# Copyright (C) 2020-2021  The Software Heritage developers
# See the AUTHORS file at the top-level directory of this distribution
# License: GNU Affero General Public License version 3, or any later version
# See top-level LICENSE file for more information

from base64 import urlsafe_b64encode
import hashlib
import re

from swh.auth.utils import gen_oidc_pkce_codes


def test_gen_oidc_pkce_codes():
    """
    Check generated PKCE codes respect the specification
    (see https://tools.ietf.org/html/rfc7636#section-4.1)
    """
    code_verifier, code_challenge = gen_oidc_pkce_codes()

    # check the code verifier only contains allowed characters
    assert re.match(r"[a-zA-Z0-9-\._~]+", code_verifier)

    # check minimum and maximum authorized length for the
    # code verifier
    assert len(code_verifier) >= 43
    assert len(code_verifier) <= 128

    # compute code challenge from code verifier
    challenge = hashlib.sha256(code_verifier.encode("ascii")).digest()
    challenge = urlsafe_b64encode(challenge).decode("ascii")
    challenge = challenge.replace("=", "")

    # check base64 padding is not present
    assert not code_challenge[-1].endswith("=")
    # check code challenge is valid
    assert code_challenge == challenge