(apisix) branch master updated: chore: add test for verifying lua-resty-openssl bug fix (#12656)

Thu, 09 Oct 2025 22:32:30 -0700 

This is an automated email from the ASF dual-hosted git repository.

ashishtiwari pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/apisix.git


The following commit(s) were added to refs/heads/master by this push:
     new 510d23d59 chore: add test for verifying lua-resty-openssl bug fix 
(#12656)
510d23d59 is described below

commit 510d23d59c5a9ff91445be4f865f98028c9eb569
Author: Ashish Tiwari <[email protected]>
AuthorDate: Fri Oct 10 11:01:29 2025 +0530

    chore: add test for verifying lua-resty-openssl bug fix (#12656)
---
 t/plugin/jwt-auth4.t | 74 ++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 74 insertions(+)

diff --git a/t/plugin/jwt-auth4.t b/t/plugin/jwt-auth4.t
index 333b26166..b1e873f7d 100644
--- a/t/plugin/jwt-auth4.t
+++ b/t/plugin/jwt-auth4.t
@@ -350,3 +350,77 @@ Authorization: bearer 
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJrZXkiOiJ1c2VyLWtle
 --- error_code: 200
 --- response_body
 JWT found in ctx. Payload key: user-key
+
+
+
+=== TEST 10: Test Ed448 signature verification with lua-resty-openssl
+--- config
+    location /t {
+        content_by_lua_block {
+            local t = require("lib.test_admin").test
+            local core = require("apisix.core")
+            local pkey = require("resty.openssl.pkey")
+            local base64 = require("ngx.base64")
+
+            -- Test data for Ed448 verification
+            local header = 
"eyJhbGciOiJFZERTQSIsInR5cCI6IkpXVCIsImtpZCI6InNjTy16dnUwWWRxOEVJSmxIb25CdWNYVmN2VjVnUm1oZ1BnZXFWSzZFdVkiLCJqa3UiOiJodHRwOi8vbG9jYWxob3N0OjkwNDIvb2lkYy9qd2tzIn0"
+            local payload = "eyJjbGllbnRfaWQiOiJhcHAtMDEifQ"
+            local signature = 
"kOC0UuRy3-eOSZiYWdH1izidwg1cWHsVAgvWgonOw7q1fEOXxD-AG3R1aj-heq-ENZn4hHWv3j8AabiBm6psCwrtf9C7ygDJmFT38Q2-EB3aVlbXSujXjwvWrw0o4yCZciHRVB2pNVkw36pjbQm2Lh8A"
+            local jwk = '{"alg": "EdDSA", "crv": "Ed448", "kty": "OKP", "use": 
"sig", "x": 
"XtrFWAUpoSzZd8OXZAP8LAUyfcGKVnAH7MNJZmqlmz-vz05pwP2q-8cOb14UmkY9nvbL1iBl1tUA"}'
+
+            local raw_signature = base64.decode_base64url(signature)
+
+            -- Test JWK import
+            local ed448, err = pkey.new(jwk, { format = "JWK" })
+            if not ed448 then
+                ngx.say("FAIL: Failed to create pkey from JWK: ", err)
+                return
+            end
+
+            -- Test JWK export to verify consistency
+            local exported_jwk, export_err = ed448:tostring("public", "JWK")
+            if not exported_jwk then
+                ngx.say("FAIL: Failed to export JWK: ", export_err)
+                return
+            end
+
+            -- Parse JWKs to compare
+            local original_parsed = core.json.decode(jwk)
+            local exported_parsed = core.json.decode(exported_jwk)
+
+            if not original_parsed or not exported_parsed then
+                ngx.say("FAIL: Failed to parse JWKs")
+                return
+            end
+
+            -- Verify key parameters are consistent
+            local jwk_consistent = (original_parsed.crv == 
exported_parsed.crv) and
+                                  (original_parsed.kty == exported_parsed.kty)
+
+            if not jwk_consistent then
+                ngx.say("FAIL: JWK parameters inconsistent - Original crv: ", 
original_parsed.crv,
+                       ", Exported crv: ", exported_parsed.crv)
+                return
+            end
+
+            -- Test signature verification
+            local data_to_verify = header .. "." .. payload
+            local verify, verify_err = ed448:verify(raw_signature, 
data_to_verify)
+
+            if verify then
+                ngx.say("PASS: Ed448 signature verification successful")
+                ngx.say("PASS: JWK import/export consistent")
+            else
+                ngx.say("FAIL: Ed448 signature verification failed - Error: ", 
verify_err)
+                ngx.say("INFO: This may be expected with older 
lua-resty-openssl versions")
+                ngx.say("INFO: Original JWK x: ", original_parsed.x)
+                ngx.say("INFO: Exported JWK x: ", exported_parsed.x)
+            end
+        }
+    }
+--- request
+GET /t
+--- response_body_like
+(PASS: Ed448 signature verification successful|FAIL: Ed448 signature 
verification failed)
+--- no_error_log
+[error]

Reply via email to