Updated test logic according to Copilot

justin-lovell · justin-lovell · commit 7ec5f4104194 · 2026-04-01T13:15:16.000+11:00
diff --git a/tests/jwk/test_ec_key.py b/tests/jwk/test_ec_key.py
@@ -132,12 +132,24 @@ def test_derive_key_with_different_hash(self):
 
     def run_verify_full_size(self, curve_name: str, expected_base64_count: int):
         """
-        Verifies that full base64url bytes is being emitted properly according to
-        https://datatracker.ietf.org/doc/html/rfc7518#section-6.2
+        Verifies that the full-size keys (private and public) generated using the specified curve conform to the expected
+        Base64-encoded string length for their respective components. The checks involve generating keys that could lead
+        to truncated values when encoded and ensuring their lengths match the specified expectation.
+
+        See section: https://datatracker.ietf.org/doc/html/rfc7518#section-6.2
+
+        Parameters:
+            curve_name (str): The name of the elliptic curve to use for key generation.
+            expected_base64_count (int): The expected length of the Base64-encoded key components (x, y, d).
+
+        Raises:
+            AssertionError: Raised if any of the generated private or public key components fail to match the expected lengths.
         """
         private_key = ECKey.generate_key(curve_name)
         # find the number which requires one less byte(octet) than a full padding
-        lower_cap = pow(2, private_key.curve_key_size - 8)
+        byte_count = (private_key.curve_key_size + 7) // 8
+        lower_cap = pow(2, 8 * (byte_count - 1))
+        attempts_remaining = 1000000
 
         # now generate keys until we find a parameter which could be truncated
         while (
@@ -146,6 +158,9 @@ def run_verify_full_size(self, curve_name: str, expected_base64_count: int):
             and private_key.private_key.private_numbers().private_value >= lower_cap
         ):
             private_key = ECKey.generate_key(curve_name)
+            attempts_remaining -= 1
+            if attempts_remaining == 0:
+                raise AssertionError("Failed to find a key parameter that could be truncated")
 
         output_private = private_key.as_dict(private=True)
         self.assertEqual(expected_base64_count, len(output_private["x"]))
