integration-0.1.0
Safe HaskellNone
LanguageGHC2021

Test.Spar.CertFingerprintAllowlist

Synopsis

Documentation

testFinalizeLoginSucceedsWhenCertAllowlisted :: HasCallStack => App () Source #

SAML finalize-login succeeds when the IdP cert is on the allowlist. The negative case (cert removed from allowlist after IdP creation) is covered by unit tests in Test.Spar.Saml.IdPSpec: dynamic backends use isolated Cassandra keyspaces so the two configs cannot share IdP state.

bogusFingerprint :: String Source #

20 zero bytes — valid hex, no real cert matches.

firstCert :: IdPMetadata -> SignedCertificate Source #

First cert in the descriptor's AuthnResponse cert list.

firstCertFingerprint :: IdPMetadata -> String Source #

First cert's SHA-1, canonical AA:BB:.. form.

makeIdPMetaWithCerts :: HasCallStack => Int -> App (IdPMetadata, NonEmpty SignedCertificate) Source #

Sample IdP metadata with n distinct certs in its AuthnResponse cert list (n >= 1). Returns the metadata and the certs (in the same order as they appear in the metadata).

withAllowlist :: [String] -> Value -> App Value Source #

Patch sparCfg to set the allowlist to the given hex strings.