diff options
| author | Mathias Ertl <mati@er.tl> | 2021-03-11 21:35:48 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-03-11 15:35:48 -0500 |
| commit | 2428b11ab84bb796bfcc595cd48fc00e3195e6bb (patch) | |
| tree | 9b0304d484ec00695ab86e4f3e1f725b95878335 | |
| parent | c5cc44a313b5b90a710c40f213679900ab5783c0 (diff) | |
| download | cryptography-2428b11ab84bb796bfcc595cd48fc00e3195e6bb.tar.gz | |
Typehint x509.base (only) (#5904)
* typehint x509.base
* cast extension class
* don't use string in typecast
* use lists as default argument values (see #5904)
* restore import since this is now re-exported
* ignore linting errors
* empty commit to trigger github actions
* fix formatting issue
| -rw-r--r-- | src/cryptography/hazmat/backends/openssl/backend.py | 7 | ||||
| -rw-r--r-- | src/cryptography/x509/base.py | 70 | ||||
| -rw-r--r-- | tests/x509/test_x509.py | 15 |
3 files changed, 65 insertions, 27 deletions
diff --git a/src/cryptography/hazmat/backends/openssl/backend.py b/src/cryptography/hazmat/backends/openssl/backend.py index c87a466c9..605af068d 100644 --- a/src/cryptography/hazmat/backends/openssl/backend.py +++ b/src/cryptography/hazmat/backends/openssl/backend.py @@ -991,7 +991,8 @@ class Backend(BackendInterface): # Set the subject's public key. res = self._lib.X509_set_pubkey( - x509_cert, builder._public_key._evp_pkey + x509_cert, + builder._public_key._evp_pkey, # type: ignore[union-attr] ) self.openssl_assert(res == 1) @@ -1101,7 +1102,9 @@ class Backend(BackendInterface): for revoked_cert in builder._revoked_certificates: # Duplicating because the X509_CRL takes ownership and will free # this memory when X509_CRL_free is called. - revoked = self._lib.X509_REVOKED_dup(revoked_cert._x509_revoked) + revoked = self._lib.X509_REVOKED_dup( + revoked_cert._x509_revoked # type: ignore[attr-defined] + ) self.openssl_assert(revoked != self._ffi.NULL) res = self._lib.X509_CRL_add0_revoked(x509_crl, revoked) self.openssl_assert(res == 1) diff --git a/src/cryptography/x509/base.py b/src/cryptography/x509/base.py index 1e98b469c..9bbde978f 100644 --- a/src/cryptography/x509/base.py +++ b/src/cryptography/x509/base.py @@ -29,13 +29,14 @@ _EARLIEST_UTC_TIME = datetime.datetime(1950, 1, 1) class AttributeNotFound(Exception): - def __init__(self, msg, oid): + def __init__(self, msg: str, oid: ObjectIdentifier) -> None: super(AttributeNotFound, self).__init__(msg) self.oid = oid def _reject_duplicate_extension( - extension: Extension, extensions: typing.List[Extension] + extension: Extension[ExtensionType], + extensions: typing.List[Extension[ExtensionType]], ) -> None: # This is quadratic in the number of extensions for e in extensions: @@ -73,7 +74,7 @@ class Version(Enum): class InvalidVersion(Exception): - def __init__(self, msg, parsed_version): + def __init__(self, msg: str, parsed_version: int) -> None: super(InvalidVersion, self).__init__(msg) self.parsed_version = parsed_version @@ -228,7 +229,9 @@ class CertificateRevocationList(metaclass=abc.ABCMeta): """ @abc.abstractproperty - def signature_hash_algorithm(self) -> hashes.HashAlgorithm: + def signature_hash_algorithm( + self, + ) -> typing.Optional[hashes.HashAlgorithm]: """ Returns a HashAlgorithm corresponding to the type of the digest signed in the certificate. @@ -294,14 +297,24 @@ class CertificateRevocationList(metaclass=abc.ABCMeta): Number of revoked certificates in the CRL. """ + @typing.overload + def __getitem__(self, idx: int) -> RevokedCertificate: + ... + + @typing.overload + def __getitem__(self, idx: slice) -> typing.List[RevokedCertificate]: + ... + @abc.abstractmethod - def __getitem__(self, idx): + def __getitem__( + self, idx: typing.Union[int, slice] + ) -> typing.Union[RevokedCertificate, typing.List[RevokedCertificate]]: """ Returns a revoked certificate (or slice of revoked certificates). """ @abc.abstractmethod - def __iter__(self): + def __iter__(self) -> typing.Iterator[RevokedCertificate]: """ Iterator over the revoked certificates """ @@ -345,7 +358,9 @@ class CertificateSigningRequest(metaclass=abc.ABCMeta): """ @abc.abstractproperty - def signature_hash_algorithm(self) -> hashes.HashAlgorithm: + def signature_hash_algorithm( + self, + ) -> typing.Optional[hashes.HashAlgorithm]: """ Returns a HashAlgorithm corresponding to the type of the digest signed in the certificate. @@ -438,7 +453,12 @@ def load_der_x509_crl( class CertificateSigningRequestBuilder(object): - def __init__(self, subject_name=None, extensions=[], attributes=[]): + def __init__( + self, + subject_name: typing.Optional[Name] = None, + extensions: typing.List[Extension[ExtensionType]] = [], + attributes: typing.List[typing.Tuple[ObjectIdentifier, bytes]] = [], + ): """ Creates an empty X.509 certificate request (v1). """ @@ -512,15 +532,17 @@ class CertificateSigningRequestBuilder(object): class CertificateBuilder(object): + _extensions: typing.List[Extension[ExtensionType]] + def __init__( self, - issuer_name=None, - subject_name=None, - public_key=None, - serial_number=None, - not_valid_before=None, - not_valid_after=None, - extensions=[], + issuer_name: typing.Optional[Name] = None, + subject_name: typing.Optional[Name] = None, + public_key: typing.Optional[_PUBLIC_KEY_TYPES] = None, + serial_number: typing.Optional[int] = None, + not_valid_before: typing.Optional[datetime.datetime] = None, + not_valid_after: typing.Optional[datetime.datetime] = None, + extensions: typing.List[Extension[ExtensionType]] = [], ) -> None: self._version = Version.v3 self._issuer_name = issuer_name @@ -745,13 +767,16 @@ class CertificateBuilder(object): class CertificateRevocationListBuilder(object): + _extensions: typing.List[Extension[ExtensionType]] + _revoked_certificates: typing.List[RevokedCertificate] + def __init__( self, - issuer_name=None, - last_update=None, - next_update=None, - extensions=[], - revoked_certificates=[], + issuer_name: typing.Optional[Name] = None, + last_update: typing.Optional[datetime.datetime] = None, + next_update: typing.Optional[datetime.datetime] = None, + extensions: typing.List[Extension[ExtensionType]] = [], + revoked_certificates: typing.List[RevokedCertificate] = [], ): self._issuer_name = issuer_name self._last_update = last_update @@ -879,7 +904,10 @@ class CertificateRevocationListBuilder(object): class RevokedCertificateBuilder(object): def __init__( - self, serial_number=None, revocation_date=None, extensions=[] + self, + serial_number: typing.Optional[int] = None, + revocation_date: typing.Optional[datetime.datetime] = None, + extensions: typing.List[Extension[ExtensionType]] = [], ): self._serial_number = serial_number self._revocation_date = revocation_date diff --git a/tests/x509/test_x509.py b/tests/x509/test_x509.py index e47c109f4..b3bf78a68 100644 --- a/tests/x509/test_x509.py +++ b/tests/x509/test_x509.py @@ -10,6 +10,7 @@ import copy import datetime import ipaddress import os +import typing import pytest @@ -3615,8 +3616,11 @@ class TestCertificateSigningRequestBuilder(object): assert list(subject) == [ x509.NameAttribute(NameOID.STATE_OR_PROVINCE_NAME, "Texas"), ] - basic_constraints = request.extensions.get_extension_for_oid( - ExtensionOID.BASIC_CONSTRAINTS + basic_constraints = typing.cast( + x509.Extension[x509.BasicConstraints], + request.extensions.get_extension_for_oid( + ExtensionOID.BASIC_CONSTRAINTS + ), ) assert basic_constraints.value.ca is True assert basic_constraints.value.path_length == 2 @@ -3653,8 +3657,11 @@ class TestCertificateSigningRequestBuilder(object): assert list(subject) == [ x509.NameAttribute(NameOID.STATE_OR_PROVINCE_NAME, "Texas"), ] - basic_constraints = request.extensions.get_extension_for_oid( - ExtensionOID.BASIC_CONSTRAINTS + basic_constraints = typing.cast( + x509.Extension[x509.BasicConstraints], + request.extensions.get_extension_for_oid( + ExtensionOID.BASIC_CONSTRAINTS + ), ) assert basic_constraints.value.ca is True assert basic_constraints.value.path_length == 2 |