44600d1a5265d142868bf93462bc6
original: lts-16.1
diff --git a/stack-lts-17.14.yaml b/stack-lts-17.14.yaml
index f281596..a1867d8 100644
--- a/stack-lts-17.14.yaml
+++ b/stack-lts-17.14.yaml
@@ -4,7 +4,7 @@ packages:
- .
extra-deps:
- - c14n-0.1.0.1@sha256:c56a513c1363d126ee704656b59d2e2af1cfe878587a97cb69ab0122b82e2d4d,1371
+ - c14n-0.1.0.3@sha256:71d230741cbe6023e3b3ef43c4acf79d18cc3631d956b2261e4a170302baaebc,1163
- crypton-0.31@sha256:c0e4aa081bd65d1cb415358ec43e83e7fe703c83b633243a89162bd6eb865850,18286
- crypton-x509-1.7.6
- crypton-x509-store-1.6.9
diff --git a/stack-lts-17.14.yaml.lock b/stack-lts-17.14.yaml.lock
index 4b26887..6321f3c 100644
--- a/stack-lts-17.14.yaml.lock
+++ b/stack-lts-17.14.yaml.lock
@@ -5,36 +5,36 @@
packages:
- completed:
- hackage: c14n-0.1.0.1@sha256:c56a513c1363d126ee704656b59d2e2af1cfe878587a97cb69ab0122b82e2d4d,1371
+ hackage: c14n-0.1.0.3@sha256:71d230741cbe6023e3b3ef43c4acf79d18cc3631d956b2261e4a170302baaebc,1163
pantry-tree:
- sha256: 67187305166a25d10cb133378ae89c3d76d51ee756edd757a84f71f176eb61e7
size: 285
+ sha256: 86277e6f592859bb078ebac3fa6d71880f0079858c1f1ca64c38885586e1b4f8
original:
- hackage: c14n-0.1.0.1@sha256:c56a513c1363d126ee704656b59d2e2af1cfe878587a97cb69ab0122b82e2d4d,1371
+ hackage: c14n-0.1.0.3@sha256:71d230741cbe6023e3b3ef43c4acf79d18cc3631d956b2261e4a170302baaebc,1163
- completed:
hackage: crypton-0.31@sha256:c0e4aa081bd65d1cb415358ec43e83e7fe703c83b633243a89162bd6eb865850,18286
pantry-tree:
- sha256: 0d73be1794796e4c87e1a20198109ec7364eee8c54dd6cf6c4d202f1f6ca3ac0
size: 23320
+ sha256: 0d73be1794796e4c87e1a20198109ec7364eee8c54dd6cf6c4d202f1f6ca3ac0
original:
hackage: crypton-0.31@sha256:c0e4aa081bd65d1cb415358ec43e83e7fe703c83b633243a89162bd6eb865850,18286
- completed:
hackage: crypton-x509-1.7.6@sha256:c567657a705b6d6521f9dd2de999bf530d618ec00f3b939df76a41fb0fe94281,2339
pantry-tree:
- sha256: 729e7db8dfc0a8b43e08bbd8d1387c9065e39beda6ac39e0fb9f10140810a3eb
size: 1080
+ sha256: 729e7db8dfc0a8b43e08bbd8d1387c9065e39beda6ac39e0fb9f10140810a3eb
original:
hackage: crypton-x509-1.7.6
- completed:
hackage: crypton-x509-store-1.6.9@sha256:422b9b9f87a7382c66385d047615b16fc86a68c08ea22b1e0117c143a2d44050,1750
pantry-tree:
- sha256: 87654d130a7f987ee139c821a1be45736d18df9fa4cb1142c4e054d3802338f3
size: 406
+ sha256: 87654d130a7f987ee139c821a1be45736d18df9fa4cb1142c4e054d3802338f3
original:
hackage: crypton-x509-store-1.6.9
snapshots:
- completed:
- sha256: 3740f22286bf5e6e3d82f88125e1c708b6e27847211f956b530aa5d83cf39383
size: 567677
url: https://raw.githubusercontent.com/commercialhaskell/stackage-snapshots/master/lts/17/14.yaml
+ sha256: 3740f22286bf5e6e3d82f88125e1c708b6e27847211f956b530aa5d83cf39383
original: lts-17.14
diff --git a/stack-lts-18.yaml b/stack-lts-18.yaml
index e51b693..1fdf035 100644
--- a/stack-lts-18.yaml
+++ b/stack-lts-18.yaml
@@ -4,3 +4,4 @@ extra-deps:
- crypton-0.31@sha256:c0e4aa081bd65d1cb415358ec43e83e7fe703c83b633243a89162bd6eb865850,18286
- crypton-x509-1.7.6
- crypton-x509-store-1.6.9
+ - c14n-0.1.0.3@sha256:71d230741cbe6023e3b3ef43c4acf79d18cc3631d956b2261e4a170302baaebc,1163
diff --git a/stack-lts-18.yaml.lock b/stack-lts-18.yaml.lock
index cd4ac73..af73a43 100644
--- a/stack-lts-18.yaml.lock
+++ b/stack-lts-18.yaml.lock
@@ -7,27 +7,34 @@ packages:
- completed:
hackage: crypton-0.31@sha256:c0e4aa081bd65d1cb415358ec43e83e7fe703c83b633243a89162bd6eb865850,18286
pantry-tree:
- sha256: 0d73be1794796e4c87e1a20198109ec7364eee8c54dd6cf6c4d202f1f6ca3ac0
size: 23320
+ sha256: 0d73be1794796e4c87e1a20198109ec7364eee8c54dd6cf6c4d202f1f6ca3ac0
original:
hackage: crypton-0.31@sha256:c0e4aa081bd65d1cb415358ec43e83e7fe703c83b633243a89162bd6eb865850,18286
- completed:
hackage: crypton-x509-1.7.6@sha256:c567657a705b6d6521f9dd2de999bf530d618ec00f3b939df76a41fb0fe94281,2339
pantry-tree:
- sha256: 729e7db8dfc0a8b43e08bbd8d1387c9065e39beda6ac39e0fb9f10140810a3eb
size: 1080
+ sha256: 729e7db8dfc0a8b43e08bbd8d1387c9065e39beda6ac39e0fb9f10140810a3eb
original:
hackage: crypton-x509-1.7.6
- completed:
hackage: crypton-x509-store-1.6.9@sha256:422b9b9f87a7382c66385d047615b16fc86a68c08ea22b1e0117c143a2d44050,1750
pantry-tree:
- sha256: 87654d130a7f987ee139c821a1be45736d18df9fa4cb1142c4e054d3802338f3
size: 406
+ sha256: 87654d130a7f987ee139c821a1be45736d18df9fa4cb1142c4e054d3802338f3
original:
hackage: crypton-x509-store-1.6.9
+- completed:
+ hackage: c14n-0.1.0.3@sha256:71d230741cbe6023e3b3ef43c4acf79d18cc3631d956b2261e4a170302baaebc,1163
+ pantry-tree:
+ size: 285
+ sha256: 86277e6f592859bb078ebac3fa6d71880f0079858c1f1ca64c38885586e1b4f8
+ original:
+ hackage: c14n-0.1.0.3@sha256:71d230741cbe6023e3b3ef43c4acf79d18cc3631d956b2261e4a170302baaebc,1163
snapshots:
- completed:
- sha256: 428ec8d5ce932190d3cbe266b9eb3c175cd81e984babf876b64019e2cbe4ea68
size: 590100
url: https://raw.githubusercontent.com/commercialhaskell/stackage-snapshots/master/lts/18/28.yaml
+ sha256: 428ec8d5ce932190d3cbe266b9eb3c175cd81e984babf876b64019e2cbe4ea68
original: lts-18.28
diff --git a/stack-lts-19.yaml b/stack-lts-19.yaml
index 0754bdb..921e655 100644
--- a/stack-lts-19.yaml
+++ b/stack-lts-19.yaml
@@ -4,3 +4,4 @@ extra-deps:
- crypton-0.31@sha256:c0e4aa081bd65d1cb415358ec43e83e7fe703c83b633243a89162bd6eb865850,18286
- crypton-x509-1.7.6
- crypton-x509-store-1.6.9
+ - c14n-0.1.0.3@sha256:71d230741cbe6023e3b3ef43c4acf79d18cc3631d956b2261e4a170302baaebc,1163
diff --git a/stack-lts-19.yaml.lock b/stack-lts-19.yaml.lock
index 935fdac..faa04a3 100644
--- a/stack-lts-19.yaml.lock
+++ b/stack-lts-19.yaml.lock
@@ -7,27 +7,34 @@ packages:
- completed:
hackage: crypton-0.31@sha256:c0e4aa081bd65d1cb415358ec43e83e7fe703c83b633243a89162bd6eb865850,18286
pantry-tree:
- sha256: 0d73be1794796e4c87e1a20198109ec7364eee8c54dd6cf6c4d202f1f6ca3ac0
size: 23320
+ sha256: 0d73be1794796e4c87e1a20198109ec7364eee8c54dd6cf6c4d202f1f6ca3ac0
original:
hackage: crypton-0.31@sha256:c0e4aa081bd65d1cb415358ec43e83e7fe703c83b633243a89162bd6eb865850,18286
- completed:
hackage: crypton-x509-1.7.6@sha256:c567657a705b6d6521f9dd2de999bf530d618ec00f3b939df76a41fb0fe94281,2339
pantry-tree:
- sha256: 729e7db8dfc0a8b43e08bbd8d1387c9065e39beda6ac39e0fb9f10140810a3eb
size: 1080
+ sha256: 729e7db8dfc0a8b43e08bbd8d1387c9065e39beda6ac39e0fb9f10140810a3eb
original:
hackage: crypton-x509-1.7.6
- completed:
hackage: crypton-x509-store-1.6.9@sha256:422b9b9f87a7382c66385d047615b16fc86a68c08ea22b1e0117c143a2d44050,1750
pantry-tree:
- sha256: 87654d130a7f987ee139c821a1be45736d18df9fa4cb1142c4e054d3802338f3
size: 406
+ sha256: 87654d130a7f987ee139c821a1be45736d18df9fa4cb1142c4e054d3802338f3
original:
hackage: crypton-x509-store-1.6.9
+- completed:
+ hackage: c14n-0.1.0.3@sha256:71d230741cbe6023e3b3ef43c4acf79d18cc3631d956b2261e4a170302baaebc,1163
+ pantry-tree:
+ size: 285
+ sha256: 86277e6f592859bb078ebac3fa6d71880f0079858c1f1ca64c38885586e1b4f8
+ original:
+ hackage: c14n-0.1.0.3@sha256:71d230741cbe6023e3b3ef43c4acf79d18cc3631d956b2261e4a170302baaebc,1163
snapshots:
- completed:
- sha256: 6d1532d40621957a25bad5195bfca7938e8a06d923c91bc52aa0f3c41181f2d4
size: 619204
url: https://raw.githubusercontent.com/commercialhaskell/stackage-snapshots/master/lts/19/33.yaml
+ sha256: 6d1532d40621957a25bad5195bfca7938e8a06d923c91bc52aa0f3c41181f2d4
original: lts-19.33
diff --git a/stack-lts-20.yaml b/stack-lts-20.yaml
index 55ad4af..93fbe99 100644
--- a/stack-lts-20.yaml
+++ b/stack-lts-20.yaml
@@ -4,3 +4,4 @@ extra-deps:
- crypton-0.31@sha256:c0e4aa081bd65d1cb415358ec43e83e7fe703c83b633243a89162bd6eb865850,18286
- crypton-x509-1.7.6
- crypton-x509-store-1.6.9
+ - c14n-0.1.0.3@sha256:71d230741cbe6023e3b3ef43c4acf79d18cc3631d956b2261e4a170302baaebc,1163
diff --git a/stack-lts-20.yaml.lock b/stack-lts-20.yaml.lock
index 896ed88..68df6a0 100644
--- a/stack-lts-20.yaml.lock
+++ b/stack-lts-20.yaml.lock
@@ -7,27 +7,34 @@ packages:
- completed:
hackage: crypton-0.31@sha256:c0e4aa081bd65d1cb415358ec43e83e7fe703c83b633243a89162bd6eb865850,18286
pantry-tree:
- sha256: 0d73be1794796e4c87e1a20198109ec7364eee8c54dd6cf6c4d202f1f6ca3ac0
size: 23320
+ sha256: 0d73be1794796e4c87e1a20198109ec7364eee8c54dd6cf6c4d202f1f6ca3ac0
original:
hackage: crypton-0.31@sha256:c0e4aa081bd65d1cb415358ec43e83e7fe703c83b633243a89162bd6eb865850,18286
- completed:
hackage: crypton-x509-1.7.6@sha256:c567657a705b6d6521f9dd2de999bf530d618ec00f3b939df76a41fb0fe94281,2339
pantry-tree:
- sha256: 729e7db8dfc0a8b43e08bbd8d1387c9065e39beda6ac39e0fb9f10140810a3eb
size: 1080
+ sha256: 729e7db8dfc0a8b43e08bbd8d1387c9065e39beda6ac39e0fb9f10140810a3eb
original:
hackage: crypton-x509-1.7.6
- completed:
hackage: crypton-x509-store-1.6.9@sha256:422b9b9f87a7382c66385d047615b16fc86a68c08ea22b1e0117c143a2d44050,1750
pantry-tree:
- sha256: 87654d130a7f987ee139c821a1be45736d18df9fa4cb1142c4e054d3802338f3
size: 406
+ sha256: 87654d130a7f987ee139c821a1be45736d18df9fa4cb1142c4e054d3802338f3
original:
hackage: crypton-x509-store-1.6.9
+- completed:
+ hackage: c14n-0.1.0.3@sha256:71d230741cbe6023e3b3ef43c4acf79d18cc3631d956b2261e4a170302baaebc,1163
+ pantry-tree:
+ size: 285
+ sha256: 86277e6f592859bb078ebac3fa6d71880f0079858c1f1ca64c38885586e1b4f8
+ original:
+ hackage: c14n-0.1.0.3@sha256:71d230741cbe6023e3b3ef43c4acf79d18cc3631d956b2261e4a170302baaebc,1163
snapshots:
- completed:
- sha256: e63b43d506918278d05cd1448bd19352ab2faa9b8e9d64ce527b56f1a7fba149
size: 650255
url: https://raw.githubusercontent.com/commercialhaskell/stackage-snapshots/master/lts/20/25.yaml
+ sha256: e63b43d506918278d05cd1448bd19352ab2faa9b8e9d64ce527b56f1a7fba149
original: lts-20.25
diff --git a/stack.yaml.lock b/stack.yaml.lock
index 4b26887..b06a67d 100644
--- a/stack.yaml.lock
+++ b/stack.yaml.lock
@@ -5,12 +5,12 @@
packages:
- completed:
- hackage: c14n-0.1.0.1@sha256:c56a513c1363d126ee704656b59d2e2af1cfe878587a97cb69ab0122b82e2d4d,1371
+ hackage: c14n-0.1.0.3@sha256:71d230741cbe6023e3b3ef43c4acf79d18cc3631d956b2261e4a170302baaebc,1163
pantry-tree:
- sha256: 67187305166a25d10cb133378ae89c3d76d51ee756edd757a84f71f176eb61e7
+ sha256: 86277e6f592859bb078ebac3fa6d71880f0079858c1f1ca64c38885586e1b4f8
size: 285
original:
- hackage: c14n-0.1.0.1@sha256:c56a513c1363d126ee704656b59d2e2af1cfe878587a97cb69ab0122b82e2d4d,1371
+ hackage: c14n-0.1.0.3@sha256:71d230741cbe6023e3b3ef43c4acf79d18cc3631d956b2261e4a170302baaebc,1163
- completed:
hackage: crypton-0.31@sha256:c0e4aa081bd65d1cb415358ec43e83e7fe703c83b633243a89162bd6eb865850,18286
pantry-tree:
diff --git a/tests/Parser.hs b/tests/Parser.hs
index 215c307..2378469 100644
--- a/tests/Parser.hs
+++ b/tests/Parser.hs
@@ -1,6 +1,9 @@
{-# LANGUAGE ScopedTypeVariables #-}
{-# LANGUAGE AllowAmbiguousTypes #-}
{-# LANGUAGE TypeApplications #-}
+
+module Parser where
+
import Network.Wai.SAML2.EntityDescriptor
import Network.Wai.SAML2.Response
import Network.Wai.SAML2.XML
@@ -18,8 +21,8 @@ run src = do
resp <- parseXML (fromDocument doc)
pure $ BC.pack $ ppShow (resp :: t)
-main :: IO ()
-main = defaultMain $ testGroup "Parse SAML2 response"
+tests :: TestTree
+tests = testGroup "Parse SAML2 response"
[ mkGolden @Response $ prefix "keycloak.xml"
, mkGolden @Response $ prefix "okta.xml"
, mkGolden @Response $ prefix "google.xml"
diff --git a/tests/Validation.hs b/tests/Validation.hs
new file mode 100644
index 0000000..9a3dc7e
--- /dev/null
+++ b/tests/Validation.hs
@@ -0,0 +1,53 @@
+module Validation where
+
+import Control.Monad.Trans.Except
+import Crypto.PubKey.RSA (PublicKey)
+import qualified Data.ByteString as B
+import qualified Data.ByteString.Base64 as Base64
+import Data.Time.Format.ISO8601
+import qualified Data.X509 as X509
+import qualified Data.X509.Memory as X509
+import Network.Wai.SAML2
+import Network.Wai.SAML2.Validation
+import System.FilePath
+import Test.Tasty
+import Test.Tasty.ExpectedFailure
+import Test.Tasty.HUnit
+
+-- | Get a public key from a X.509 certificate
+parseCertificate :: B.ByteString -> PublicKey
+parseCertificate certificate = case X509.readSignedObjectFromMemory certificate of
+ [signedCert] -> case X509.certPubKey $ X509.signedObject $ X509.getSigned signedCert of
+ X509.PubKeyRSA key -> key
+ other -> error $ "Expected PubKeyRSA, but got " <> show other
+ xs -> error $ show xs
+
+run :: FilePath -> String -> FilePath -> IO ()
+run certPath timestamp respPath = do
+ cert <- B.readFile $ prefix certPath
+ xml <- B.readFile $ prefix respPath
+ now <- iso8601ParseM timestamp
+
+ let pub = parseCertificate cert
+ cfg = saml2ConfigNoEncryption pub
+
+ assertion <- runExceptT $ do
+ (responseXmlDoc, samlResponse) <- decodeResponse $ Base64.encode xml
+ validateSAMLResponse cfg responseXmlDoc samlResponse now
+
+ case assertion of
+ Left err -> assertFailure $ show err
+ Right _ -> pure ()
+
+prefix :: FilePath
+prefix = "tests/data"
+
+tests :: TestTree
+tests = testGroup "Validate SAML2 Response"
+ [ testCase "AzureAD signed response"
+ $ run "azuread.crt" "2023-05-10T01:20:00Z" "azuread-signed-response.xml"
+ , expectFail $ testCase "AzureAD signed assertion"
+ $ run "azuread.crt" "2023-05-09T16:00:00Z" "azuread-signed-assertion.xml"
+ , testCase "Okta with AttributeStatement"
+ $ run "okta.crt" "2023-06-16T06:43:00.000Z" "okta-attributes.xml"
+ ]
diff --git a/tests/data/azuread-signed-assertion.xml b/tests/data/azuread-signed-assertion.xml
new file mode 100644
index 0000000..7c36763
--- /dev/null
+++ b/tests/data/azuread-signed-assertion.xml
@@ -0,0 +1 @@
+https://sts.windows.net/b0a63ade-3ec7-4d8b-991f-87eb4336274a/https://sts.windows.net/b0a63ade-3ec7-4d8b-991f-87eb4336274a/SkxHylilOD37KOxJT4V0YLIsL3W3AYHWM+iIZHmbukc=EIg22vtTqnEhiwE3HYruwnWOTKQjs57aQSqeq4gnLV7yoqQw0jjPWkkGTto2/0TeHWomX58Gj2MDNCRjlwid2jQuy6jZQW2+wDBurElVAO7trcxrX48EaKnG9ZPh/1++40O1l970zVzSRwknFvnOHpghWQsib9NadrRWB6/ZbmwpVhCfYYAcfu8z/o8TdQQtE66I2dr6YD8kAPbBe/vEeHBVPycaZj+8fqia5sIpGBUnH7rTvaTnzBHol1zg1YYyK8O53p7baQaQQ8WEZ4agBNjtHeJGbo2bP8uvO14FnoVoUQqDATJKkDHq5rM+6tQ0RvZgSP6jjKoiw5pfchedpQ==MIIC8DCCAdigAwIBAgIQafqoqGZ3HoxNh23cdsDACjANBgkqhkiG9w0BAQsFADA0MTIwMAYDVQQDEylNaWNyb3NvZnQgQXp1cmUgRmVkZXJhdGVkIFNTTyBDZXJ0aWZpY2F0ZTAeFw0yMjEwMjQwNDM3MzJaFw0yNTEwMjQwNDM3MzJaMDQxMjAwBgNVBAMTKU1pY3Jvc29mdCBBenVyZSBGZWRlcmF0ZWQgU1NPIENlcnRpZmljYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuIrXrPws5kjzFTAJbXa/pitQ2hZTs9CMOv48iFXJLRRr90GaIUikqbU0X4CL3bewMC0XVBlBQwTGpRIIWbYreZ6lfQYaP/ACGysQ96m2aknH8cUQdlUFCEo94LlzTLqkDf+JWfdBT6AWDS9aLjS/r25HZRUR7xBcdSYOfSEE2UcO8QBH9BvoOD/xBBwAvSo4rjOwr9ZaKAG3Axu7Dh/T2AAE5ZHbCIQEeMEEkofQbexitiTYt0c2CyWdAFoR6MlxEPhWE8sIko62PhDMBMuGu67ZCbBINIVj2CcDr1kBx6OVdgvZYum/A09RRzBTMuFMP2+WG3yCjaUMA3Gn5lpv2QIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQAO0/TzTx1OQYUTPGwafh2mHzVpc9Hk2LIY+YvV4bbVsUwnuV6HKVr2Sn3uLIUiSE/JjTdjy7KE/1LBN2KNMe7vs67gOIjOODf/LMQJMHqu7oJtZdt1omrpxJH6DkA/YmPGyUOcX7ADLbaw4cf2lTt8Pk97HP+EvAM31ZfjLtgyGDlREeWa/y2wWOHOdeO1CGwvK1BKz9Sdg7bAs7lBSX/1Qp8pnnOJb/2wNuc9vw6p5UCEFvlAzGyRRLPZfDiazDzTznTyYDPupzJ5pic3rcogzCGQGUWW5dGG7c6lM6EAYDKNAZ+cv4wWrMA4sAo+DdNkzs8sDSv8Jw1AXGRuOTzQfumieval@herpdev.onmicrosoft.comhttps://loopback.ja-sore.de:3443/b0a63ade-3ec7-4d8b-991f-87eb4336274a552200d7-3516-4d81-8ea1-a87b429f07effumievalhttps://sts.windows.net/b0a63ade-3ec7-4d8b-991f-87eb4336274a/http://schemas.microsoft.com/ws/2008/06/identity/authenticationmethod/passwordfumieval@herpdev.onmicrosoft.comurn:oasis:names:tc:SAML:2.0:ac:classes:Password
\ No newline at end of file
diff --git a/tests/data/azuread-signed-response.xml b/tests/data/azuread-signed-response.xml
new file mode 100644
index 0000000..652f34a
--- /dev/null
+++ b/tests/data/azuread-signed-response.xml
@@ -0,0 +1 @@
+https://sts.windows.net/b0a63ade-3ec7-4d8b-991f-87eb4336274a/smKor6LEHK0P+AlWTo7tPay67uUlbAe+ab0i9SrP6l8=naCN4lVR8RyqmLg4k0xjV2iM3mauBfBvswhJC/y2ikUf/i61WnOzmwI6+71yM8KSWCwiclQeUdgQf1ZHlNUlqub/ovaHQw6h5PN5wNSxDXp1O/YJ7Mh+JgcIAqKS5lQyes0LO1KAIukEShcla1ml4CnnzEjVQl7dBDsmwu3hRmkYSOeLCh1Ln0kCclG1W5IFJiDd2IJLoomUGvUq3Ei5sS/dFCRgPizu8IdFYjAvo51WwFDJGMVJLFnfo/xf+FctUt9MWMtOJ4X0J2RefLgyAVyT9NFzQWMOEBPXHinHfmWp9bI1DtQz4UZJnwJW1IizNlKpdE0Yt8j0FqvmAFHwOA==MIIC8DCCAdigAwIBAgIQafqoqGZ3HoxNh23cdsDACjANBgkqhkiG9w0BAQsFADA0MTIwMAYDVQQDEylNaWNyb3NvZnQgQXp1cmUgRmVkZXJhdGVkIFNTTyBDZXJ0aWZpY2F0ZTAeFw0yMjEwMjQwNDM3MzJaFw0yNTEwMjQwNDM3MzJaMDQxMjAwBgNVBAMTKU1pY3Jvc29mdCBBenVyZSBGZWRlcmF0ZWQgU1NPIENlcnRpZmljYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuIrXrPws5kjzFTAJbXa/pitQ2hZTs9CMOv48iFXJLRRr90GaIUikqbU0X4CL3bewMC0XVBlBQwTGpRIIWbYreZ6lfQYaP/ACGysQ96m2aknH8cUQdlUFCEo94LlzTLqkDf+JWfdBT6AWDS9aLjS/r25HZRUR7xBcdSYOfSEE2UcO8QBH9BvoOD/xBBwAvSo4rjOwr9ZaKAG3Axu7Dh/T2AAE5ZHbCIQEeMEEkofQbexitiTYt0c2CyWdAFoR6MlxEPhWE8sIko62PhDMBMuGu67ZCbBINIVj2CcDr1kBx6OVdgvZYum/A09RRzBTMuFMP2+WG3yCjaUMA3Gn5lpv2QIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQAO0/TzTx1OQYUTPGwafh2mHzVpc9Hk2LIY+YvV4bbVsUwnuV6HKVr2Sn3uLIUiSE/JjTdjy7KE/1LBN2KNMe7vs67gOIjOODf/LMQJMHqu7oJtZdt1omrpxJH6DkA/YmPGyUOcX7ADLbaw4cf2lTt8Pk97HP+EvAM31ZfjLtgyGDlREeWa/y2wWOHOdeO1CGwvK1BKz9Sdg7bAs7lBSX/1Qp8pnnOJb/2wNuc9vw6p5UCEFvlAzGyRRLPZfDiazDzTznTyYDPupzJ5pic3rcogzCGQGUWW5dGG7c6lM6EAYDKNAZ+cv4wWrMA4sAo+DdNkzs8sDSv8Jw1AXGRuOTzQhttps://sts.windows.net/b0a63ade-3ec7-4d8b-991f-87eb4336274a/fumieval@herpdev.onmicrosoft.comhttps://loopback.ja-sore.de:3443/b0a63ade-3ec7-4d8b-991f-87eb4336274a552200d7-3516-4d81-8ea1-a87b429f07effumievalhttps://sts.windows.net/b0a63ade-3ec7-4d8b-991f-87eb4336274a/http://schemas.microsoft.com/ws/2008/06/identity/authenticationmethod/passwordfumieval@herpdev.onmicrosoft.comurn:oasis:names:tc:SAML:2.0:ac:classes:Password
\ No newline at end of file
diff --git a/tests/data/azuread.crt b/tests/data/azuread.crt
new file mode 100644
index 0000000..4bedcfe
--- /dev/null
+++ b/tests/data/azuread.crt
@@ -0,0 +1,3 @@
+-----BEGIN CERTIFICATE-----
+MIIC8DCCAdigAwIBAgIQafqoqGZ3HoxNh23cdsDACjANBgkqhkiG9w0BAQsFADA0MTIwMAYDVQQDEylNaWNyb3NvZnQgQXp1cmUgRmVkZXJhdGVkIFNTTyBDZXJ0aWZpY2F0ZTAeFw0yMjEwMjQwNDM3MzJaFw0yNTEwMjQwNDM3MzJaMDQxMjAwBgNVBAMTKU1pY3Jvc29mdCBBenVyZSBGZWRlcmF0ZWQgU1NPIENlcnRpZmljYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuIrXrPws5kjzFTAJbXa/pitQ2hZTs9CMOv48iFXJLRRr90GaIUikqbU0X4CL3bewMC0XVBlBQwTGpRIIWbYreZ6lfQYaP/ACGysQ96m2aknH8cUQdlUFCEo94LlzTLqkDf+JWfdBT6AWDS9aLjS/r25HZRUR7xBcdSYOfSEE2UcO8QBH9BvoOD/xBBwAvSo4rjOwr9ZaKAG3Axu7Dh/T2AAE5ZHbCIQEeMEEkofQbexitiTYt0c2CyWdAFoR6MlxEPhWE8sIko62PhDMBMuGu67ZCbBINIVj2CcDr1kBx6OVdgvZYum/A09RRzBTMuFMP2+WG3yCjaUMA3Gn5lpv2QIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQAO0/TzTx1OQYUTPGwafh2mHzVpc9Hk2LIY+YvV4bbVsUwnuV6HKVr2Sn3uLIUiSE/JjTdjy7KE/1LBN2KNMe7vs67gOIjOODf/LMQJMHqu7oJtZdt1omrpxJH6DkA/YmPGyUOcX7ADLbaw4cf2lTt8Pk97HP+EvAM31ZfjLtgyGDlREeWa/y2wWOHOdeO1CGwvK1BKz9Sdg7bAs7lBSX/1Qp8pnnOJb/2wNuc9vw6p5UCEFvlAzGyRRLPZfDiazDzTznTyYDPupzJ5pic3rcogzCGQGUWW5dGG7c6lM6EAYDKNAZ+cv4wWrMA4sAo+DdNkzs8sDSv8Jw1AXGRuOTzQ
+-----END CERTIFICATE-----
diff --git a/tests/data/okta-attributes.xml b/tests/data/okta-attributes.xml
new file mode 100644
index 0000000..f5e6922
--- /dev/null
+++ b/tests/data/okta-attributes.xml
@@ -0,0 +1,17 @@
+http://www.okta.com/exk5qcxp4hc3aXlST697yE2k0Ez50kHpdaFnQdGIYs/fT18JtldMOhsgMfdBQ7c=PNuTkyHJKBlO0ZE53J/CicLGmSmDQK4RfIkMZyzDJHdtN2FOrLaMKYUIZIMt5dZsUGlRNe+p5b8TsMLzp+LQyf72JkrAtfoqin3TQXWJlxffW+ZkloWsyVxG/Prvox7PhgHgZDZDDCAdTPPLsLosCaptuC3m06DvEuSq7+p5UPtRqbkBaFEb27fe3NKGoGnOcBFZ/Le/ExJQ7thvB3RyvZk5RwVQ1R2M2jCLuZ5jlsc4FogRJ9V0tqj/PVxPK5fhhgnZbsZr3yNS8nWJNAIWwRt6sHEUKi5CrWUG5TuN9Hp/+kSbR7b0Ge1JKV1jZAUodeqzZ06luXipwIqBwV0Y2g==MIIDoDCCAoigAwIBAgIGAYiKK3aGMA0GCSqGSIb3DQEBCwUAMIGQMQswCQYDVQQGEwJVUzETMBEG
+A1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEU
+MBIGA1UECwwLU1NPUHJvdmlkZXIxETAPBgNVBAMMCGhlcnAtaW5jMRwwGgYJKoZIhvcNAQkBFg1p
+bmZvQG9rdGEuY29tMB4XDTIzMDYwNTA2MDcwNFoXDTMzMDYwNTA2MDgwNFowgZAxCzAJBgNVBAYT
+AlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1TYW4gRnJhbmNpc2NvMQ0wCwYDVQQK
+DARPa3RhMRQwEgYDVQQLDAtTU09Qcm92aWRlcjERMA8GA1UEAwwIaGVycC1pbmMxHDAaBgkqhkiG
+9w0BCQEWDWluZm9Ab2t0YS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2YKQa
+PDrssVNqBokKyT77wYUlXKkTnHNtbD1rdXhiIGTszmxmF/NuzLfS1TMvzqiMnpbAwswTnNMF6sx2
+M/gl9tWpL6OF4MvCQf78LvzyTOKvghojJkpE65XbkB4HETpOKYlXhvwwbCG4rskMqtFEosM2dxY6
+KWUPAJyL0Z9hpqavvq6Ct8nAjZxHCKFQGcYfCfMXxI55/+xYuetHHo4BTj417FGLvHBgJkgYsc//
+KRPzC1rPkTjIGn8hlmnGfkZ7srp+UGrewhlPvj6rZVkrgQdL6PTqXvwbe7XHOKjt79vPfGZBp/jq
+FRwKTO1fbvGWzF2/vIJFuR90p4a90x6pAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAGOKuxgCynAU
+YU5oX19FiXrITcj3/XmdWZ2yTF72T0a4edhiKM0E0adcywxplllihSQV75k90Z+fmVREHFU+WacC
+s9X8WdBkuZFH94Mgd1o2yXvFoZsbu4U1awNsgVpzKMsE7tSNScp2adz0JoU7oXqojiX90ED7m0bW
+veEoVep+q6qc1kymA+mw9N42vEUOAN0i7ZD7SFtx2F9/yQGZt9egdr1NtLh6/pRw+wjyCjWQAGqW
+dR4LKvZeoxejw3h3NOPt/lcImoEOPzrmNgZe6PXaTVG5NB9RmUuhM28DlofFP5z+8LraE4zvVxNn
+Kw4QKKQWq+GelzAysM/94owvTA0=http://www.okta.com/exk5qcxp4hc3aXlST697hiroqn@herp.co.jppanemagi.beta.ja-sore.deurn:oasis:names:tc:SAML:2.0:ac:classes:unspecifiednetwalkhiroqnhiroqn@herp.co.jppanemagi_access
\ No newline at end of file
diff --git a/tests/data/okta.crt b/tests/data/okta.crt
new file mode 100644
index 0000000..6b5c60c
--- /dev/null
+++ b/tests/data/okta.crt
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDoDCCAoigAwIBAgIGAYiKK3aGMA0GCSqGSIb3DQEBCwUAMIGQMQswCQYDVQQGEwJVUzETMBEG
+A1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEU
+MBIGA1UECwwLU1NPUHJvdmlkZXIxETAPBgNVBAMMCGhlcnAtaW5jMRwwGgYJKoZIhvcNAQkBFg1p
+bmZvQG9rdGEuY29tMB4XDTIzMDYwNTA2MDcwNFoXDTMzMDYwNTA2MDgwNFowgZAxCzAJBgNVBAYT
+AlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1TYW4gRnJhbmNpc2NvMQ0wCwYDVQQK
+DARPa3RhMRQwEgYDVQQLDAtTU09Qcm92aWRlcjERMA8GA1UEAwwIaGVycC1pbmMxHDAaBgkqhkiG
+9w0BCQEWDWluZm9Ab2t0YS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2YKQa
+PDrssVNqBokKyT77wYUlXKkTnHNtbD1rdXhiIGTszmxmF/NuzLfS1TMvzqiMnpbAwswTnNMF6sx2
+M/gl9tWpL6OF4MvCQf78LvzyTOKvghojJkpE65XbkB4HETpOKYlXhvwwbCG4rskMqtFEosM2dxY6
+KWUPAJyL0Z9hpqavvq6Ct8nAjZxHCKFQGcYfCfMXxI55/+xYuetHHo4BTj417FGLvHBgJkgYsc//
+KRPzC1rPkTjIGn8hlmnGfkZ7srp+UGrewhlPvj6rZVkrgQdL6PTqXvwbe7XHOKjt79vPfGZBp/jq
+FRwKTO1fbvGWzF2/vIJFuR90p4a90x6pAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAGOKuxgCynAU
+YU5oX19FiXrITcj3/XmdWZ2yTF72T0a4edhiKM0E0adcywxplllihSQV75k90Z+fmVREHFU+WacC
+s9X8WdBkuZFH94Mgd1o2yXvFoZsbu4U1awNsgVpzKMsE7tSNScp2adz0JoU7oXqojiX90ED7m0bW
+veEoVep+q6qc1kymA+mw9N42vEUOAN0i7ZD7SFtx2F9/yQGZt9egdr1NtLh6/pRw+wjyCjWQAGqW
+dR4LKvZeoxejw3h3NOPt/lcImoEOPzrmNgZe6PXaTVG5NB9RmUuhM28DlofFP5z+8LraE4zvVxNn
+Kw4QKKQWq+GelzAysM/94owvTA0=
+-----END CERTIFICATE-----
diff --git a/tests/spec.hs b/tests/spec.hs
new file mode 100644
index 0000000..87c1e70
--- /dev/null
+++ b/tests/spec.hs
@@ -0,0 +1,12 @@
+{-# LANGUAGE ScopedTypeVariables #-}
+{-# LANGUAGE AllowAmbiguousTypes #-}
+{-# LANGUAGE TypeApplications #-}
+import Test.Tasty
+import qualified Parser
+import qualified Validation
+
+main :: IO ()
+main = defaultMain $ testGroup "wai-saml2 tests"
+ [ Parser.tests
+ , Validation.tests
+ ]
diff --git a/wai-saml2.cabal b/wai-saml2.cabal
index b14a51c..d265542 100644
--- a/wai-saml2.cabal
+++ b/wai-saml2.cabal
@@ -20,10 +20,15 @@ build-type: Simple
extra-source-files:
README.md
CHANGELOG.md
+ tests/data/azuread-signed-assertion.xml
+ tests/data/azuread-signed-response.xml
+ tests/data/azuread.crt
tests/data/google.xml
tests/data/google.xml.expected
tests/data/keycloak.xml
tests/data/keycloak.xml.expected
+ tests/data/okta-attributes.xml
+ tests/data/okta.crt
tests/data/okta.xml
tests/data/okta.xml.expected
tests/data/metadata/google.xml
@@ -84,10 +89,12 @@ library
, zlib >=0.6.0.0 && <0.8
default-language: Haskell2010
-test-suite parser
+test-suite wai-saml2-test
type: exitcode-stdio-1.0
- main-is: Parser.hs
+ main-is: spec.hs
other-modules:
+ Parser
+ Validation
Paths_wai_saml2
hs-source-dirs:
tests
@@ -113,9 +120,12 @@ test-suite parser
, network-uri >=2.0 && <3
, pretty-show
, tasty
+ , tasty-expected-failure
, tasty-golden
+ , tasty-hunit
, text <2.2
, time >=1.9 && <2
+ , transformers
, vault >=0.3 && <1
, wai >=3.0 && <4
, wai-extra >=3.0 && <4