From 31b6a9ae0f26a6a8fc2d524e3a458de996d769d5 Mon Sep 17 00:00:00 2001
From: Quentin Retourne <32574188+nitneuqr@users.noreply.github.com>
Date: Fri, 10 Jan 2025 19:12:03 +0100
Subject: [PATCH] added more test coverage

---
 src/rust/src/pkcs7.rs                 |  2 +-
 tests/hazmat/primitives/test_pkcs7.py | 33 +++++++++++++++++++++++++++
 2 files changed, 34 insertions(+), 1 deletion(-)

diff --git a/src/rust/src/pkcs7.rs b/src/rust/src/pkcs7.rs
index 7ff27c2c31dd..be7f76973482 100644
--- a/src/rust/src/pkcs7.rs
+++ b/src/rust/src/pkcs7.rs
@@ -805,7 +805,7 @@ fn verify_der<'p>(
         _ => {
             return Err(CryptographyError::from(
                 pyo3::exceptions::PyValueError::new_err(
-                    "The PKCS7 data is not an SignedData structure.",
+                    "The PKCS7 data is not a SignedData structure.",
                 ),
             ));
         }
diff --git a/tests/hazmat/primitives/test_pkcs7.py b/tests/hazmat/primitives/test_pkcs7.py
index d61a5ed518f6..161b3af55fcf 100644
--- a/tests/hazmat/primitives/test_pkcs7.py
+++ b/tests/hazmat/primitives/test_pkcs7.py
@@ -905,6 +905,25 @@ def test_pkcs7_verify_der(
         # Verification
         pkcs7.pkcs7_verify_der(signature, data, certificate, [])
 
+    def test_pkcs7_verify_der_no_content(
+        self, backend, data, certificate, private_key
+    ):
+        """
+        Tests verification when needing the content stored in the PKCS7 signed
+        data structure.
+        """
+        # Signature
+        builder = (
+            pkcs7.PKCS7SignatureBuilder()
+            .set_data(data)
+            .add_signer(certificate, private_key, hashes.SHA256())
+        )
+        options = [pkcs7.PKCS7Options.NoAttributes]
+        signature = builder.sign(serialization.Encoding.DER, options)
+
+        # Verification
+        pkcs7.pkcs7_verify_der(signature, None, certificate, [])
+
     def test_pkcs7_verify_der_no_data(
         self, backend, data, certificate, private_key
     ):
@@ -924,6 +943,20 @@ def test_pkcs7_verify_der_no_data(
         with pytest.raises(ValueError):
             pkcs7.pkcs7_verify_der(signature, None, certificate, [])
 
+    def test_pkcs7_verify_der_not_signed(self, backend, data):
+        # Encryption of data with a text/html content type header
+        certificate, _ = _load_rsa_cert_key()
+        builder = (
+            pkcs7.PKCS7EnvelopeBuilder()
+            .set_data(b"Hello world!")
+            .add_recipient(certificate)
+        )
+        enveloped = builder.encrypt(serialization.Encoding.DER, [])
+
+        # Verification
+        with pytest.raises(ValueError):
+            pkcs7.pkcs7_verify_der(enveloped, None, certificate, [])
+
     def test_pkcs7_verify_der_wrong_certificate(
         self, backend, data, certificate, private_key
     ):