Add tests for issue 64597

2025-04-17 10:10:20 +00:00 · 2023-07-05 12:18:40 +02:00 · 2023-07-05 12:18:40 +02:00 · 4bc5a4deb8
commit 4bc5a4deb8
parent bbd6009b9e
2 changed files with 49 additions and 3 deletions
--- a/tests/pytests/functional/modules/test_x509_v2.py
+++ b/tests/pytests/functional/modules/test_x509_v2.py
@ -1424,13 +1424,20 @@ def test_create_private_key_pkcs12(x509, passphrase):

@pytest.mark.parametrize("encoding", ["pem", "der"])
 def test_create_private_key_write_to_path(x509, encoding, tmp_path):
-    tgt = tmp_path / "csr"
+    tgt = tmp_path / "pk"
    x509.create_private_key(encoding=encoding, path=str(tgt))
    assert tgt.exists()
    if encoding == "pem":
        assert tgt.read_text().startswith("-----BEGIN PRIVATE KEY-----")


+def test_create_private_key_write_to_path_encrypted(x509, tmp_path):
+    tgt = tmp_path / "pk"
+    x509.create_private_key(path=str(tgt), passphrase="hunter1")
+    assert tgt.exists()
+    assert tgt.read_text().startswith("-----BEGIN ENCRYPTED PRIVATE KEY-----")
+
+
@pytest.mark.parametrize("encoding", ["pem", "der"])
 def test_create_private_key_write_to_path_overwrite(x509, encoding, tmp_path):
    tgt = tmp_path / "cert"
@ -1589,8 +1596,32 @@ def test_verify_crl(x509, crl, ca_cert):
    assert x509.verify_crl(crl, ca_cert) is True


-def test_verify_private_key(x509, ca_key, ca_cert):
-    assert x509.verify_private_key(ca_key, ca_cert) is True
+def test_encode_private_key(x509, rsa_privkey):
+    pk = x509.create_private_key()
+    res = x509.encode_private_key(pk)
+    assert res.strip() == pk.strip()
+
+
+def test_encode_private_key_encrypted(x509, ca_key, ca_key_enc):
+    pk = x509.create_private_key()
+    pk_enc = x509.encode_private_key(pk, passphrase="hunter1")
+    res = x509.encode_private_key(pk_enc, private_key_passphrase="hunter1")
+    assert res.strip() == pk.strip()
+
+
+@pytest.mark.parametrize("privkey,expected", [("ca_key", True), ("rsa_privkey", False)])
+def test_verify_private_key(x509, request, privkey, expected, ca_cert):
+    pk = request.getfixturevalue(privkey)
+    assert x509.verify_private_key(pk, ca_cert) is expected
+
+
+def test_verify_private_key_with_passphrase(x509, ca_key_enc, ca_cert):
+    assert (
+        x509.verify_private_key(
+            ca_key_enc, ca_cert, passphrase="correct horse battery staple"
+        )
+        is True
+    )


@pytest.mark.parametrize("algo", ["rsa", "ec", "ed25519", "ed448"])
--- a/tests/pytests/functional/states/test_x509_v2.py
+++ b/tests/pytests/functional/states/test_x509_v2.py
@ -2170,6 +2170,21 @@ def test_private_key_managed_existing(x509, pk_args):
    _assert_not_changed(ret)


+@pytest.mark.usefixtures("existing_pk")
+@pytest.mark.parametrize(
+    "existing_pk",
+    [
+        {"algo": "rsa", "keysize": 3072},
+    ],
+    indirect=True,
+)
+def test_private_key_managed_existing_keysize_change_to_default(x509, pk_args):
+    pk_args.pop("keysize")
+    ret = x509.private_key_managed(**pk_args)
+    assert ret.changes
+    assert ret.changes["keysize"] == 2048
+
+
@pytest.mark.usefixtures("existing_pk")
 def test_private_key_managed_existing_new(x509, pk_args):
    cur = _get_privkey(pk_args["name"])