[Improvement] Correct handling of in ECDSA algorithms in StaticSignKeyValidator.java

[justinmclean]

What would you like to be improved?

Java does not have a KeyFactory called "ECDSA", in Java ECDSA is the signature method, EC is the key type.

Here's a unit test to help:

  @Test
  public void testValidateTokenWithEcdsaSignature() {
    KeyPair keyPair = Keys.keyPairFor(SignatureAlgorithm.ES256);
    Map<String, String> config = createBaseConfig();
    config.put(
        "gravitino.authenticator.oauth.defaultSignKey",
        Base64.getEncoder().encodeToString(keyPair.getPublic().getEncoded()));
    config.put("gravitino.authenticator.oauth.signAlgorithmType", "ES256");
    validator.initialize(createConfig(config));

    String token =
        Jwts.builder()
            .setSubject("test-user")
            .setAudience(serviceAudience)
            .setIssuedAt(Date.from(Instant.now()))
            .setExpiration(Date.from(Instant.now().plusSeconds(3600)))
            .signWith(keyPair.getPrivate(), SignatureAlgorithm.ES256)
            .compact();

    Principal principal = validator.validateToken(token, serviceAudience);
    assertNotNull(principal);
    assertEquals("test-user", principal.getName());
  }

This will currently throw a "java.security.NoSuchAlgorithmException: ECDSA KeyFactory not available" error.

How should we improve?

To fix you'll need something along these lines:

      switch (algFamilyType) {
        case HMAC:
          return Keys.hmacShaKeyFor(key);
        case RSA:
          return KeyFactory.getInstance("RSA").generatePublic(new X509EncodedKeySpec(key));
        case ECDSA:
          return KeyFactory.getInstance("EC").generatePublic(new X509EncodedKeySpec(key));
        default:
          throw new IllegalArgumentException("Unsupported signature algorithm type: " + algType);
      }

[PCloud63514]

Hi! @justinmclean Can I take this issue?

[justinmclean]

Sure, if you have any questions, just ask, it's probably a little more involved than the suggested code.