Closed Philonous closed 2 years ago
Hey @Philonous, thanks for opening this PR!
I removed encryptedKeyData from EncryptedKey. It's not used anywhere and prevented the assertion from being parsed.
I have had a look over the specification for EncryptedKey
which largely extends the specification for EncryptedType
. It seems that the KeyInfo
key is optional (minOccurs='0'
), rather than required. Even though it is not currently used, I would probably prefer correctly implementing it as optional, rather than removing outright! Could you make that change?
The parsing code had a subtle bug: [..]
Well spotted! Thanks for fixing this.
I updated the PR so the encryptedKeyData
field is parsed optionally.
Sorry about the white space changes, I've configured my editor to automatically remove trailing white spaces. I've tried to leave them out of the commit, but some seem to have slipped through and I couldn't be bothered to remove them since they are an improvement anyway :sweat_smile:
This is now released as https://hackage.haskell.org/package/wai-saml2-0.3.0.0, thank you again!
I'm tyring to use your library with keycloak, and made a few changes to accommodate that use case:
encryptedKeyData
from EncryptedKey. It's not used anywhere and prevented the assertion from being parsed.Take for example (from here):
This parses as
Note how the
oneOrFail
applies the whole expression including the>=> parseXML
. The problem arises whenparseXML
throws an error. The correct behaviour is that the error gets thrown according to the MonadFail instance of the outer expression. However, becauseoneOrFail
expects a list, parseXML uses theMonadFail
instance of list, which just discards the error and returns an empty list.oneOrFail
then throws its own error. The result is that the error thatparseXML
threw is replaced, making debugging a lot harder.I replaced it with the following code, which propagates errors correctly: