Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

remove crl abc #11991

Merged
merged 3 commits into from
Nov 17, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
46 changes: 45 additions & 1 deletion src/cryptography/hazmat/bindings/_rust/x509.pyi
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@ from cryptography.hazmat.primitives import hashes, serialization
from cryptography.hazmat.primitives.asymmetric.ec import ECDSA
from cryptography.hazmat.primitives.asymmetric.padding import PSS, PKCS1v15
from cryptography.hazmat.primitives.asymmetric.types import (
CertificateIssuerPublicKeyTypes,
CertificatePublicKeyTypes,
PrivateKeyTypes,
)
Expand Down Expand Up @@ -103,7 +104,50 @@ class Certificate:
def verify_directly_issued_by(self, issuer: Certificate) -> None: ...

class RevokedCertificate: ...
class CertificateRevocationList: ...

class CertificateRevocationList:
def public_bytes(self, encoding: serialization.Encoding) -> bytes: ...
def fingerprint(self, algorithm: hashes.HashAlgorithm) -> bytes: ...
def get_revoked_certificate_by_serial_number(
self, serial_number: int
) -> RevokedCertificate | None: ...
@property
def signature_hash_algorithm(
self,
) -> hashes.HashAlgorithm | None: ...
@property
def signature_algorithm_oid(self) -> x509.ObjectIdentifier: ...
@property
def signature_algorithm_parameters(
self,
) -> None | PSS | PKCS1v15 | ECDSA: ...
@property
def issuer(self) -> x509.Name: ...
@property
def next_update(self) -> datetime.datetime | None: ...
@property
def next_update_utc(self) -> datetime.datetime | None: ...
@property
def last_update(self) -> datetime.datetime: ...
@property
def last_update_utc(self) -> datetime.datetime: ...
@property
def extensions(self) -> x509.Extensions: ...
@property
def signature(self) -> bytes: ...
@property
def tbs_certlist_bytes(self) -> bytes: ...
def __eq__(self, other: object) -> bool: ...
def __len__(self) -> int: ...
@typing.overload
def __getitem__(self, idx: int) -> x509.RevokedCertificate: ...
@typing.overload
def __getitem__(self, idx: slice) -> list[x509.RevokedCertificate]: ...
def __iter__(self) -> typing.Iterator[x509.RevokedCertificate]: ...
def is_signature_valid(
self, public_key: CertificateIssuerPublicKeyTypes
) -> bool: ...

class CertificateSigningRequest: ...

class PolicyBuilder:
Expand Down
150 changes: 1 addition & 149 deletions src/cryptography/x509/base.py
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,6 @@
)
from cryptography.hazmat.primitives.asymmetric.types import (
CertificateIssuerPrivateKeyTypes,
CertificateIssuerPublicKeyTypes,
CertificatePublicKeyTypes,
)
from cryptography.x509.extensions import (
Expand Down Expand Up @@ -232,154 +231,7 @@ def extensions(self) -> Extensions:
return self._extensions


class CertificateRevocationList(metaclass=abc.ABCMeta):
@abc.abstractmethod
def public_bytes(self, encoding: serialization.Encoding) -> bytes:
"""
Serializes the CRL to PEM or DER format.
"""

@abc.abstractmethod
def fingerprint(self, algorithm: hashes.HashAlgorithm) -> bytes:
"""
Returns bytes using digest passed.
"""

@abc.abstractmethod
def get_revoked_certificate_by_serial_number(
self, serial_number: int
) -> RevokedCertificate | None:
"""
Returns an instance of RevokedCertificate or None if the serial_number
is not in the CRL.
"""

@property
@abc.abstractmethod
def signature_hash_algorithm(
self,
) -> hashes.HashAlgorithm | None:
"""
Returns a HashAlgorithm corresponding to the type of the digest signed
in the certificate.
"""

@property
@abc.abstractmethod
def signature_algorithm_oid(self) -> ObjectIdentifier:
"""
Returns the ObjectIdentifier of the signature algorithm.
"""

@property
@abc.abstractmethod
def signature_algorithm_parameters(
self,
) -> None | padding.PSS | padding.PKCS1v15 | ec.ECDSA:
"""
Returns the signature algorithm parameters.
"""

@property
@abc.abstractmethod
def issuer(self) -> Name:
"""
Returns the X509Name with the issuer of this CRL.
"""

@property
@abc.abstractmethod
def next_update(self) -> datetime.datetime | None:
"""
Returns the date of next update for this CRL.
"""

@property
@abc.abstractmethod
def next_update_utc(self) -> datetime.datetime | None:
"""
Returns the date of next update for this CRL as a non-naive UTC
datetime.
"""

@property
@abc.abstractmethod
def last_update(self) -> datetime.datetime:
"""
Returns the date of last update for this CRL.
"""

@property
@abc.abstractmethod
def last_update_utc(self) -> datetime.datetime:
"""
Returns the date of last update for this CRL as a non-naive UTC
datetime.
"""

@property
@abc.abstractmethod
def extensions(self) -> Extensions:
"""
Returns an Extensions object containing a list of CRL extensions.
"""

@property
@abc.abstractmethod
def signature(self) -> bytes:
"""
Returns the signature bytes.
"""

@property
@abc.abstractmethod
def tbs_certlist_bytes(self) -> bytes:
"""
Returns the tbsCertList payload bytes as defined in RFC 5280.
"""

@abc.abstractmethod
def __eq__(self, other: object) -> bool:
"""
Checks equality.
"""

@abc.abstractmethod
def __len__(self) -> int:
"""
Number of revoked certificates in the CRL.
"""

@typing.overload
def __getitem__(self, idx: int) -> RevokedCertificate: ...

@typing.overload
def __getitem__(self, idx: slice) -> list[RevokedCertificate]: ...

@abc.abstractmethod
def __getitem__(
self, idx: int | slice
) -> RevokedCertificate | list[RevokedCertificate]:
"""
Returns a revoked certificate (or slice of revoked certificates).
"""

@abc.abstractmethod
def __iter__(self) -> typing.Iterator[RevokedCertificate]:
"""
Iterator over the revoked certificates
"""

@abc.abstractmethod
def is_signature_valid(
self, public_key: CertificateIssuerPublicKeyTypes
) -> bool:
"""
Verifies signature of revocation list against given public key.
"""


CertificateRevocationList.register(rust_x509.CertificateRevocationList)
CertificateRevocationList = rust_x509.CertificateRevocationList


class CertificateSigningRequest(metaclass=abc.ABCMeta):
Expand Down