v4-base64url.patch
application/octet-stream
Filename: v4-base64url.patch
Type: application/octet-stream
Part: 0
From a3d31f4fe330761840d3e874223ae118926047b2 Mon Sep 17 00:00:00 2001
From: Florents Tselai <florents.tselai@gmail.com>
Date: Fri, 14 Mar 2025 20:51:33 +0200
Subject: [PATCH v4 1/3] base64url support for encode/decode functions.
Refactored and with better test cases
---
doc/src/sgml/func.sgml | 18 ++++
src/backend/utils/adt/encode.c | 126 ++++++++++++++++++++++++++
src/test/regress/expected/strings.out | 57 ++++++++++++
src/test/regress/sql/strings.sql | 18 ++++
4 files changed, 219 insertions(+)
diff --git a/doc/src/sgml/func.sgml b/doc/src/sgml/func.sgml
index 1c3810e1a04..b47a09dbe05 100644
--- a/doc/src/sgml/func.sgml
+++ b/doc/src/sgml/func.sgml
@@ -4951,6 +4951,7 @@ SELECT format('Testing %3$s, %2$s, %s', 'one', 'two', 'three');
Encodes binary data into a textual representation; supported
<parameter>format</parameter> values are:
<link linkend="encode-format-base64"><literal>base64</literal></link>,
+ <link linkend="encode-format-base64url"><literal>base64url</literal></link>,
<link linkend="encode-format-escape"><literal>escape</literal></link>,
<link linkend="encode-format-hex"><literal>hex</literal></link>.
</para>
@@ -5008,6 +5009,23 @@ SELECT format('Testing %3$s, %2$s, %s', 'one', 'two', 'three');
</listitem>
</varlistentry>
+ <varlistentry id="encode-format-base64url">
+ <term>base64url
+ <indexterm>
+ <primary>base64url format</primary>
+ </indexterm></term>
+ <listitem>
+ <para>
+ The <literal>base64url</literal> format is a URL-safe variant of
+ <ulink url="https://datatracker.ietf.org/doc/html/rfc4648#section-5">RFC 4648
+ Section 5</ulink>. Unlike standard <literal>base64</literal>, it replaces
+ <literal>'+'</literal> with <literal>'-'</literal> and <literal>'/'</literal> with <literal>'_'</literal>
+ to ensure safe usage in URLs and filenames. Additionally, the padding character
+ <literal>'='</literal> is omitted.
+ </para>
+ </listitem>
+ </varlistentry>
+
<varlistentry id="encode-format-escape">
<term>escape
<indexterm>
diff --git a/src/backend/utils/adt/encode.c b/src/backend/utils/adt/encode.c
index 4ccaed815d1..9522eecd4be 100644
--- a/src/backend/utils/adt/encode.c
+++ b/src/backend/utils/adt/encode.c
@@ -415,6 +415,126 @@ pg_base64_dec_len(const char *src, size_t srclen)
return ((uint64) srclen * 3) >> 2;
}
+/*
+ * Calculate the length of base64url encoded output for given input length
+ * Base64url encoding: 3 bytes -> 4 chars, padding to multiple of 4
+ */
+static uint64
+pg_base64url_enc_len(const char *src, size_t srclen)
+{
+ uint64 result;
+
+ /*
+ * Base64 encoding converts 3 bytes into 4 characters
+ * Formula: ceil(srclen / 3) * 4
+ *
+ * Unlike standard base64, base64url doesn't use padding characters
+ * when the input length is not divisible by 3
+ */
+ result = (srclen + 2) / 3 * 4; /* ceiling division by 3, then multiply by 4 */
+
+ return result;
+}
+
+
+static uint64
+pg_base64url_dec_len(const char *src, size_t srclen)
+{
+ /* For Base64, each 4 characters of input produce at most 3 bytes of output */
+ /* For Base64URL without padding, we need to round up to the nearest 4 */
+ size_t adjusted_len = srclen;
+ if (srclen % 4 != 0)
+ adjusted_len += 4 - (srclen % 4);
+
+ return (adjusted_len * 3) / 4;
+}
+
+static uint64
+pg_base64url_encode(const char *src, size_t len, char *dst)
+{
+ uint64 encoded_len;
+ if (len == 0)
+ return 0;
+
+ encoded_len = pg_base64_encode(src, len, dst);
+
+ /* Convert Base64 to Base64URL */
+ for (uint64 i = 0; i < encoded_len; i++) {
+ if (dst[i] == '+')
+ dst[i] = '-';
+ else if (dst[i] == '/')
+ dst[i] = '_';
+ }
+
+ /* Trim '=' padding */
+ while (encoded_len > 0 && dst[encoded_len - 1] == '=')
+ encoded_len--;
+
+ return encoded_len;
+}
+
+static uint64
+pg_base64url_decode(const char *src, size_t len, char *dst)
+{
+ size_t i, pad_len, base64_len;
+ uint64 decoded_len;
+ char *base64;
+
+ /* Handle empty input specially */
+ if (len == 0)
+ return 0;
+
+ /* Calculate padding needed for standard base64 */
+ pad_len = 0;
+ if (len % 4 != 0)
+ pad_len = 4 - (len % 4);
+
+ /* Allocate memory for converted string */
+ base64_len = len + pad_len;
+ base64 = palloc(base64_len + 1); /* +1 for null terminator */
+
+ /* Convert Base64URL to Base64 */
+ for (i = 0; i < len; i++)
+ {
+ char c = src[i];
+ if (c == '-')
+ base64[i] = '+'; /* Convert '-' to '+' */
+ else if (c == '_')
+ base64[i] = '/'; /* Convert '_' to '/' */
+ else if ((c >= 'A' && c <= 'Z') ||
+ (c >= 'a' && c <= 'z') ||
+ (c >= '0' && c <= '9'))
+ base64[i] = c; /* Keep alphanumeric chars unchanged */
+ else if (c == '=')
+ ereport(ERROR,
+ (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
+ errmsg("invalid base64url input"),
+ errhint("Base64URL encoding should not contain padding '='.")));
+ else if (c == '+' || c == '/')
+ ereport(ERROR,
+ (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
+ errmsg("invalid base64url character: '%c'", c),
+ errhint("Base64URL should use '-' instead of '+' and '_' instead of '/'.")));
+ else
+ ereport(ERROR,
+ (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
+ errmsg("invalid base64url character: '%c'", c)));
+ }
+
+ /* Add padding if necessary */
+ for (i = 0; i < pad_len; i++)
+ base64[len + i] = '=';
+
+ base64[base64_len] = '\0'; /* Null-terminate for safety */
+
+ /* Decode using the standard Base64 decoder */
+ decoded_len = pg_base64_decode(base64, base64_len, dst);
+
+ /* Free allocated memory */
+ pfree(base64);
+ return decoded_len;
+}
+
/*
* Escape
* Minimally escape bytea to text.
@@ -606,6 +726,12 @@ static const struct
pg_base64_enc_len, pg_base64_dec_len, pg_base64_encode, pg_base64_decode
}
},
+ {
+ "base64url",
+ {
+ pg_base64url_enc_len, pg_base64url_dec_len, pg_base64url_encode, pg_base64url_decode
+ }
+ },
{
"escape",
{
diff --git a/src/test/regress/expected/strings.out b/src/test/regress/expected/strings.out
index fbe7d7be71f..80e2ff8426c 100644
--- a/src/test/regress/expected/strings.out
+++ b/src/test/regress/expected/strings.out
@@ -2341,6 +2341,63 @@ SELECT decode(encode('\x1234567890abcdef00', 'escape'), 'escape');
\x1234567890abcdef00
(1 row)
+--
+-- encode/decode Base64URL
+--
+SET bytea_output TO hex;
+-- Flaghsip Test case against base64.
+-- Notice the = padding removed at the end and special chars.
+SELECT encode('\x69b73eff', 'base64'); -- Expected: abc+/w==
+ encode
+----------
+ abc+/w==
+(1 row)
+
+SELECT encode('\x69b73eff', 'base64url'); -- Expected: abc-_w
+ encode
+--------
+ abc-_w
+(1 row)
+
+SELECT decode(encode('\x69b73eff', 'base64url'), 'base64url');
+ decode
+------------
+ \x69b73eff
+(1 row)
+
+-- Test basic encoding/decoding
+SELECT encode('\x1234567890abcdef00', 'base64url'); -- Expected: EjRWeJCrze8A
+ encode
+--------------
+ EjRWeJCrze8A
+(1 row)
+
+SELECT decode(encode('\x1234567890abcdef00', 'base64url'), 'base64url'); -- Expected: \x1234567890abcdef00
+ decode
+----------------------
+ \x1234567890abcdef00
+(1 row)
+
+-- Test with empty input
+SELECT encode('', 'base64url');
+ encode
+--------
+
+(1 row)
+
+SELECT decode('', 'base64url');
+ decode
+--------
+ \x
+(1 row)
+
+-- Test round-trip conversion
+SELECT encode(decode('SGVsbG8gV29ybGQh', 'base64url'), 'base64url'); -- Expected: SGVsbG8gV29ybGQh (decodes to "Hello World!")
+ encode
+------------------
+ SGVsbG8gV29ybGQh
+(1 row)
+
--
-- get_bit/set_bit etc
--
diff --git a/src/test/regress/sql/strings.sql b/src/test/regress/sql/strings.sql
index ed054e6e99c..d14c1cac28f 100644
--- a/src/test/regress/sql/strings.sql
+++ b/src/test/regress/sql/strings.sql
@@ -743,6 +743,24 @@ SELECT decode(encode(('\x' || repeat('1234567890abcdef0001', 7))::bytea,
SELECT encode('\x1234567890abcdef00', 'escape');
SELECT decode(encode('\x1234567890abcdef00', 'escape'), 'escape');
+--
+-- encode/decode Base64URL
+--
+SET bytea_output TO hex;
+-- Flaghsip Test case against base64.
+-- Notice the = padding removed at the end and special chars.
+SELECT encode('\x69b73eff', 'base64'); -- Expected: abc+/w==
+SELECT encode('\x69b73eff', 'base64url'); -- Expected: abc-_w
+SELECT decode(encode('\x69b73eff', 'base64url'), 'base64url');
+-- Test basic encoding/decoding
+SELECT encode('\x1234567890abcdef00', 'base64url'); -- Expected: EjRWeJCrze8A
+SELECT decode(encode('\x1234567890abcdef00', 'base64url'), 'base64url'); -- Expected: \x1234567890abcdef00
+-- Test with empty input
+SELECT encode('', 'base64url');
+SELECT decode('', 'base64url');
+-- Test round-trip conversion
+SELECT encode(decode('SGVsbG8gV29ybGQh', 'base64url'), 'base64url'); -- Expected: SGVsbG8gV29ybGQh (decodes to "Hello World!")
+
--
-- get_bit/set_bit etc
--
--
2.49.0
From b25fa01a5a9624c44574d2f00e2795f1e1a7058e Mon Sep 17 00:00:00 2001
From: Florents Tselai <florents.tselai@gmail.com>
Date: Wed, 4 Jun 2025 10:40:31 +0300
Subject: [PATCH v4 2/3] Extract pg_base64_{en,de}code_internal with an
additional bool url param, to be used by other functions.
---
src/backend/utils/adt/encode.c | 206 +++++++++++++++------------------
1 file changed, 91 insertions(+), 115 deletions(-)
diff --git a/src/backend/utils/adt/encode.c b/src/backend/utils/adt/encode.c
index 9522eecd4be..3f2dd448e2a 100644
--- a/src/backend/utils/adt/encode.c
+++ b/src/backend/utils/adt/encode.c
@@ -273,6 +273,9 @@ hex_dec_len(const char *src, size_t srclen)
static const char _base64[] =
"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
+static const char _base64url[] =
+"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_";
+
static const int8 b64lookup[128] = {
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
@@ -285,17 +288,15 @@ static const int8 b64lookup[128] = {
};
static uint64
-pg_base64_encode(const char *src, size_t len, char *dst)
+pg_base64_encode_internal(const char *src, size_t len, char *dst, bool url)
{
- char *p,
- *lend = dst + 76;
- const char *s,
- *end = src + len;
- int pos = 2;
- uint32 buf = 0;
-
- s = src;
- p = dst;
+ const char *alphabet = url ? _base64url : _base64;
+ const char *end = src + len;
+ const char *s = src;
+ char *p = dst;
+ int pos = 2;
+ uint32 buf = 0;
+ char *lend = dst + 76;
while (s < end)
{
@@ -306,53 +307,84 @@ pg_base64_encode(const char *src, size_t len, char *dst)
/* write it out */
if (pos < 0)
{
- *p++ = _base64[(buf >> 18) & 0x3f];
- *p++ = _base64[(buf >> 12) & 0x3f];
- *p++ = _base64[(buf >> 6) & 0x3f];
- *p++ = _base64[buf & 0x3f];
+ *p++ = alphabet[(buf >> 18) & 0x3f];
+ *p++ = alphabet[(buf >> 12) & 0x3f];
+ *p++ = alphabet[(buf >> 6) & 0x3f];
+ *p++ = alphabet[buf & 0x3f];
pos = 2;
buf = 0;
- }
- if (p >= lend)
- {
- *p++ = '\n';
- lend = p + 76;
+
+ if (!url && p >= lend)
+ {
+ *p++ = '\n';
+ lend = p + 76;
+ }
}
}
+
+ /* handle remainder */
if (pos != 2)
{
- *p++ = _base64[(buf >> 18) & 0x3f];
- *p++ = _base64[(buf >> 12) & 0x3f];
- *p++ = (pos == 0) ? _base64[(buf >> 6) & 0x3f] : '=';
- *p++ = '=';
+ *p++ = alphabet[(buf >> 18) & 0x3f];
+ *p++ = alphabet[(buf >> 12) & 0x3f];
+
+ if (pos == 0)
+ {
+ *p++ = alphabet[(buf >> 6) & 0x3f];
+ if (!url)
+ *p++ = '=';
+ }
+ else
+ {
+ if (!url)
+ {
+ *p++ = '=';
+ *p++ = '=';
+ }
+ }
}
return p - dst;
}
static uint64
-pg_base64_decode(const char *src, size_t len, char *dst)
+pg_base64_encode(const char *src, size_t len, char *dst)
+{
+ return pg_base64_encode_internal(src, len, dst, false);
+}
+
+static uint64
+pg_base64_decode_internal(const char *src, size_t len, char *dst, bool url)
{
- const char *srcend = src + len,
- *s = src;
- char *p = dst;
- char c;
- int b = 0;
- uint32 buf = 0;
- int pos = 0,
- end = 0;
+ const char *srcend = src + len;
+ const char *s = src;
+ char *p = dst;
+ char c;
+ int b = 0;
+ uint32 buf = 0;
+ int pos = 0;
+ int end = 0;
while (s < srcend)
{
c = *s++;
+ /* skip whitespace */
if (c == ' ' || c == '\t' || c == '\n' || c == '\r')
continue;
+ /* convert Base64URL to Base64 if needed */
+ if (url)
+ {
+ if (c == '-')
+ c = '+';
+ else if (c == '_')
+ c = '/';
+ }
+
if (c == '=')
{
- /* end sequence */
if (!end)
{
if (pos == 2)
@@ -377,30 +409,49 @@ pg_base64_decode(const char *src, size_t len, char *dst)
errmsg("invalid symbol \"%.*s\" found while decoding base64 sequence",
pg_mblen(s - 1), s - 1)));
}
- /* add it to buffer */
+
buf = (buf << 6) + b;
pos++;
+
if (pos == 4)
{
- *p++ = (buf >> 16) & 255;
+ *p++ = (buf >> 16) & 0xFF;
if (end == 0 || end > 1)
- *p++ = (buf >> 8) & 255;
+ *p++ = (buf >> 8) & 0xFF;
if (end == 0 || end > 2)
- *p++ = buf & 255;
+ *p++ = buf & 0xFF;
buf = 0;
pos = 0;
}
}
- if (pos != 0)
+ if (pos == 2)
+ {
+ buf <<= 12; /* 2 * 6 = 12 bits, pad remaining to 24 */
+ *p++ = (buf >> 16) & 0xFF;
+ }
+ else if (pos == 3)
+ {
+ buf <<= 6; /* 3 * 6 = 18 bits */
+ *p++ = (buf >> 16) & 0xFF;
+ *p++ = (buf >> 8) & 0xFF;
+ }
+ else if (pos != 0)
+ {
ereport(ERROR,
(errcode(ERRCODE_INVALID_PARAMETER_VALUE),
errmsg("invalid base64 end sequence"),
errhint("Input data is missing padding, is truncated, or is otherwise corrupted.")));
+ }
return p - dst;
}
+static uint64
+pg_base64_decode(const char *src, size_t len, char *dst)
+{
+ return pg_base64_decode_internal(src, len, dst, false);
+}
static uint64
pg_base64_enc_len(const char *src, size_t srclen)
@@ -436,7 +487,6 @@ pg_base64url_enc_len(const char *src, size_t srclen)
return result;
}
-
static uint64
pg_base64url_dec_len(const char *src, size_t srclen)
{
@@ -452,87 +502,13 @@ pg_base64url_dec_len(const char *src, size_t srclen)
static uint64
pg_base64url_encode(const char *src, size_t len, char *dst)
{
- uint64 encoded_len;
- if (len == 0)
- return 0;
-
- encoded_len = pg_base64_encode(src, len, dst);
-
- /* Convert Base64 to Base64URL */
- for (uint64 i = 0; i < encoded_len; i++) {
- if (dst[i] == '+')
- dst[i] = '-';
- else if (dst[i] == '/')
- dst[i] = '_';
- }
-
- /* Trim '=' padding */
- while (encoded_len > 0 && dst[encoded_len - 1] == '=')
- encoded_len--;
-
- return encoded_len;
+ return pg_base64_encode_internal(src, len, dst, true);
}
static uint64
pg_base64url_decode(const char *src, size_t len, char *dst)
{
- size_t i, pad_len, base64_len;
- uint64 decoded_len;
- char *base64;
-
- /* Handle empty input specially */
- if (len == 0)
- return 0;
-
- /* Calculate padding needed for standard base64 */
- pad_len = 0;
- if (len % 4 != 0)
- pad_len = 4 - (len % 4);
-
- /* Allocate memory for converted string */
- base64_len = len + pad_len;
- base64 = palloc(base64_len + 1); /* +1 for null terminator */
-
- /* Convert Base64URL to Base64 */
- for (i = 0; i < len; i++)
- {
- char c = src[i];
- if (c == '-')
- base64[i] = '+'; /* Convert '-' to '+' */
- else if (c == '_')
- base64[i] = '/'; /* Convert '_' to '/' */
- else if ((c >= 'A' && c <= 'Z') ||
- (c >= 'a' && c <= 'z') ||
- (c >= '0' && c <= '9'))
- base64[i] = c; /* Keep alphanumeric chars unchanged */
- else if (c == '=')
- ereport(ERROR,
- (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
- errmsg("invalid base64url input"),
- errhint("Base64URL encoding should not contain padding '='.")));
- else if (c == '+' || c == '/')
- ereport(ERROR,
- (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
- errmsg("invalid base64url character: '%c'", c),
- errhint("Base64URL should use '-' instead of '+' and '_' instead of '/'.")));
- else
- ereport(ERROR,
- (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
- errmsg("invalid base64url character: '%c'", c)));
- }
-
- /* Add padding if necessary */
- for (i = 0; i < pad_len; i++)
- base64[len + i] = '=';
-
- base64[base64_len] = '\0'; /* Null-terminate for safety */
-
- /* Decode using the standard Base64 decoder */
- decoded_len = pg_base64_decode(base64, base64_len, dst);
-
- /* Free allocated memory */
- pfree(base64);
- return decoded_len;
+ return pg_base64_decode_internal(src, len, dst, true);
}
/*
--
2.49.0
From 9e8d835669705f7e13da3b401a272995c4225531 Mon Sep 17 00:00:00 2001
From: Florents Tselai <florents.tselai@gmail.com>
Date: Wed, 4 Jun 2025 10:56:23 +0300
Subject: [PATCH v4 3/3] Add more test cases for shorter inputs and errors.
---
src/test/regress/expected/strings.out | 147 +++++++++++++++++++++-----
src/test/regress/sql/strings.sql | 64 ++++++++---
2 files changed, 170 insertions(+), 41 deletions(-)
diff --git a/src/test/regress/expected/strings.out b/src/test/regress/expected/strings.out
index 80e2ff8426c..28ab4b52222 100644
--- a/src/test/regress/expected/strings.out
+++ b/src/test/regress/expected/strings.out
@@ -2342,60 +2342,153 @@ SELECT decode(encode('\x1234567890abcdef00', 'escape'), 'escape');
(1 row)
--
--- encode/decode Base64URL
+-- Base64URL encoding/decoding
--
SET bytea_output TO hex;
--- Flaghsip Test case against base64.
--- Notice the = padding removed at the end and special chars.
-SELECT encode('\x69b73eff', 'base64'); -- Expected: abc+/w==
- encode
-----------
- abc+/w==
-(1 row)
-
-SELECT encode('\x69b73eff', 'base64url'); -- Expected: abc-_w
+-- Simple encoding/decoding
+SELECT encode('\x69b73eff', 'base64url'); -- abc-_w
encode
--------
abc-_w
(1 row)
-SELECT decode(encode('\x69b73eff', 'base64url'), 'base64url');
+SELECT decode('abc-_w', 'base64url'); -- \x69b73eff
decode
------------
\x69b73eff
(1 row)
--- Test basic encoding/decoding
-SELECT encode('\x1234567890abcdef00', 'base64url'); -- Expected: EjRWeJCrze8A
- encode
---------------
- EjRWeJCrze8A
-(1 row)
-
-SELECT decode(encode('\x1234567890abcdef00', 'base64url'), 'base64url'); -- Expected: \x1234567890abcdef00
+-- Round-trip: decode(encode(x)) = x
+SELECT decode(encode('\x1234567890abcdef00', 'base64url'), 'base64url'); -- \x1234567890abcdef00
decode
----------------------
\x1234567890abcdef00
(1 row)
--- Test with empty input
-SELECT encode('', 'base64url');
+-- Empty input
+SELECT encode('', 'base64url'); -- ''
encode
--------
(1 row)
-SELECT decode('', 'base64url');
+SELECT decode('', 'base64url'); -- ''
decode
--------
\x
(1 row)
--- Test round-trip conversion
-SELECT encode(decode('SGVsbG8gV29ybGQh', 'base64url'), 'base64url'); -- Expected: SGVsbG8gV29ybGQh (decodes to "Hello World!")
- encode
-------------------
- SGVsbG8gV29ybGQh
+-- 1 byte input
+SELECT encode('\x01', 'base64url'); -- AQ==
+ encode
+--------
+ AQ
+(1 row)
+
+SELECT decode('AQ', 'base64url'); -- \x01
+ decode
+--------
+ \x01
+(1 row)
+
+-- 2 byte input
+SELECT encode('\x0102'::bytea, 'base64url'); -- AQI
+ encode
+--------
+ AQI
+(1 row)
+
+SELECT decode('AQI', 'base64url'); -- \x0102
+ decode
+--------
+ \x0102
+(1 row)
+
+-- 3 byte input (no padding needed)
+SELECT encode('\x010203'::bytea, 'base64url'); -- AQID
+ encode
+--------
+ AQID
+(1 row)
+
+SELECT decode('AQID', 'base64url'); -- \x010203
+ decode
+----------
+ \x010203
+(1 row)
+
+-- 4 byte input (results in 6 base64 chars)
+SELECT encode('\xdeadbeef'::bytea, 'base64url'); -- 3q2-7w
+ encode
+--------
+ 3q2-7w
+(1 row)
+
+SELECT decode('3q2-7w', 'base64url'); -- \xdeadbeef
+ decode
+------------
+ \xdeadbeef
+(1 row)
+
+-- Round-trip test for all lengths from 0–4
+SELECT encode(decode(encode(E'\\x', 'base64url'), 'base64url'), 'base64url');
+ encode
+--------
+
+(1 row)
+
+SELECT encode(decode(encode(E'\\x00', 'base64url'), 'base64url'), 'base64url');
+ encode
+--------
+ AA
+(1 row)
+
+SELECT encode(decode(encode(E'\\x0001', 'base64url'), 'base64url'), 'base64url');
+ encode
+--------
+ AAE
+(1 row)
+
+SELECT encode(decode(encode(E'\\x000102', 'base64url'), 'base64url'), 'base64url');
+ encode
+--------
+ AAEC
+(1 row)
+
+SELECT encode(decode(encode(E'\\x00010203', 'base64url'), 'base64url'), 'base64url');
+ encode
+--------
+ AAECAw
+(1 row)
+
+-- Invalid inputs (should ERROR)
+-- invalid character '@'
+SELECT decode('QQ@=', 'base64url');
+ERROR: invalid symbol "@" found while decoding base64 sequence
+-- missing characters (incomplete group)
+SELECT decode('QQ', 'base64url'); -- ok (1 byte)
+ decode
+--------
+ \x41
+(1 row)
+
+SELECT decode('QQI', 'base64url'); -- ok (2 bytes)
+ decode
+--------
+ \x4102
+(1 row)
+
+SELECT decode('QQIDQ', 'base64url'); -- ERROR: invalid base64 end sequence
+ERROR: invalid base64 end sequence
+HINT: Input data is missing padding, is truncated, or is otherwise corrupted.
+-- unexpected '=' at start
+SELECT decode('=QQQ', 'base64url');
+ERROR: unexpected "=" while decoding base64 sequence
+-- valid base64 padding in base64url (optional, but accepted)
+SELECT decode('abc-_w==', 'base64url'); -- should decode to \x69b73eff
+ decode
+------------
+ \x69b73eff
(1 row)
--
diff --git a/src/test/regress/sql/strings.sql b/src/test/regress/sql/strings.sql
index d14c1cac28f..51b4de5bc90 100644
--- a/src/test/regress/sql/strings.sql
+++ b/src/test/regress/sql/strings.sql
@@ -744,22 +744,58 @@ SELECT encode('\x1234567890abcdef00', 'escape');
SELECT decode(encode('\x1234567890abcdef00', 'escape'), 'escape');
--
--- encode/decode Base64URL
+-- Base64URL encoding/decoding
--
SET bytea_output TO hex;
--- Flaghsip Test case against base64.
--- Notice the = padding removed at the end and special chars.
-SELECT encode('\x69b73eff', 'base64'); -- Expected: abc+/w==
-SELECT encode('\x69b73eff', 'base64url'); -- Expected: abc-_w
-SELECT decode(encode('\x69b73eff', 'base64url'), 'base64url');
--- Test basic encoding/decoding
-SELECT encode('\x1234567890abcdef00', 'base64url'); -- Expected: EjRWeJCrze8A
-SELECT decode(encode('\x1234567890abcdef00', 'base64url'), 'base64url'); -- Expected: \x1234567890abcdef00
--- Test with empty input
-SELECT encode('', 'base64url');
-SELECT decode('', 'base64url');
--- Test round-trip conversion
-SELECT encode(decode('SGVsbG8gV29ybGQh', 'base64url'), 'base64url'); -- Expected: SGVsbG8gV29ybGQh (decodes to "Hello World!")
+
+-- Simple encoding/decoding
+SELECT encode('\x69b73eff', 'base64url'); -- abc-_w
+SELECT decode('abc-_w', 'base64url'); -- \x69b73eff
+
+-- Round-trip: decode(encode(x)) = x
+SELECT decode(encode('\x1234567890abcdef00', 'base64url'), 'base64url'); -- \x1234567890abcdef00
+
+-- Empty input
+SELECT encode('', 'base64url'); -- ''
+SELECT decode('', 'base64url'); -- ''
+
+-- 1 byte input
+SELECT encode('\x01', 'base64url'); -- AQ==
+SELECT decode('AQ', 'base64url'); -- \x01
+
+-- 2 byte input
+SELECT encode('\x0102'::bytea, 'base64url'); -- AQI
+SELECT decode('AQI', 'base64url'); -- \x0102
+
+-- 3 byte input (no padding needed)
+SELECT encode('\x010203'::bytea, 'base64url'); -- AQID
+SELECT decode('AQID', 'base64url'); -- \x010203
+
+-- 4 byte input (results in 6 base64 chars)
+SELECT encode('\xdeadbeef'::bytea, 'base64url'); -- 3q2-7w
+SELECT decode('3q2-7w', 'base64url'); -- \xdeadbeef
+
+-- Round-trip test for all lengths from 0–4
+SELECT encode(decode(encode(E'\\x', 'base64url'), 'base64url'), 'base64url');
+SELECT encode(decode(encode(E'\\x00', 'base64url'), 'base64url'), 'base64url');
+SELECT encode(decode(encode(E'\\x0001', 'base64url'), 'base64url'), 'base64url');
+SELECT encode(decode(encode(E'\\x000102', 'base64url'), 'base64url'), 'base64url');
+SELECT encode(decode(encode(E'\\x00010203', 'base64url'), 'base64url'), 'base64url');
+
+-- Invalid inputs (should ERROR)
+-- invalid character '@'
+SELECT decode('QQ@=', 'base64url');
+
+-- missing characters (incomplete group)
+SELECT decode('QQ', 'base64url'); -- ok (1 byte)
+SELECT decode('QQI', 'base64url'); -- ok (2 bytes)
+SELECT decode('QQIDQ', 'base64url'); -- ERROR: invalid base64 end sequence
+
+-- unexpected '=' at start
+SELECT decode('=QQQ', 'base64url');
+
+-- valid base64 padding in base64url (optional, but accepted)
+SELECT decode('abc-_w==', 'base64url'); -- should decode to \x69b73eff
--
-- get_bit/set_bit etc
--
2.49.0