From 236a4813556d3f7bed68f3158d201788ec7fa19b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?K=C5=8Dan?= <koan.bot@atoomic.org>
Date: Sat, 14 Mar 2026 23:26:03 -0600
Subject: [PATCH] test: add error-path coverage for key format operations in
 format.t

Cover 6 previously untested error paths:
- new_public_key() with unrecognized key format
- get_private_key_string() with cipher but no passphrase
- get_private_key_string() with unsupported cipher name
- new_private_key() with wrong passphrase
- new_private_key() with garbage input
- new_private_key() with truncated PEM
---
 t/format.t | 26 +++++++++++++++++++++++++-
 1 file changed, 25 insertions(+), 1 deletion(-)

diff --git a/t/format.t b/t/format.t
index 2973893..813b281 100644
--- a/t/format.t
+++ b/t/format.t
@@ -3,7 +3,7 @@ use Test::More;
 
 use Crypt::OpenSSL::RSA;
 
-BEGIN { plan tests => 19 }
+BEGIN { plan tests => 25 }
 
 my $PRIVATE_KEY_STRING = <<EOF;
 -----BEGIN RSA PRIVATE KEY-----
@@ -88,3 +88,27 @@ ok( $private_key2 = Crypt::OpenSSL::RSA->new_private_key( $private_key->get_priv
 is( $private_key2->get_private_key_string(), $DECRYPT_PRIVATE_KEY_STRING, "des3-encrypted key round-trips" );
 ok( $private_key2 = Crypt::OpenSSL::RSA->new_private_key( $private_key->get_private_key_string( $passphase, 'aes-128-cbc' ), $passphase ), "encrypt with aes-128-cbc and reload" );
 is( $private_key2->get_private_key_string(), $DECRYPT_PRIVATE_KEY_STRING, "aes-128-cbc-encrypted key round-trips" );
+
+# Error path: unrecognized public key format
+eval { Crypt::OpenSSL::RSA->new_public_key("not a key at all") };
+like( $@, qr/unrecognized key format/, "new_public_key croaks on unrecognized format" );
+
+# Error path: cipher without passphrase
+eval { $private_key->get_private_key_string(undef, 'aes-128-cbc') };
+like( $@, qr/Passphrase is required/, "get_private_key_string croaks when cipher given without passphrase" );
+
+# Error path: unsupported cipher name
+eval { $private_key->get_private_key_string('secret', 'no-such-cipher') };
+like( $@, qr/Unsupported cipher/, "get_private_key_string croaks on unsupported cipher" );
+
+# Error path: wrong passphrase for encrypted key
+eval { Crypt::OpenSSL::RSA->new_private_key( $ENCRYPT_PRIVATE_KEY_STRING, 'wrong-passphrase' ) };
+ok( $@, "new_private_key croaks with wrong passphrase" );
+
+# Error path: garbage private key
+eval { Crypt::OpenSSL::RSA->new_private_key("not a valid PEM key\n") };
+ok( $@, "new_private_key croaks on garbage input" );
+
+# Error path: truncated PEM (valid header, invalid body)
+eval { Crypt::OpenSSL::RSA->new_private_key("-----BEGIN RSA PRIVATE KEY-----\ngarbage\n-----END RSA PRIVATE KEY-----\n") };
+ok( $@, "new_private_key croaks on truncated PEM" );