From 4d6d1e988600b14bb94c58f975c814d1e6916dd9 Mon Sep 17 00:00:00 2001
From: Erica Portnoy <erica@eff.org>
Date: Wed, 15 Jan 2025 15:51:44 -0800
Subject: [PATCH] XSAdd unit tests

---
 tests/json_util_test.py | 57 +++++++++++++++++++++++++++++++++--------
 tests/test_util.py      | 15 +++++++++++
 2 files changed, 61 insertions(+), 11 deletions(-)

diff --git a/tests/json_util_test.py b/tests/json_util_test.py
index 9e53876c..55aa17d6 100644
--- a/tests/json_util_test.py
+++ b/tests/json_util_test.py
@@ -3,16 +3,20 @@
 import itertools
 import sys
 import unittest
+import warnings
 from typing import Any, Dict, Mapping
 from unittest import mock
 
 import pytest
 import test_util
+from cryptography import x509
 
 from josepy import errors, interfaces, util
 
 CERT = test_util.load_comparable_cert("cert.pem")
 CSR = test_util.load_comparable_csr("csr.pem")
+CERT_CRYPTOGRAPHY = test_util.load_cert_cryptography("cert.pem")
+CSR_CRYPTOGRAPHY = test_util.load_csr_cryptography("csr.pem")
 
 
 class FieldTest(unittest.TestCase):
@@ -321,30 +325,61 @@ def test_decode_hex16_odd_length(self) -> None:
     def test_encode_cert(self) -> None:
         from josepy.json_util import encode_cert
 
-        assert self.b64_cert == encode_cert(CERT)
+        with warnings.catch_warnings():
+            warnings.filterwarnings("ignore", category=DeprecationWarning)
+            assert self.b64_cert == encode_cert(CERT)
+
+        assert self.b64_cert == encode_cert(CERT_CRYPTOGRAPHY)
 
     def test_decode_cert(self) -> None:
-        from josepy.json_util import decode_cert
+        with warnings.catch_warnings():
+            warnings.filterwarnings("ignore", category=DeprecationWarning)
+            from josepy.json_util import decode_cert
+
+            cert = decode_cert(self.b64_cert)
+            assert isinstance(cert, util.ComparableX509)
+            assert cert == CERT
+            with pytest.raises(errors.DeserializationError):
+                decode_cert("")
 
-        cert = decode_cert(self.b64_cert)
-        assert isinstance(cert, util.ComparableX509)
-        assert cert == CERT
+    def test_decode_cert_cryptography(self) -> None:
+        from josepy.json_util import decode_cert_cryptography
+
+        cert = decode_cert_cryptography(self.b64_cert)
+        assert isinstance(cert, x509.Certificate)
+        assert cert == CERT_CRYPTOGRAPHY
         with pytest.raises(errors.DeserializationError):
-            decode_cert("")
+            decode_cert_cryptography("")
 
     def test_encode_csr(self) -> None:
         from josepy.json_util import encode_csr
 
-        assert self.b64_csr == encode_csr(CSR)
+        with warnings.catch_warnings():
+            warnings.filterwarnings("ignore", category=DeprecationWarning)
+            assert self.b64_csr == encode_csr(CSR)
+
+        assert self.b64_csr == encode_csr(CSR_CRYPTOGRAPHY)
 
     def test_decode_csr(self) -> None:
         from josepy.json_util import decode_csr
 
-        csr = decode_csr(self.b64_csr)
-        assert isinstance(csr, util.ComparableX509)
-        assert csr == CSR
+        with warnings.catch_warnings():
+            warnings.filterwarnings("ignore", category=DeprecationWarning)
+
+            csr = decode_csr(self.b64_csr)
+            assert isinstance(csr, util.ComparableX509)
+            assert csr == CSR
+            with pytest.raises(errors.DeserializationError):
+                decode_csr("")
+
+    def test_decode_csr_cryptography(self) -> None:
+        from josepy.json_util import decode_csr_cryptography
+
+        csr = decode_csr_cryptography(self.b64_csr)
+        assert isinstance(csr, x509.CertificateSigningRequest)
+        assert csr == CSR_CRYPTOGRAPHY
         with pytest.raises(errors.DeserializationError):
-            decode_csr("")
+            decode_csr_cryptography("")
 
 
 class TypedJSONObjectWithFieldsTest(unittest.TestCase):
diff --git a/tests/test_util.py b/tests/test_util.py
index 1bd60974..ae2c5762 100644
--- a/tests/test_util.py
+++ b/tests/test_util.py
@@ -6,6 +6,7 @@
 import sys
 from typing import Any
 
+from cryptography import x509
 from cryptography.hazmat.backends import default_backend
 from cryptography.hazmat.primitives import serialization
 from OpenSSL import crypto
@@ -57,6 +58,14 @@ def load_cert(*names: str) -> crypto.X509:
     return crypto.load_certificate(loader, load_vector(*names))
 
 
+def load_cert_cryptography(*names: str) -> x509.Certificate:
+    """Load certificate using cryptography API."""
+    loader = _guess_loader(
+        names[-1], x509.load_pem_x509_certificate, x509.load_der_x509_certificate
+    )
+    return loader(load_vector(*names))
+
+
 def load_comparable_cert(*names: str) -> josepy.util.ComparableX509:
     """Load ComparableX509 cert."""
     return ComparableX509(load_cert(*names))
@@ -68,6 +77,12 @@ def load_csr(*names: str) -> crypto.X509Req:
     return crypto.load_certificate_request(loader, load_vector(*names))
 
 
+def load_csr_cryptography(*names: str) -> x509.CertificateSigningRequest:
+    """Load certificate request."""
+    loader = _guess_loader(names[-1], x509.load_pem_x509_csr, x509.load_der_x509_csr)
+    return loader(load_vector(*names))
+
+
 def load_comparable_csr(*names: str) -> josepy.util.ComparableX509:
     """Load ComparableX509 certificate request."""
     return ComparableX509(load_csr(*names))