add load_der_x509_csr to support loading DER encoded CSRs

2 files changed, 57 insertions, 20 deletions

diff --git a/tests/hazmat/backends/test_multibackend.py b/tests/hazmat/backends/test_multibackend.py
index 40305387..5871e6c8 100644
--- a/tests/hazmat/backends/test_multibackend.py
+++ b/tests/hazmat/backends/test_multibackend.py
@@ -200,6 +200,9 @@ class DummyX509Backend(object):
     def load_pem_x509_csr(self, data):
         pass
 
+    def load_der_x509_csr(self, data):
+        pass
+
 
 class TestMultiBackend(object):
     def test_ciphers(self):
@@ -476,6 +479,7 @@ class TestMultiBackend(object):
         backend.load_pem_x509_certificate(b"certdata")
         backend.load_der_x509_certificate(b"certdata")
         backend.load_pem_x509_csr(b"reqdata")
+        backend.load_der_x509_csr(b"reqdata")
 
         backend = MultiBackend([])
         with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_X509):
@@ -484,3 +488,5 @@ class TestMultiBackend(object):
             backend.load_der_x509_certificate(b"certdata")
         with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_X509):
             backend.load_pem_x509_csr(b"reqdata")
+        with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_X509):
+            backend.load_der_x509_csr(b"reqdata")
diff --git a/tests/test_x509.py b/tests/test_x509.py
index 22b93f61..dc148d9d 100644
--- a/tests/test_x509.py
+++ b/tests/test_x509.py
@@ -340,12 +340,21 @@ class TestRSACertificate(object):
         with pytest.raises(UnsupportedAlgorithm):
             cert.signature_hash_algorithm
 
-    def test_load_rsa_certificate_request(self, backend):
-        request = _load_cert(
-            os.path.join("x509", "requests", "rsa_sha1.pem"),
-            x509.load_pem_x509_csr,
-            backend
-        )
+    @pytest.mark.parametrize(
+        ("path", "loader_func"),
+        [
+            [
+                os.path.join("x509", "requests", "rsa_sha1.pem"),
+                x509.load_pem_x509_csr
+            ],
+            [
+                os.path.join("x509", "requests", "rsa_sha1.der"),
+                x509.load_der_x509_csr
+            ],
+        ]
+    )
+    def test_load_rsa_certificate_request(self, path, loader_func, backend):
+        request = _load_cert(path, loader_func, backend)
         assert isinstance(request.signature_hash_algorithm, hashes.SHA1)
         public_key = request.public_key()
         assert isinstance(public_key, rsa.RSAPublicKey)
@@ -359,9 +368,13 @@ class TestRSACertificate(object):
             x509.NameAttribute(x509.OID_COMMON_NAME, 'cryptography.io'),
         ]
 
-    def test_invalid_certificate_request_pem(self, backend):
+    @pytest.mark.parametrize(
+        "loader_func",
+        [x509.load_pem_x509_csr, x509.load_der_x509_csr]
+    )
+    def test_invalid_certificate_request(self, loader_func, backend):
         with pytest.raises(ValueError):
-            x509.load_pem_x509_csr(b"notacsr", backend)
+            loader_func(b"notacsr", backend)
 
     def test_unsupported_signature_hash_algorithm_request(self, backend):
         request = _load_cert(
@@ -424,12 +437,21 @@ class TestDSACertificate(object):
                 "822ff5d234e073b901cf5941f58e1f538e71d40d", 16
             )
 
-    def test_load_dsa_request(self, backend):
-        request = _load_cert(
-            os.path.join("x509", "requests", "dsa_sha1.pem"),
-            x509.load_pem_x509_csr,
-            backend
-        )
+    @pytest.mark.parametrize(
+        ("path", "loader_func"),
+        [
+            [
+                os.path.join("x509", "requests", "dsa_sha1.pem"),
+                x509.load_pem_x509_csr
+            ],
+            [
+                os.path.join("x509", "requests", "dsa_sha1.der"),
+                x509.load_der_x509_csr
+            ],
+        ]
+    )
+    def test_load_dsa_request(self, path, loader_func, backend):
+        request = _load_cert(path, loader_func, backend)
         assert isinstance(request.signature_hash_algorithm, hashes.SHA1)
         public_key = request.public_key()
         assert isinstance(public_key, dsa.DSAPublicKey)
@@ -479,13 +501,22 @@ class TestECDSACertificate(object):
         with pytest.raises(NotImplementedError):
             cert.public_key()
 
-    def test_load_ecdsa_certificate_request(self, backend):
+    @pytest.mark.parametrize(
+        ("path", "loader_func"),
+        [
+            [
+                os.path.join("x509", "requests", "ec_sha256.pem"),
+                x509.load_pem_x509_csr
+            ],
+            [
+                os.path.join("x509", "requests", "ec_sha256.der"),
+                x509.load_der_x509_csr
+            ],
+        ]
+    )
+    def test_load_ecdsa_certificate_request(self, path, loader_func, backend):
         _skip_curve_unsupported(backend, ec.SECP384R1())
-        request = _load_cert(
-            os.path.join("x509", "requests", "ec_sha256.pem"),
-            x509.load_pem_x509_csr,
-            backend
-        )
+        request = _load_cert(path, loader_func, backend)
         assert isinstance(request.signature_hash_algorithm, hashes.SHA256)
         public_key = request.public_key()
         assert isinstance(public_key, ec.EllipticCurvePublicKey)