1 files changed, 43 insertions, 0 deletions

diff --git a/tests/test_pkey.py b/tests/test_pkey.py
index 3a1279b6..08d38e3b 100644
--- a/tests/test_pkey.py
+++ b/tests/test_pkey.py
@@ -487,6 +487,12 @@ class KeyTest(unittest.TestCase):
         )
         # No exception -> it's good. Meh.
 
+    def test_ed25519_load_from_file_obj(self):
+        with open(_support("test_ed25519.key")) as pkey_fileobj:
+            key = Ed25519Key.from_private_key(pkey_fileobj)
+        self.assertEqual(key, key)
+        self.assertTrue(key.can_sign())
+
     def test_keyfile_is_actually_encrypted(self):
         # Read an existing encrypted private key
         file_ = _support("test_rsa_password.key")
@@ -501,3 +507,40 @@ class KeyTest(unittest.TestCase):
             self.assert_keyfile_is_encrypted(newfile)
         finally:
             os.remove(newfile)
+
+    def test_certificates(self):
+        # NOTE: we also test 'live' use of cert auth for all key types in
+        # test_client.py; this and nearby cert tests are more about the gritty
+        # details.
+        # PKey.load_certificate
+        key_path = _support(os.path.join("cert_support", "test_rsa.key"))
+        key = RSAKey.from_private_key_file(key_path)
+        self.assertTrue(key.public_blob is None)
+        cert_path = _support(
+            os.path.join("cert_support", "test_rsa.key-cert.pub")
+        )
+        key.load_certificate(cert_path)
+        self.assertTrue(key.public_blob is not None)
+        self.assertEqual(
+            key.public_blob.key_type, "ssh-rsa-cert-v01@openssh.com"
+        )
+        self.assertEqual(key.public_blob.comment, "test_rsa.key.pub")
+        # Delve into blob contents, for test purposes
+        msg = Message(key.public_blob.key_blob)
+        self.assertEqual(msg.get_text(), "ssh-rsa-cert-v01@openssh.com")
+        nonce = msg.get_string()
+        e = msg.get_mpint()
+        n = msg.get_mpint()
+        self.assertEqual(e, key.public_numbers.e)
+        self.assertEqual(n, key.public_numbers.n)
+        # Serial number
+        self.assertEqual(msg.get_int64(), 1234)
+
+        # Prevented from loading certificate that doesn't match
+        key_path = _support(os.path.join("cert_support", "test_ed25519.key"))
+        key1 = Ed25519Key.from_private_key_file(key_path)
+        self.assertRaises(
+            ValueError,
+            key1.load_certificate,
+            _support("test_rsa.key-cert.pub"),
+        )