diff --git a/tests/test_package.py b/tests/test_package.py
index a3f027c3..b1e2c73b 100644
--- a/tests/test_package.py
+++ b/tests/test_package.py
@@ -11,6 +11,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+import json
 import string
 
 import pretend
@@ -114,6 +115,40 @@ def test_package_signed_name_is_correct():
     assert package.signed_filename == (filename + ".asc")
 
 
+def test_package_add_attestations(tmp_path):
+    package = package_file.PackageFile.from_filename(helpers.WHEEL_FIXTURE, None)
+
+    assert package.attestations is None
+
+    attestations = []
+    for i in range(3):
+        path = tmp_path / f"fake.{i}.attestation"
+        path.write_text(json.dumps({"fake": f"attestation {i}"}))
+        attestations.append(str(path))
+
+    package.add_attestations(attestations)
+
+    assert package.attestations == [
+        {"fake": "attestation 0"},
+        {"fake": "attestation 1"},
+        {"fake": "attestation 2"},
+    ]
+
+
+def test_package_add_attestations_invalid_json(tmp_path):
+    package = package_file.PackageFile.from_filename(helpers.WHEEL_FIXTURE, None)
+
+    assert package.attestations is None
+
+    attestation = tmp_path / "fake.publish.attestation"
+    attestation.write_text("this is not valid JSON")
+
+    with pytest.raises(
+        exceptions.InvalidDistribution, match="invalid JSON in attestation"
+    ):
+        package.add_attestations([attestation])
+
+
 @pytest.mark.parametrize(
     "pkg_name,expected_name",
     [