added more test coverage

pyca · Jan 10, 2025 · 31b6a9a · 31b6a9a
1 parent 0b84feb
commit 31b6a9a
Show file tree

Hide file tree

Showing 2 changed files with 34 additions and 1 deletion.
diff --git a/src/rust/src/pkcs7.rs b/src/rust/src/pkcs7.rs
@@ -805,7 +805,7 @@ fn verify_der<'p>(
         _ => {
             return Err(CryptographyError::from(
                 pyo3::exceptions::PyValueError::new_err(
-                    "The PKCS7 data is not an SignedData structure.",
+                    "The PKCS7 data is not a SignedData structure.",
                 ),
             ));
         }

diff --git a/tests/hazmat/primitives/test_pkcs7.py b/tests/hazmat/primitives/test_pkcs7.py
@@ -905,6 +905,25 @@ def test_pkcs7_verify_der(
         # Verification
         pkcs7.pkcs7_verify_der(signature, data, certificate, [])
 
+    def test_pkcs7_verify_der_no_content(
+        self, backend, data, certificate, private_key
+    ):
+        """
+        Tests verification when needing the content stored in the PKCS7 signed
+        data structure.
+        """
+        # Signature
+        builder = (
+            pkcs7.PKCS7SignatureBuilder()
+            .set_data(data)
+            .add_signer(certificate, private_key, hashes.SHA256())
+        )
+        options = [pkcs7.PKCS7Options.NoAttributes]
+        signature = builder.sign(serialization.Encoding.DER, options)
+
+        # Verification
+        pkcs7.pkcs7_verify_der(signature, None, certificate, [])
+
     def test_pkcs7_verify_der_no_data(
         self, backend, data, certificate, private_key
     ):
@@ -924,6 +943,20 @@ def test_pkcs7_verify_der_no_data(
         with pytest.raises(ValueError):
             pkcs7.pkcs7_verify_der(signature, None, certificate, [])
 
+    def test_pkcs7_verify_der_not_signed(self, backend, data):
+        # Encryption of data with a text/html content type header
+        certificate, _ = _load_rsa_cert_key()
+        builder = (
+            pkcs7.PKCS7EnvelopeBuilder()
+            .set_data(b"Hello world!")
+            .add_recipient(certificate)
+        )
+        enveloped = builder.encrypt(serialization.Encoding.DER, [])
+
+        # Verification
+        with pytest.raises(ValueError):
+            pkcs7.pkcs7_verify_der(enveloped, None, certificate, [])
+
     def test_pkcs7_verify_der_wrong_certificate(
         self, backend, data, certificate, private_key
     ):