Add tests

gjcairo · gjcairo · commit 415098e08c14 · 2025-04-25T16:21:46.000+01:00
diff --git a/Tests/X509Tests/CertificateDERTests.swift b/Tests/X509Tests/CertificateDERTests.swift
@@ -18,6 +18,7 @@ import FoundationEssentials
 import Foundation
 #endif
 import XCTest
+import Testing
 import SwiftASN1
 @testable import X509
 import Crypto
@@ -761,3 +762,59 @@ final class CertificateDERTests: XCTestCase {
         XCTAssertNoThrow(try decoded.extensions.nameConstraints)
     }
 }
+
+@Suite("CertificatePrivateKey DER-encoded tests")
+struct CertificatePrivateKeyDEREncodedTests {
+    @Suite("Using ECDSA")
+    struct ECDSA {
+        @Test("P256")
+        func testP256() throws {
+            let key = P256.Signing.PrivateKey()
+            let derBytes = Array(key.derRepresentation)
+            let parsedKey = try Certificate.PrivateKey(derBytes: derBytes)
+            try #require(parsedKey != nil)
+            #expect(parsedKey.backing == .p256(key))
+        }
+
+        @Test("P384")
+        func testP384() throws {
+            let key = P384.Signing.PrivateKey()
+            let derBytes = Array(key.derRepresentation)
+            let parsedKey = try Certificate.PrivateKey(derBytes: derBytes)
+            try #require(parsedKey != nil)
+            #expect(parsedKey.backing == .p384(key))
+        }
+
+        @Test("P521")
+        func testP521() throws {
+            let key = P521.Signing.PrivateKey()
+            let derBytes = Array(key.derRepresentation)
+            let parsedKey = try Certificate.PrivateKey(derBytes: derBytes)
+            try #require(parsedKey != nil)
+            #expect(parsedKey.backing == .p521(key))
+        }
+    }
+
+    @Test("Using ED25519")
+    func testED25519() throws {
+        let key = Curve25519.Signing.PrivateKey()
+        let derBytes = key.derRepresentation
+        let parsedKey = try Certificate.PrivateKey(derBytes: derBytes)
+        try #require(parsedKey != nil)
+        #expect(parsedKey.backing == .ed25519(key))
+    }
+
+    @Test("Using RSA")
+    func testRSA() throws {
+        // Unlike other algorithms, RSA's bytes representation is not in PKCS#8 format, so we have
+        // to bridge it by first serialising the key as a PKCS#8 PEM document, and then getting
+        // its DER bytes.
+        let key = try _CryptoExtras._RSA.Signing.PrivateKey(keySize: .bits2048)
+        let pkcs8 = key.pkcs8PEMRepresentation
+        let pemDoc = try PEMDocument(pemString: pkcs8)
+        let derBytes = pemDoc.derBytes
+        let parsedKey = try Certificate.PrivateKey(derBytes: derBytes)
+        try #require(parsedKey != nil)
+        #expect(parsedKey.backing == .rsa(key))
+    }
+}
