added more test coverage

nitneuqr · nitneuqr · commit c2ce2cd862e2 · 2025-06-15T12:03:00.000+02:00
diff --git a/src/rust/src/pkcs7.rs b/src/rust/src/pkcs7.rs
@@ -809,7 +809,7 @@ fn verify_der<'p>(
         _ => {
             return Err(CryptographyError::from(
                 pyo3::exceptions::PyValueError::new_err(
-                    "The PKCS7 data is not an SignedData structure.",
+                    "The PKCS7 data is not a SignedData structure.",
                 ),
             ));
         }
diff --git a/tests/hazmat/primitives/test_pkcs7.py b/tests/hazmat/primitives/test_pkcs7.py
@@ -1063,6 +1063,25 @@ def test_pkcs7_verify_der(
         # Verification
         pkcs7.pkcs7_verify_der(signature, data, certificate, [])
 
+    def test_pkcs7_verify_der_no_content(
+        self, backend, data, certificate, private_key
+    ):
+        """
+        Tests verification when needing the content stored in the PKCS7 signed
+        data structure.
+        """
+        # Signature
+        builder = (
+            pkcs7.PKCS7SignatureBuilder()
+            .set_data(data)
+            .add_signer(certificate, private_key, hashes.SHA256())
+        )
+        options = [pkcs7.PKCS7Options.NoAttributes]
+        signature = builder.sign(serialization.Encoding.DER, options)
+
+        # Verification
+        pkcs7.pkcs7_verify_der(signature, None, certificate, [])
+
     def test_pkcs7_verify_der_no_data(
         self, backend, data, certificate, private_key
     ):
@@ -1082,6 +1101,20 @@ def test_pkcs7_verify_der_no_data(
         with pytest.raises(ValueError):
             pkcs7.pkcs7_verify_der(signature, None, certificate, [])
 
+    def test_pkcs7_verify_der_not_signed(self, backend, data):
+        # Encryption of data with a text/html content type header
+        certificate, _ = _load_rsa_cert_key()
+        builder = (
+            pkcs7.PKCS7EnvelopeBuilder()
+            .set_data(b"Hello world!")
+            .add_recipient(certificate)
+        )
+        enveloped = builder.encrypt(serialization.Encoding.DER, [])
+
+        # Verification
+        with pytest.raises(ValueError):
+            pkcs7.pkcs7_verify_der(enveloped, None, certificate, [])
+
     def test_pkcs7_verify_der_wrong_certificate(
         self, backend, data, certificate, private_key
     ):

Original file line number	Diff line number	Diff line change
`@@ -809,7 +809,7 @@ fn verify_der<'p>(`
`809`	`809`	`_ => {`
`810`	`810`	`return Err(CryptographyError::from(`
`811`	`811`	`pyo3::exceptions::PyValueError::new_err(`
`812`		`- "The PKCS7 data is not an SignedData structure.",`
	`812`	`+ "The PKCS7 data is not a SignedData structure.",`
`813`	`813`	`),`
`814`	`814`	`));`
`815`	`815`	`}`