1 files changed, 41 insertions, 0 deletions

diff --git a/tests/test_pkey.py b/tests/test_pkey.py
index 7ffc4b41..42d8e6bb 100644
--- a/tests/test_pkey.py
+++ b/tests/test_pkey.py
@@ -476,6 +476,12 @@ class KeyTest(unittest.TestCase):
         )
         # No exception -> it's good. Meh.
 
+    def test_ed25519_load_from_file_obj(self):
+        with open(test_path('test_ed25519.key')) as pkey_fileobj:
+            key = Ed25519Key.from_private_key(pkey_fileobj)
+        self.assertEqual(key, key)
+        self.assertTrue(key.can_sign())
+
     def test_keyfile_is_actually_encrypted(self):
         # Read an existing encrypted private key
         file_ = test_path('test_rsa_password.key')
@@ -490,3 +496,38 @@ class KeyTest(unittest.TestCase):
             self.assert_keyfile_is_encrypted(newfile)
         finally:
             os.remove(newfile)
+
+    def test_certificates(self):
+        # NOTE: we also test 'live' use of cert auth for all key types in
+        # test_client.py; this and nearby cert tests are more about the gritty
+        # details.
+        # PKey.load_certificate
+        key_path = test_path(os.path.join('cert_support', 'test_rsa.key'))
+        key = RSAKey.from_private_key_file(key_path)
+        self.assertTrue(key.public_blob is None)
+        cert_path = test_path(
+            os.path.join('cert_support', 'test_rsa.key-cert.pub')
+        )
+        key.load_certificate(cert_path)
+        self.assertTrue(key.public_blob is not None)
+        self.assertEqual(key.public_blob.key_type, 'ssh-rsa-cert-v01@openssh.com')
+        self.assertEqual(key.public_blob.comment, 'test_rsa.key.pub')
+        # Delve into blob contents, for test purposes
+        msg = Message(key.public_blob.key_blob)
+        self.assertEqual(msg.get_text(), 'ssh-rsa-cert-v01@openssh.com')
+        nonce = msg.get_string()
+        e = msg.get_mpint()
+        n = msg.get_mpint()
+        self.assertEqual(e, key.public_numbers.e)
+        self.assertEqual(n, key.public_numbers.n)
+        # Serial number
+        self.assertEqual(msg.get_int64(), 1234)
+
+        # Prevented from loading certificate that doesn't match
+        key_path = test_path(os.path.join('cert_support', 'test_ed25519.key'))
+        key1 = Ed25519Key.from_private_key_file(key_path)
+        self.assertRaises(
+            ValueError,
+            key1.load_certificate,
+            test_path('test_rsa.key-cert.pub'),
+        )