More cover

Author: rkoopmans

tests/test_models.py

@@ -4,6 +4,11 @@
 from cert_chain_resolver.models import Cert, CertificateChain
 from cryptography.x509.oid import ExtensionOID, AuthorityInformationAccessOID, NameOID
 import pytest
+from cryptography.hazmat.primitives.asymmetric.rsa import RSAPublicKey
+from cryptography.hazmat.primitives.asymmetric.ec import ECDSA, EllipticCurvePublicKey
+from cryptography.hazmat.primitives import hashes
+from cryptography.hazmat.primitives.asymmetric.padding import PKCS1v15
+from cryptography.exceptions import InvalidSignature
 
 
 try:
@@ -22,6 +27,18 @@ def does_not_raise():
     unicode = str
 
 
+@pytest.fixture
+def mock_x509(mocker):
+    return mocker.Mock(spec=x509.Certificate)
+
+
+@pytest.fixture
+def mock_cert(mocker, mock_x509):
+    cert = mocker.Mock(spec=Cert)
+    cert._x509 = mock_x509
+    return cert
+
+
 @pytest.mark.parametrize("cert", CERT_FIXTURES, ids=certfixture_to_id)
 def test_certcontainer_x509_helper_props(cert):
     c = Cert(cert["cert_x509"])
@@ -190,3 +207,28 @@ class CertOverride(Cert):
     c = CertOverride()
 
     assert repr(c) == '<Cert common_name="CN" subject="Subject" issuer="Issuer">'
+
+
+@pytest.mark.parametrize(
+    "key_type,expected",
+    [
+        (RSAPublicKey, True),
+        (RSAPublicKey, False),
+        (EllipticCurvePublicKey, True),
+        (EllipticCurvePublicKey, False),
+        (object, False),  # Unexpected key type FIXME: Maybe this should raise??
+    ],
+)
+def test_is_issued_by_handles_different_keys(
+    mocker, mock_x509, mock_cert, key_type, expected
+):
+    mock_public_key = mocker.Mock(spec=key_type)
+    mock_x509.public_key.return_value = mock_public_key
+    mock_x509.signature_hash_algorithm = mocker.Mock(spec=hashes.SHA256)
+
+    subject = Cert(mock_x509)
+
+    if not expected and hasattr(key_type, "verify"):
+        mock_public_key.verify.side_effect = InvalidSignature()
+
+    assert subject.is_issued_by(mock_cert) is expected