66import collections
77import contextlib
88import itertools
9+ import typing
910import warnings
1011from contextlib import contextmanager
1112
1819 encode_der ,
1920 encode_der_integer ,
2021)
22+ from cryptography .hazmat ._types import _PRIVATE_KEY_TYPES
2123from cryptography .hazmat .backends .interfaces import Backend as BackendInterface
2224from cryptography .hazmat .backends .openssl import aead
2325from cryptography .hazmat .backends .openssl .ciphers import _CipherContext
137139from cryptography .hazmat .primitives .kdf import scrypt
138140from cryptography .hazmat .primitives .serialization import pkcs7 , ssh
139141from cryptography .x509 import ocsp
142+ from cryptography .x509 .name import Name
140143
141144
142145_MemoryBIO = collections .namedtuple ("_MemoryBIO" , ["bio" , "char_ptr" ])
@@ -895,7 +898,12 @@ def _x509_check_signature_params(self, private_key, algorithm):
895898 "MD5 hash algorithm is only supported with RSA keys"
896899 )
897900
898- def create_x509_csr (self , builder , private_key , algorithm ):
901+ def create_x509_csr (
902+ self ,
903+ builder : x509 .CertificateSigningRequestBuilder ,
904+ private_key : _PRIVATE_KEY_TYPES ,
905+ algorithm : typing .Optional [hashes .HashAlgorithm ],
906+ ) -> _CertificateSigningRequest :
899907 if not isinstance (builder , x509 .CertificateSigningRequestBuilder ):
900908 raise TypeError ("Builder type mismatch." )
901909 self ._x509_check_signature_params (private_key , algorithm )
@@ -920,7 +928,9 @@ def create_x509_csr(self, builder, private_key, algorithm):
920928
921929 # Set subject public key.
922930 public_key = private_key .public_key ()
923- res = self ._lib .X509_REQ_set_pubkey (x509_req , public_key ._evp_pkey )
931+ res = self ._lib .X509_REQ_set_pubkey (
932+ x509_req , public_key ._evp_pkey # type: ignore[union-attr]
933+ )
924934 self .openssl_assert (res == 1 )
925935
926936 # Add extensions.
@@ -960,16 +970,25 @@ def create_x509_csr(self, builder, private_key, algorithm):
960970 self .openssl_assert (res == 1 )
961971
962972 # Sign the request using the requester's private key.
963- res = self ._lib .X509_REQ_sign (x509_req , private_key ._evp_pkey , evp_md )
973+ res = self ._lib .X509_REQ_sign (
974+ x509_req , private_key ._evp_pkey , evp_md # type: ignore[union-attr]
975+ )
964976 if res == 0 :
965977 errors = self ._consume_errors_with_text ()
966978 raise ValueError ("Signing failed" , errors )
967979
968980 return _CertificateSigningRequest (self , x509_req )
969981
970- def create_x509_certificate (self , builder , private_key , algorithm ):
982+ def create_x509_certificate (
983+ self ,
984+ builder : x509 .CertificateBuilder ,
985+ private_key : _PRIVATE_KEY_TYPES ,
986+ algorithm : typing .Optional [hashes .HashAlgorithm ],
987+ ) -> _Certificate :
971988 if not isinstance (builder , x509 .CertificateBuilder ):
972989 raise TypeError ("Builder type mismatch." )
990+ if builder ._public_key is None :
991+ raise TypeError ("Builder has no public key." )
973992 self ._x509_check_signature_params (private_key , algorithm )
974993
975994 # Resolve the signature algorithm.
@@ -1027,7 +1046,11 @@ def create_x509_certificate(self, builder, private_key, algorithm):
10271046 self .openssl_assert (res == 1 )
10281047
10291048 # Sign the certificate with the issuer's private key.
1030- res = self ._lib .X509_sign (x509_cert , private_key ._evp_pkey , evp_md )
1049+ res = self ._lib .X509_sign (
1050+ x509_cert ,
1051+ private_key ._evp_pkey , # type: ignore[union-attr]
1052+ evp_md ,
1053+ )
10311054 if res == 0 :
10321055 errors = self ._consume_errors_with_text ()
10331056 raise ValueError ("Signing failed" , errors )
@@ -1058,7 +1081,12 @@ def _create_asn1_time(self, time):
10581081 self ._set_asn1_time (asn1_time , time )
10591082 return asn1_time
10601083
1061- def create_x509_crl (self , builder , private_key , algorithm ):
1084+ def create_x509_crl (
1085+ self ,
1086+ builder : x509 .CertificateRevocationListBuilder ,
1087+ private_key : _PRIVATE_KEY_TYPES ,
1088+ algorithm : typing .Optional [hashes .HashAlgorithm ],
1089+ ) -> _CertificateRevocationList :
10621090 if not isinstance (builder , x509 .CertificateRevocationListBuilder ):
10631091 raise TypeError ("Builder type mismatch." )
10641092 self ._x509_check_signature_params (private_key , algorithm )
@@ -1109,7 +1137,9 @@ def create_x509_crl(self, builder, private_key, algorithm):
11091137 res = self ._lib .X509_CRL_add0_revoked (x509_crl , revoked )
11101138 self .openssl_assert (res == 1 )
11111139
1112- res = self ._lib .X509_CRL_sign (x509_crl , private_key ._evp_pkey , evp_md )
1140+ res = self ._lib .X509_CRL_sign (
1141+ x509_crl , private_key ._evp_pkey , evp_md # type: ignore[union-attr]
1142+ )
11131143 if res == 0 :
11141144 errors = self ._consume_errors_with_text ()
11151145 raise ValueError ("Signing failed" , errors )
@@ -1170,7 +1200,9 @@ def _create_x509_extension(self, handlers, extension):
11701200 nid , 1 if extension .critical else 0 , ext_struct
11711201 )
11721202
1173- def create_x509_revoked_certificate (self , builder ):
1203+ def create_x509_revoked_certificate (
1204+ self , builder : x509 .RevokedCertificateBuilder
1205+ ) -> _RevokedCertificate :
11741206 if not isinstance (builder , x509 .RevokedCertificateBuilder ):
11751207 raise TypeError ("Builder type mismatch." )
11761208
@@ -1316,7 +1348,7 @@ def load_der_parameters(self, data):
13161348
13171349 self ._handle_key_loading_error ()
13181350
1319- def load_pem_x509_certificate (self , data ) :
1351+ def load_pem_x509_certificate (self , data : bytes ) -> _Certificate :
13201352 mem_bio = self ._bytes_to_bio (data )
13211353 x509 = self ._lib .PEM_read_bio_X509 (
13221354 mem_bio .bio , self ._ffi .NULL , self ._ffi .NULL , self ._ffi .NULL
@@ -1332,7 +1364,7 @@ def load_pem_x509_certificate(self, data):
13321364 x509 = self ._ffi .gc (x509 , self ._lib .X509_free )
13331365 return _Certificate (self , x509 )
13341366
1335- def load_der_x509_certificate (self , data ) :
1367+ def load_der_x509_certificate (self , data : bytes ) -> _Certificate :
13361368 mem_bio = self ._bytes_to_bio (data )
13371369 x509 = self ._lib .d2i_X509_bio (mem_bio .bio , self ._ffi .NULL )
13381370 if x509 == self ._ffi .NULL :
@@ -1342,7 +1374,7 @@ def load_der_x509_certificate(self, data):
13421374 x509 = self ._ffi .gc (x509 , self ._lib .X509_free )
13431375 return _Certificate (self , x509 )
13441376
1345- def load_pem_x509_crl (self , data ) :
1377+ def load_pem_x509_crl (self , data : bytes ) -> _CertificateRevocationList :
13461378 mem_bio = self ._bytes_to_bio (data )
13471379 x509_crl = self ._lib .PEM_read_bio_X509_CRL (
13481380 mem_bio .bio , self ._ffi .NULL , self ._ffi .NULL , self ._ffi .NULL
@@ -1358,7 +1390,7 @@ def load_pem_x509_crl(self, data):
13581390 x509_crl = self ._ffi .gc (x509_crl , self ._lib .X509_CRL_free )
13591391 return _CertificateRevocationList (self , x509_crl )
13601392
1361- def load_der_x509_crl (self , data ) :
1393+ def load_der_x509_crl (self , data : bytes ) -> _CertificateRevocationList :
13621394 mem_bio = self ._bytes_to_bio (data )
13631395 x509_crl = self ._lib .d2i_X509_CRL_bio (mem_bio .bio , self ._ffi .NULL )
13641396 if x509_crl == self ._ffi .NULL :
@@ -1368,7 +1400,7 @@ def load_der_x509_crl(self, data):
13681400 x509_crl = self ._ffi .gc (x509_crl , self ._lib .X509_CRL_free )
13691401 return _CertificateRevocationList (self , x509_crl )
13701402
1371- def load_pem_x509_csr (self , data ) :
1403+ def load_pem_x509_csr (self , data : bytes ) -> _CertificateSigningRequest :
13721404 mem_bio = self ._bytes_to_bio (data )
13731405 x509_req = self ._lib .PEM_read_bio_X509_REQ (
13741406 mem_bio .bio , self ._ffi .NULL , self ._ffi .NULL , self ._ffi .NULL
@@ -1384,7 +1416,7 @@ def load_pem_x509_csr(self, data):
13841416 x509_req = self ._ffi .gc (x509_req , self ._lib .X509_REQ_free )
13851417 return _CertificateSigningRequest (self , x509_req )
13861418
1387- def load_der_x509_csr (self , data ) :
1419+ def load_der_x509_csr (self , data : bytes ) -> _CertificateSigningRequest :
13881420 mem_bio = self ._bytes_to_bio (data )
13891421 x509_req = self ._lib .d2i_X509_REQ_bio (mem_bio .bio , self ._ffi .NULL )
13901422 if x509_req == self ._ffi .NULL :
@@ -2200,7 +2232,7 @@ def dh_parameters_supported(self, p, g, q=None):
22002232 def dh_x942_serialization_supported (self ):
22012233 return self ._lib .Cryptography_HAS_EVP_PKEY_DHX == 1
22022234
2203- def x509_name_bytes (self , name ) :
2235+ def x509_name_bytes (self , name : Name ) -> bytes :
22042236 x509_name = _encode_name_gc (self , name )
22052237 pp = self ._ffi .new ("unsigned char **" )
22062238 res = self ._lib .i2d_X509_NAME (x509_name , pp )
0 commit comments