4 files changed, 98 insertions, 0 deletions

diff --git a/tests/hypothesis/__init__.py b/tests/hypothesis/__init__.py
new file mode 100644
index 00000000..4b540884
--- /dev/null
+++ b/tests/hypothesis/__init__.py
@@ -0,0 +1,5 @@
+# This file is dual licensed under the terms of the Apache License, Version
+# 2.0, and the BSD License. See the LICENSE file in the root of this repository
+# for complete details.
+
+from __future__ import absolute_import, division, print_function
diff --git a/tests/hypothesis/test_fernet.py b/tests/hypothesis/test_fernet.py
new file mode 100644
index 00000000..c6528696
--- /dev/null
+++ b/tests/hypothesis/test_fernet.py
@@ -0,0 +1,15 @@
+# This file is dual licensed under the terms of the Apache License, Version
+# 2.0, and the BSD License. See the LICENSE file in the root of this repository
+# for complete details.
+
+from hypothesis import given
+from hypothesis.strategies import binary
+
+from cryptography.fernet import Fernet
+
+
+@given(binary())
+def test_fernet(data):
+    f = Fernet(Fernet.generate_key())
+    ct = f.encrypt(data)
+    assert f.decrypt(ct) == data
diff --git a/tests/test_x509.py b/tests/test_x509.py
index ded2f0ee..b9304c37 100644
--- a/tests/test_x509.py
+++ b/tests/test_x509.py
@@ -1847,6 +1847,30 @@ class TestCertificateBuilder(object):
             decipher_only=False
         )
 
+    @pytest.mark.requires_backend_interface(interface=RSABackend)
+    @pytest.mark.requires_backend_interface(interface=X509Backend)
+    def test_build_ca_request_with_path_length_none(self, backend):
+        private_key = RSA_KEY_2048.private_key(backend)
+
+        request = x509.CertificateSigningRequestBuilder().subject_name(
+            x509.Name([
+                x509.NameAttribute(NameOID.ORGANIZATION_NAME,
+                                   u'PyCA'),
+            ])
+        ).add_extension(
+            x509.BasicConstraints(ca=True, path_length=None), critical=True
+        ).sign(private_key, hashes.SHA1(), backend)
+
+        loaded_request = x509.load_pem_x509_csr(
+            request.public_bytes(encoding=serialization.Encoding.PEM), backend
+        )
+        subject = loaded_request.subject
+        assert isinstance(subject, x509.Name)
+        basic_constraints = request.extensions.get_extension_for_oid(
+            ExtensionOID.BASIC_CONSTRAINTS
+        )
+        assert basic_constraints.value.path_length is None
+
 
 @pytest.mark.requires_backend_interface(interface=X509Backend)
 class TestCertificateSigningRequestBuilder(object):
@@ -2617,6 +2641,21 @@ class TestECDSACertificate(object):
         ]
 
 
+@pytest.mark.requires_backend_interface(interface=X509Backend)
+class TestOtherCertificate(object):
+    def test_unsupported_subject_public_key_info(self, backend):
+        cert = _load_cert(
+            os.path.join(
+                "x509", "custom", "unsupported_subject_public_key_info.pem"
+            ),
+            x509.load_pem_x509_certificate,
+            backend,
+        )
+
+        with pytest.raises(ValueError):
+            cert.public_key()
+
+
 class TestNameAttribute(object):
     def test_init_bad_oid(self):
         with pytest.raises(TypeError):
diff --git a/tests/test_x509_ext.py b/tests/test_x509_ext.py
index 85373973..1bc14620 100644
--- a/tests/test_x509_ext.py
+++ b/tests/test_x509_ext.py
@@ -1555,6 +1555,21 @@ class TestRSASubjectAlternativeNameExtension(object):
             u'saseliminator.com'
         ]
 
+    def test_san_empty_hostname(self, backend):
+        cert = _load_cert(
+            os.path.join(
+                "x509", "custom", "san_empty_hostname.pem"
+            ),
+            x509.load_pem_x509_certificate,
+            backend
+        )
+        san = cert.extensions.get_extension_for_oid(
+            ExtensionOID.SUBJECT_ALTERNATIVE_NAME
+        )
+
+        dns = san.value.get_values_for_type(x509.DNSName)
+        assert dns == [u'']
+
     def test_san_wildcard_idna_dns_name(self, backend):
         cert = _load_cert(
             os.path.join("x509", "custom", "san_wildcard_idna.pem"),
@@ -2903,6 +2918,30 @@ class TestCRLDistributionPointsExtension(object):
             )
         ])
 
+    def test_crl_empty_hostname(self, backend):
+        cert = _load_cert(
+            os.path.join(
+                "x509", "custom", "cdp_empty_hostname.pem"
+            ),
+            x509.load_pem_x509_certificate,
+            backend
+        )
+
+        cdps = cert.extensions.get_extension_for_oid(
+            ExtensionOID.CRL_DISTRIBUTION_POINTS
+        ).value
+
+        assert cdps == x509.CRLDistributionPoints([
+            x509.DistributionPoint(
+                full_name=[x509.UniformResourceIdentifier(
+                    u"ldap:/CN=A,OU=B,dc=C,DC=D?E?F?G?H=I"
+                )],
+                relative_name=None,
+                reasons=None,
+                crl_issuer=None
+            )
+        ])
+
 
 @pytest.mark.requires_backend_interface(interface=RSABackend)
 @pytest.mark.requires_backend_interface(interface=X509Backend)