Add common constants for HTTP auth algorithms

[Pantus Oleh (zibet27)]

Subsystem
Common

Motivation
Reuse these constants for SAML, OIDC and digest auth

[coderabbitai]

📝 Walkthrough

Walkthrough

Extends HTTP digest authentication with XML Signature algorithm URI support and introduces two new types: KeyAlgorithm value class for key families and SignatureAlgorithm for signature algorithm metadata with URI/JWA-based lookup and JVM integration.

Changes

HTTP Authentication Algorithm Model

Layer / File(s)	Summary
DigestAlgorithm URI Support ktor-http/common/src/io/ktor/http/auth/DigestAlgorithm.kt, ktor-http/api/ktor-http.api, ktor-http/api/ktor-http.klib.api	DigestAlgorithm constructor gains optional uri parameter with backward-compatible auxiliary constructor. SHA-256/384/512 constants populated with XML Signature digest URIs. New fromUri(String) factory resolves algorithms by XML URI.
KeyAlgorithm Value Class ktor-http/common/src/io/ktor/http/auth/KeyAlgorithm.kt, ktor-http/api/ktor-http.klib.api	Introduces KeyAlgorithm as a JvmInline value class wrapping algorithm family name (RSA, EC, HMAC, OKP).
SignatureAlgorithm Type and JVM Integration ktor-http/common/src/io/ktor/http/auth/SignatureAlgorithm.kt, ktor-http/jvm/src/io/ktor/http/auth/SignatureAlgorithm.jvm.kt, ktor-http/api/ktor-http.api, ktor-http/api/ktor-http.klib.api	Introduces SignatureAlgorithm binding JCA name, digest/key algorithms, and optional XML/JWA identifiers. Equality based on name. Companion provides RSA/ECDSA constants and fromXmlUri/fromJwaName lookup methods. JVM extension toJcaSignature() converts to JCA Signature.
Algorithm Metadata and Lookup Tests ktor-http/common/test/io/ktor/tests/http/AuthAlgorithmsTest.kt, ktor-http/jvm/test/io/ktor/tests/http/DigestAlgorithmJvmTest.kt	Tests verify digest URI exposure and reverse resolution, digest name lookup remains HTTP Digest specific, key algorithm families, signature algorithm metadata and relationships, XML URI and JWA name resolution, signature equality based on name only, and JVM digest/signature algorithm mappings.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Suggested labels

👍 ship!

Suggested reviewers

• bjhham
• osipxd
• e5l

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 23.53% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately describes the main change: introducing common constants for HTTP authentication algorithms (DigestAlgorithm enhancements, new KeyAlgorithm and SignatureAlgorithm types).
Description check	✅ Passed	The description follows the required template with Subsystem and Motivation sections, though the Solution section is missing and some context about technical scope is not provided.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch zibet27/http-auth-algorithms

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[Pantus Oleh (zibet27)]

CodeRabbit (@coderabbitai) review

[coderabbitai]

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[coderabbitai]

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

ktor-http/common/src/io/ktor/http/auth/DigestAlgorithm.kt (1)

79-80: ⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Decouple name lookup from DEFAULT_ALGORITHMS.

from(name) still searches DEFAULT_ALGORITHMS, so the new SHA_384 and SHA_512 constants can never be resolved by name even though fromUri(...) exposes them as supported XML digests. If DEFAULT_ALGORITHMS is intentionally limited to RFC 7616 values, keep that list as-is and add a separate all-known lookup list here.

💡 Suggested fix

         public fun from(name: String): DigestAlgorithm? {
-            return DEFAULT_ALGORITHMS.find { it.name.equals(other = name, ignoreCase = true) }
+            return ALL_ALGORITHMS.find { it.name.equals(other = name, ignoreCase = true) }
         }
 
+        private val ALL_ALGORITHMS: List<DigestAlgorithm> =
+            DEFAULT_ALGORITHMS + listOf(SHA_384, SHA_512)
+
         private val XML_DIGEST_ALGORITHMS: List<DigestAlgorithm> = listOf(SHA_256, SHA_384, SHA_512)

Also applies to: 88-102

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@ktor-http/common/src/io/ktor/http/auth/DigestAlgorithm.kt` around lines 79 -
80, DEFAULT_ALGORITHMS is currently used by from(name) which prevents SHA_384
and SHA_512 from being resolved by name; keep DEFAULT_ALGORITHMS limited to the
RFC 7616 set but add a new comprehensive lookup list (e.g. ALL_KNOWN_ALGORITHMS
or ALL_ALGORITHMS) containing SHA_384, SHA_512 and the existing constants, then
change from(name) to search the new comprehensive list while leaving
fromUri(...) and DEFAULT_ALGORITHMS unchanged; update any other lookup usages in
the same region (lines around the existing constants and methods) to use the new
ALL_KNOWN_ALGORITHMS as appropriate.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Outside diff comments:
In `@ktor-http/common/src/io/ktor/http/auth/DigestAlgorithm.kt`:
- Around line 79-80: DEFAULT_ALGORITHMS is currently used by from(name) which
prevents SHA_384 and SHA_512 from being resolved by name; keep
DEFAULT_ALGORITHMS limited to the RFC 7616 set but add a new comprehensive
lookup list (e.g. ALL_KNOWN_ALGORITHMS or ALL_ALGORITHMS) containing SHA_384,
SHA_512 and the existing constants, then change from(name) to search the new
comprehensive list while leaving fromUri(...) and DEFAULT_ALGORITHMS unchanged;
update any other lookup usages in the same region (lines around the existing
constants and methods) to use the new ALL_KNOWN_ALGORITHMS as appropriate.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: ad3fe417-c6e9-4fa7-8c1e-1a71e8052f05

📥 Commits

Reviewing files that changed from the base of the PR and between 18c4b71 and 645f326.

📒 Files selected for processing (8)

• ktor-http/api/ktor-http.api
• ktor-http/api/ktor-http.klib.api
• ktor-http/common/src/io/ktor/http/auth/DigestAlgorithm.kt
• ktor-http/common/src/io/ktor/http/auth/KeyAlgorithm.kt
• ktor-http/common/src/io/ktor/http/auth/SignatureAlgorithm.kt
• ktor-http/common/test/io/ktor/tests/http/AuthAlgorithmsTest.kt
• ktor-http/jvm/src/io/ktor/http/auth/SignatureAlgorithm.jvm.kt
• ktor-http/jvm/test/io/ktor/tests/http/DigestAlgorithmJvmTest.kt

[Bruce Hamilton (bjhham)]

Good call 👍

[Osip Fatkullin (osipxd)]

I know we've recently added @JvmField annotation to other companion object fields. Should we use it here as well?
cc Bruce Hamilton (@bjhham)