| Safe Haskell | None |
|---|---|
| Language | GHC2021 |
Test.Spar.CertFingerprintAllowlist
Synopsis
- testAcceptsWhenAllowlistEmpty :: HasCallStack => App ()
- testCreateRejectsWhenFingerprintNotListed :: HasCallStack => App ()
- testAcceptsWhenFingerprintListed :: HasCallStack => App ()
- testAcceptsMultiCertWhenAllListed :: HasCallStack => App ()
- testRejectsMultiCertWhenAnyMissing :: HasCallStack => App ()
- testUpdateRejectsWhenFingerprintNotListed :: HasCallStack => App ()
- testFinalizeLoginSucceedsWhenCertAllowlisted :: HasCallStack => App ()
- bogusFingerprint :: String
- firstCert :: IdPMetadata -> SignedCertificate
- firstCertFingerprint :: IdPMetadata -> String
- makeIdPMetaWithCerts :: HasCallStack => Int -> App (IdPMetadata, NonEmpty SignedCertificate)
- withAllowlist :: [String] -> Value -> App Value
Documentation
testAcceptsWhenAllowlistEmpty :: HasCallStack => App () Source #
testFinalizeLoginSucceedsWhenCertAllowlisted :: HasCallStack => App () Source #
SAML finalize-login succeeds when the IdP cert is on the allowlist. The negative case (cert removed from allowlist after IdP creation) is covered by unit tests in Test.Spar.Saml.IdPSpec: dynamic backends use isolated Cassandra keyspaces so the two configs cannot share IdP state.
bogusFingerprint :: String Source #
20 zero bytes — valid hex, no real cert matches.
firstCert :: IdPMetadata -> SignedCertificate Source #
First cert in the descriptor's AuthnResponse cert list.
firstCertFingerprint :: IdPMetadata -> String Source #
First cert's SHA-1, canonical AA:BB:.. form.
makeIdPMetaWithCerts :: HasCallStack => Int -> App (IdPMetadata, NonEmpty SignedCertificate) Source #
Sample IdP metadata with n distinct certs in its AuthnResponse cert
list (n >= 1). Returns the metadata and the certs (in the same order as
they appear in the metadata).