Skip to content

Commit

Permalink
Add test for different exception value on loading private key
Browse files Browse the repository at this point in the history
  • Loading branch information
vzhestkov committed Aug 27, 2024
1 parent 9990dbd commit 1e89217
Showing 1 changed file with 29 additions and 0 deletions.
29 changes: 29 additions & 0 deletions tests/pytests/functional/states/test_x509_v2.py
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,8 @@

import pytest

from tests.support.mock import patch

try:
import cryptography
import cryptography.x509 as cx509
Expand Down Expand Up @@ -2826,3 +2828,30 @@ def _get_privkey(pk, encoding="pem", passphrase=None):
pk = base64.b64decode(pk)
return pkcs12.load_pkcs12(pk, passphrase).key
raise ValueError("Need correct encoding")


@pytest.mark.usefixtures("existing_pk")
@pytest.mark.parametrize("existing_pk", [{"passphrase": "password"}], indirect=True)
def test_exceptions_on_calling_load_pem_private_key(x509, pk_args):
pk_args["passphrase"] = "hunter1"
pk_args["overwrite"] = True

with patch(
"cryptography.hazmat.primitives.serialization.load_pem_private_key",
side_effect=ValueError("Bad decrypt. Incorrect password?"),
):
ret = x509.private_key_managed(**pk_args)
_assert_pk_basic(ret, "rsa", passphrase="hunter1")

with patch(
"cryptography.hazmat.primitives.serialization.load_pem_private_key",
side_effect=ValueError(
"Could not deserialize key data. The data may be in an incorrect format, "
"the provided password may be incorrect, "
"it may be encrypted with an unsupported algorithm, "
"or it may be an unsupported key type "
"(e.g. EC curves with explicit parameters)."
),
):
ret = x509.private_key_managed(**pk_args)
_assert_pk_basic(ret, "rsa", passphrase="hunter1")

0 comments on commit 1e89217

Please sign in to comment.