root
62 lines
1.8 KiB
Go
62 lines
1.8 KiB
Go
// Copyright 2026 The Gitea Authors. All rights reserved.
|
|
// SPDX-License-Identifier: MIT
|
|
|
|
package oauth2_provider
|
|
|
|
import (
|
|
"crypto/ecdsa"
|
|
"crypto/elliptic"
|
|
"crypto/rand"
|
|
"encoding/base64"
|
|
"math/big"
|
|
"testing"
|
|
|
|
"github.com/golang-jwt/jwt/v5"
|
|
"github.com/stretchr/testify/assert"
|
|
"github.com/stretchr/testify/require"
|
|
)
|
|
|
|
func TestECDSASigningKeyToJWK(t *testing.T) {
|
|
for _, tc := range []struct {
|
|
curve elliptic.Curve
|
|
signingMethod jwt.SigningMethod
|
|
expectedAlg string
|
|
expectedCrv string
|
|
coordLen int
|
|
}{
|
|
{elliptic.P256(), jwt.SigningMethodES256, "ES256", "P-256", 32},
|
|
{elliptic.P384(), jwt.SigningMethodES384, "ES384", "P-384", 48},
|
|
{elliptic.P521(), jwt.SigningMethodES512, "ES512", "P-521", 66},
|
|
} {
|
|
t.Run(tc.expectedCrv, func(t *testing.T) {
|
|
privKey, err := ecdsa.GenerateKey(tc.curve, rand.Reader)
|
|
require.NoError(t, err)
|
|
|
|
signingKey, err := newECDSASingingKey(tc.signingMethod, privKey)
|
|
require.NoError(t, err)
|
|
|
|
jwk, err := signingKey.ToJWK()
|
|
require.NoError(t, err)
|
|
|
|
assert.Equal(t, "EC", jwk["kty"])
|
|
assert.Equal(t, tc.expectedAlg, jwk["alg"])
|
|
assert.Equal(t, tc.expectedCrv, jwk["crv"])
|
|
assert.NotEmpty(t, jwk["kid"])
|
|
|
|
// Verify coordinates are the correct fixed length per RFC 7518 / SEC 1
|
|
xBytes, err := base64.RawURLEncoding.DecodeString(jwk["x"])
|
|
require.NoError(t, err)
|
|
assert.Len(t, xBytes, tc.coordLen)
|
|
|
|
yBytes, err := base64.RawURLEncoding.DecodeString(jwk["y"])
|
|
require.NoError(t, err)
|
|
assert.Len(t, yBytes, tc.coordLen)
|
|
|
|
// Verify the decoded coordinates reconstruct the original public key point
|
|
pubKey := privKey.Public().(*ecdsa.PublicKey)
|
|
assert.Equal(t, 0, new(big.Int).SetBytes(xBytes).Cmp(pubKey.X))
|
|
assert.Equal(t, 0, new(big.Int).SetBytes(yBytes).Cmp(pubKey.Y))
|
|
})
|
|
}
|
|
}
|