From 6311b9dcd5d48785c356309c3cef6a25d2e4e05b Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Sun, 17 Nov 2024 08:54:13 -0800 Subject: [PATCH] remove crl abc (#11991) * remove crl abc * flake fix * oops --- .../hazmat/bindings/_rust/x509.pyi | 46 +++++- src/cryptography/x509/base.py | 150 +----------------- 2 files changed, 46 insertions(+), 150 deletions(-) diff --git a/src/cryptography/hazmat/bindings/_rust/x509.pyi b/src/cryptography/hazmat/bindings/_rust/x509.pyi index c116974de125..b343260b1631 100644 --- a/src/cryptography/hazmat/bindings/_rust/x509.pyi +++ b/src/cryptography/hazmat/bindings/_rust/x509.pyi @@ -10,6 +10,7 @@ from cryptography.hazmat.primitives import hashes, serialization from cryptography.hazmat.primitives.asymmetric.ec import ECDSA from cryptography.hazmat.primitives.asymmetric.padding import PSS, PKCS1v15 from cryptography.hazmat.primitives.asymmetric.types import ( + CertificateIssuerPublicKeyTypes, CertificatePublicKeyTypes, PrivateKeyTypes, ) @@ -103,7 +104,50 @@ class Certificate: def verify_directly_issued_by(self, issuer: Certificate) -> None: ... class RevokedCertificate: ... -class CertificateRevocationList: ... + +class CertificateRevocationList: + def public_bytes(self, encoding: serialization.Encoding) -> bytes: ... + def fingerprint(self, algorithm: hashes.HashAlgorithm) -> bytes: ... + def get_revoked_certificate_by_serial_number( + self, serial_number: int + ) -> RevokedCertificate | None: ... + @property + def signature_hash_algorithm( + self, + ) -> hashes.HashAlgorithm | None: ... + @property + def signature_algorithm_oid(self) -> x509.ObjectIdentifier: ... + @property + def signature_algorithm_parameters( + self, + ) -> None | PSS | PKCS1v15 | ECDSA: ... + @property + def issuer(self) -> x509.Name: ... + @property + def next_update(self) -> datetime.datetime | None: ... + @property + def next_update_utc(self) -> datetime.datetime | None: ... + @property + def last_update(self) -> datetime.datetime: ... + @property + def last_update_utc(self) -> datetime.datetime: ... + @property + def extensions(self) -> x509.Extensions: ... + @property + def signature(self) -> bytes: ... + @property + def tbs_certlist_bytes(self) -> bytes: ... + def __eq__(self, other: object) -> bool: ... + def __len__(self) -> int: ... + @typing.overload + def __getitem__(self, idx: int) -> x509.RevokedCertificate: ... + @typing.overload + def __getitem__(self, idx: slice) -> list[x509.RevokedCertificate]: ... + def __iter__(self) -> typing.Iterator[x509.RevokedCertificate]: ... + def is_signature_valid( + self, public_key: CertificateIssuerPublicKeyTypes + ) -> bool: ... + class CertificateSigningRequest: ... class PolicyBuilder: diff --git a/src/cryptography/x509/base.py b/src/cryptography/x509/base.py index af69194ccc5e..d3ed3c848661 100644 --- a/src/cryptography/x509/base.py +++ b/src/cryptography/x509/base.py @@ -25,7 +25,6 @@ ) from cryptography.hazmat.primitives.asymmetric.types import ( CertificateIssuerPrivateKeyTypes, - CertificateIssuerPublicKeyTypes, CertificatePublicKeyTypes, ) from cryptography.x509.extensions import ( @@ -232,154 +231,7 @@ def extensions(self) -> Extensions: return self._extensions -class CertificateRevocationList(metaclass=abc.ABCMeta): - @abc.abstractmethod - def public_bytes(self, encoding: serialization.Encoding) -> bytes: - """ - Serializes the CRL to PEM or DER format. - """ - - @abc.abstractmethod - def fingerprint(self, algorithm: hashes.HashAlgorithm) -> bytes: - """ - Returns bytes using digest passed. - """ - - @abc.abstractmethod - def get_revoked_certificate_by_serial_number( - self, serial_number: int - ) -> RevokedCertificate | None: - """ - Returns an instance of RevokedCertificate or None if the serial_number - is not in the CRL. - """ - - @property - @abc.abstractmethod - def signature_hash_algorithm( - self, - ) -> hashes.HashAlgorithm | None: - """ - Returns a HashAlgorithm corresponding to the type of the digest signed - in the certificate. - """ - - @property - @abc.abstractmethod - def signature_algorithm_oid(self) -> ObjectIdentifier: - """ - Returns the ObjectIdentifier of the signature algorithm. - """ - - @property - @abc.abstractmethod - def signature_algorithm_parameters( - self, - ) -> None | padding.PSS | padding.PKCS1v15 | ec.ECDSA: - """ - Returns the signature algorithm parameters. - """ - - @property - @abc.abstractmethod - def issuer(self) -> Name: - """ - Returns the X509Name with the issuer of this CRL. - """ - - @property - @abc.abstractmethod - def next_update(self) -> datetime.datetime | None: - """ - Returns the date of next update for this CRL. - """ - - @property - @abc.abstractmethod - def next_update_utc(self) -> datetime.datetime | None: - """ - Returns the date of next update for this CRL as a non-naive UTC - datetime. - """ - - @property - @abc.abstractmethod - def last_update(self) -> datetime.datetime: - """ - Returns the date of last update for this CRL. - """ - - @property - @abc.abstractmethod - def last_update_utc(self) -> datetime.datetime: - """ - Returns the date of last update for this CRL as a non-naive UTC - datetime. - """ - - @property - @abc.abstractmethod - def extensions(self) -> Extensions: - """ - Returns an Extensions object containing a list of CRL extensions. - """ - - @property - @abc.abstractmethod - def signature(self) -> bytes: - """ - Returns the signature bytes. - """ - - @property - @abc.abstractmethod - def tbs_certlist_bytes(self) -> bytes: - """ - Returns the tbsCertList payload bytes as defined in RFC 5280. - """ - - @abc.abstractmethod - def __eq__(self, other: object) -> bool: - """ - Checks equality. - """ - - @abc.abstractmethod - def __len__(self) -> int: - """ - Number of revoked certificates in the CRL. - """ - - @typing.overload - def __getitem__(self, idx: int) -> RevokedCertificate: ... - - @typing.overload - def __getitem__(self, idx: slice) -> list[RevokedCertificate]: ... - - @abc.abstractmethod - def __getitem__( - self, idx: int | slice - ) -> RevokedCertificate | list[RevokedCertificate]: - """ - Returns a revoked certificate (or slice of revoked certificates). - """ - - @abc.abstractmethod - def __iter__(self) -> typing.Iterator[RevokedCertificate]: - """ - Iterator over the revoked certificates - """ - - @abc.abstractmethod - def is_signature_valid( - self, public_key: CertificateIssuerPublicKeyTypes - ) -> bool: - """ - Verifies signature of revocation list against given public key. - """ - - -CertificateRevocationList.register(rust_x509.CertificateRevocationList) +CertificateRevocationList = rust_x509.CertificateRevocationList class CertificateSigningRequest(metaclass=abc.ABCMeta):