| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
| |
* support ms certificate template
* contortions for rust coverage
* review feedback
|
| | |
|
| |
|
| |
fixes #8589
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Rename Union type aliases to CamelCase
Many `typing.Union` type aliases were previously using `UPPER_SNAKE_CASE`, but Python's convention is `CamelCase` for these (e.g. https://docs.python.org/3/library/typing.html#type-aliases)
* Add utils.deprecated for the old non-underscore type aliases
* Added documentation for new type aliases & minor tweaks
* Use 'versionadded:: 40.0.0'
* Fix CertificatePublicKeyTypes vs CertificateIssuerPublicKeyTypes. Rename CertificatePrivateKeyTypes to CertificateIssuerPrivateKeyTypes
* Fix imports (ruff)
* Fix one more versionadded
* Tweak docs & Reorder: CertificateIssuerPublicKeyTypes before CertificateIssuerPrivateKeyTypes
* Fix test mypy errors using cast()
* Fix black, oops
* Revert "Fix black, oops"
This reverts commit 85344e231d697bdc0940e105f7aed729445f9743.
* Revert "Fix test mypy errors using cast()"
This reverts commit b272d8ca95fbbbc62060663f9e8930a139a7a43e.
* Revert type of SubjectKeyIdentifier.from_public_key arg
* Changelog tweak
|
| |
|
|
|
|
|
| |
* Disallow wildcards in DNSName for name constraints
As discussed in #8253, wildcards are unnecessary according to RFC 5280, and cause issues with at least Firefox.
* update changelog
|
| | |
|
| |
|
| |
It's more than 60x faster.
|
| |
|
|
| |
distribution points (#7710)
|
| | |
|
| | |
|
| |
|
|
| |
(#6983)
|
| |
|
| |
At some point it gained a default that was the same as what we were implementing.
|
| |
|
| |
As someone who first with Python in 2.4 or so, this habit is going to be hard to break.
|
| |
|
|
| |
this appears to be best practice and also makes the mypy type-coverage
analysis happier
|
| | |
|
| | |
|
| |
|
|
|
| |
* Allow to serialize extension values as DER bytes string.
* Prepare test for SignedCertificateTimestamps.
|
| |
|
|
|
|
|
| |
* oxidize issuing distribution point
* cleanup
* clippy
|
| |
|
|
|
|
|
|
|
| |
Python 3.10 changed enum's object and string representation. PyCA
cryptography now uses a custom subclass of enum.Enum() will well-defined
__repr__ and __str__ from Python 3.9.
Related: https://bugs.python.org/issue40066
Fixes: https://github.com/pyca/cryptography/issues/5995
Signed-off-by: Christian Heimes <cheimes@redhat.com>
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* add type alias for IP addresses
* Re-export module attributes in cryptography.x509.oid
Without exporting attributes via `__all__` mypy will consider typehints of
classes imported from `cryptography.x509.oid` as type Any. Example:
from cryptography.x509.oid import ObjectIdentifier
oid = ObjectIdentifier("1.2.3") # Any, if we do not re-export
Note that while the canonical location of ObjectIdentifier is in
`crytography.x509`, it is imported many times from `crytography.x509.oid`
instead
* add return type annotiations to constructors
* overload GeneralNames.get_values_for_type
* overload all implementations
|
| |
|
|
|
|
|
| |
* make value property return the generic value
* typehint x509.Name
* also ignore overloaded functions
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* add typehint for name
* strictly type ObjectIdentifier
* explicit reexport for mypy
* type (most) of extensions.py
* minor cleanup
* more consistently return None in constructors
* revert explicit reexport, as requested
* use _make_sequence_methods for now (#5870)
* mark oid as normal type-hinted property so that classes can access it
* fix spelling (upper case) use short form for reference
* annotate as ClassVar
* add type ignore for special extension class
|
| |
|
| |
Fix #5848
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* add typehints for read only properties
* fix typing in test cases
* fix last missing assertion
* add typehints to all read_only_properties where type hints are already available
* check for isnot None instead, as per PR suggestion
* convert read_only_property to @property decorators
* remove unused import
* use List instead of Iterable for return values
* use @property instead of read_only_property
* fix type errors
* remove last occurance of annotated read_only_property
* use is not None check (works because we now return list)
* fix unused import
|
| | |
|
| | |
|
| |
|
| |
test changes themselves will be in a separate PR
|
| | |
|
| |
|
|
|
| |
* Drop Python 2
* Black everything
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
| |
fixes #5127
|
| |
|
|
|
|
|
|
|
| |
* Support parsing SCTs in OCSPResponse
* s/typically/only and pep8
* remove unused vector
Co-authored-by: Szilárd Pfeiffer <szilard.pfeiffer@balasys.hu>
|
| |
|
|
|
| |
* add SubjectInformationAccess extension support
* fixes
|
| | |
|
| | |
|
| |
|
|
|
|
| |
* Simplify implementing sequence methods
* flake8
|
| |
|
|
|
|
|
|
| |
* Make DER reader into a context manager
* Added another test case
* flake8
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Remove non-test dependencies on asn1crypto.
cryptography.io actually contains two OpenSSL bindings right now, the
expected cffi one, and an optional one hidden in asn1crypto. asn1crypto
contains a lot of things that cryptography.io doesn't use, including a
BER parser and a hand-rolled and not constant-time EC implementation.
Instead, check in a much small DER-only parser in cryptography/hazmat. A
quick benchmark suggests this parser is also faster than asn1crypto:
from __future__ import absolute_import, division, print_function
import timeit
print(timeit.timeit(
"decode_dss_signature(sig)",
setup=r"""
from cryptography.hazmat.primitives.asymmetric.utils import decode_dss_signature
sig=b"\x30\x2d\x02\x15\x00\xb5\xaf\x30\x78\x67\xfb\x8b\x54\x39\x00\x13\xcc\x67\x02\x0d\xdf\x1f\x2c\x0b\x81\x02\x14\x62\x0d\x3b\x22\xab\x50\x31\x44\x0c\x3e\x35\xea\xb6\xf4\x81\x29\x8f\x9e\x9f\x08"
""",
number=10000))
Python 2.7:
asn1crypto: 0.25
_der.py: 0.098
Python 3.5:
asn1crypto: 0.17
_der.py: 0.10
* Remove test dependencies on asn1crypto.
The remaining use of asn1crypto was some sanity-checking of
Certificates. Add a minimal X.509 parser to extract the relevant fields.
* Add a read_single_element helper function.
The outermost read is a little tedious.
* Address flake8 warnings
* Fix test for long-form vs short-form lengths.
Testing a zero length trips both this check and the non-minimal long
form check. Use a one-byte length to cover the missing branch.
* Remove support for negative integers.
These never come up in valid signatures. Note, however, this does
change public API.
* Update src/cryptography/hazmat/primitives/asymmetric/utils.py
Co-Authored-By: Alex Gaynor <alex.gaynor@gmail.com>
* Review comments
* Avoid hardcoding the serialization of NULL in decode_asn1.py too.
|
| |
|
|
|
|
|
|
|
|
| |
* fix from_issuer_subject_key_identifier to take the right type
deprecate passing the old Extension wrapper object
* don't use a try:except:
* hilarious contortions to satisfy doc8
|
| |
|
|
|
|
|
|
| |
* fix != comparison in py2 (fixes #4821)
* remove blank line b/c pep8
* move __ne__ next to __eq__ as per review request
|
| | |
|
| | |
|
