初始提交: Gitea 项目代码

2026-05-30 22:47:36 +08:00
commit f288f76350
6116 changed files with 776822 additions and 0 deletions
@@ -0,0 +1,61 @@
+// Copyright 2026 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package oauth2_provider
+
+import (
+	"crypto/ecdsa"
+	"crypto/elliptic"
+	"crypto/rand"
+	"encoding/base64"
+	"math/big"
+	"testing"
+
+	"github.com/golang-jwt/jwt/v5"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+func TestECDSASigningKeyToJWK(t *testing.T) {
+	for _, tc := range []struct {
+		curve         elliptic.Curve
+		signingMethod jwt.SigningMethod
+		expectedAlg   string
+		expectedCrv   string
+		coordLen      int
+	}{
+		{elliptic.P256(), jwt.SigningMethodES256, "ES256", "P-256", 32},
+		{elliptic.P384(), jwt.SigningMethodES384, "ES384", "P-384", 48},
+		{elliptic.P521(), jwt.SigningMethodES512, "ES512", "P-521", 66},
+	} {
+		t.Run(tc.expectedCrv, func(t *testing.T) {
+			privKey, err := ecdsa.GenerateKey(tc.curve, rand.Reader)
+			require.NoError(t, err)
+
+			signingKey, err := newECDSASingingKey(tc.signingMethod, privKey)
+			require.NoError(t, err)
+
+			jwk, err := signingKey.ToJWK()
+			require.NoError(t, err)
+
+			assert.Equal(t, "EC", jwk["kty"])
+			assert.Equal(t, tc.expectedAlg, jwk["alg"])
+			assert.Equal(t, tc.expectedCrv, jwk["crv"])
+			assert.NotEmpty(t, jwk["kid"])
+
+			// Verify coordinates are the correct fixed length per RFC 7518 / SEC 1
+			xBytes, err := base64.RawURLEncoding.DecodeString(jwk["x"])
+			require.NoError(t, err)
+			assert.Len(t, xBytes, tc.coordLen)
+
+			yBytes, err := base64.RawURLEncoding.DecodeString(jwk["y"])
+			require.NoError(t, err)
+			assert.Len(t, yBytes, tc.coordLen)
+
+			// Verify the decoded coordinates reconstruct the original public key point
+			pubKey := privKey.Public().(*ecdsa.PublicKey)
+			assert.Equal(t, 0, new(big.Int).SetBytes(xBytes).Cmp(pubKey.X))
+			assert.Equal(t, 0, new(big.Int).SetBytes(yBytes).Cmp(pubKey.Y))
+		})
+	}
+}