Skip to content

Commit

Permalink
Clear out the remaining easy mypy issues in test_crypto.py (#1397)
Browse files Browse the repository at this point in the history
  • Loading branch information
@alex
alex authored Jan 7, 2025
1 parent b698943 commit d3621f5
Showing 1 changed file with 66 additions and 48 deletions.
114 changes: 66 additions & 48 deletions tests/test_crypto.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2457,7 +2457,9 @@ def test_load_locations_parameters(
monkeypatch,
) -> None:
class LibMock:
def load_locations(self, store, cafile, capath):
def load_locations(
self, store: object, cafile: object, capath: object
) -> int:
self.cafile = cafile
self.capath = capath
return 1
Expand Down Expand Up @@ -2489,12 +2491,14 @@ def test_load_locations_raises_error_on_failure(
store.load_locations(cafile=str(invalid_ca_file))


def _runopenssl(pem, *args):
def _runopenssl(pem: bytes, *args: bytes) -> bytes:
"""
Run the command line openssl tool with the given arguments and write
the given PEM to its stdin. Not safe for quotes.
"""
proc = Popen([b"openssl", *list(args)], stdin=PIPE, stdout=PIPE)
assert proc.stdin is not None
assert proc.stdout is not None
proc.stdin.write(pem)
proc.stdin.close()
output = proc.stdout.read()
Expand Down Expand Up @@ -2562,7 +2566,9 @@ def test_load_privatekey_invalid_passphrase_type(self) -> None:
"""
with pytest.raises(TypeError):
load_privatekey(
FILETYPE_PEM, encryptedPrivateKeyPEMPassphrase, object()
FILETYPE_PEM,
encryptedPrivateKeyPEMPassphrase,
object(), # type: ignore[arg-type]
)

def test_load_privatekey_wrongPassphrase(self) -> None:
Expand All @@ -2576,14 +2582,14 @@ def test_load_privatekey_wrongPassphrase(self) -> None:

def test_load_privatekey_passphraseWrongType(self) -> None:
"""
`load_privatekey` raises `ValueError` when it is passeda passphrase
`load_privatekey` raises `ValueError` when it is passed a passphrase
with a private key encoded in a format, that doesn't support
encryption.
"""
key = load_privatekey(FILETYPE_PEM, root_key_pem)
blob = dump_privatekey(FILETYPE_ASN1, key)
with pytest.raises(ValueError):
load_privatekey(FILETYPE_ASN1, blob, "secret")
load_privatekey(FILETYPE_ASN1, blob, b"secret")

def test_load_privatekey_passphrase(self) -> None:
"""
Expand All @@ -2603,7 +2609,7 @@ def test_load_privatekey_passphrase_exception(self) -> None:
raised by `load_privatekey`.
"""

def cb(ignored):
def cb(ignored: object) -> bytes:
raise ArithmeticError

with pytest.raises(ArithmeticError):
Expand All @@ -2615,10 +2621,11 @@ def test_load_privatekey_wrongPassphraseCallback(self) -> None:
is passed an encrypted PEM and a passphrase callback which returns an
incorrect passphrase.
"""
called = []
called = False

def cb(*a):
called.append(None)
def cb(*a: object) -> bytes:
nonlocal called
called = True
return b"quack"

with pytest.raises(Error) as err:
Expand All @@ -2634,7 +2641,7 @@ def test_load_privatekey_passphraseCallback(self) -> None:
"""
called = []

def cb(writing):
def cb(writing: bool) -> bytes:
called.append(writing)
return encryptedPrivateKeyPEMPassphrase

Expand All @@ -2649,7 +2656,9 @@ def test_load_privatekey_passphrase_wrong_return_type(self) -> None:
"""
with pytest.raises(ValueError):
load_privatekey(
FILETYPE_PEM, encryptedPrivateKeyPEM, lambda *args: 3
FILETYPE_PEM,
encryptedPrivateKeyPEM,
lambda *args: 3, # type: ignore[arg-type]
)

def test_dump_privatekey_wrong_args(self) -> None:
Expand All @@ -2674,7 +2683,7 @@ def test_dump_privatekey_not_rsa_key(self) -> None:

def test_dump_privatekey_invalid_pkey(self) -> None:
with pytest.raises(TypeError):
dump_privatekey(FILETYPE_TEXT, object())
dump_privatekey(FILETYPE_TEXT, object()) # type: ignore[arg-type]

def test_dump_privatekey_unknown_cipher(self) -> None:
"""
Expand All @@ -2684,7 +2693,7 @@ def test_dump_privatekey_unknown_cipher(self) -> None:
key = PKey()
key.generate_key(TYPE_RSA, 2048)
with pytest.raises(ValueError):
dump_privatekey(FILETYPE_PEM, key, BAD_CIPHER, "passphrase")
dump_privatekey(FILETYPE_PEM, key, BAD_CIPHER, b"passphrase")

def test_dump_privatekey_invalid_passphrase_type(self) -> None:
"""
Expand All @@ -2694,7 +2703,7 @@ def test_dump_privatekey_invalid_passphrase_type(self) -> None:
key = PKey()
key.generate_key(TYPE_RSA, 2048)
with pytest.raises(TypeError):
dump_privatekey(FILETYPE_PEM, key, GOOD_CIPHER, object())
dump_privatekey(FILETYPE_PEM, key, GOOD_CIPHER, object()) # type: ignore[arg-type]

def test_dump_privatekey_invalid_filetype(self) -> None:
"""
Expand All @@ -2712,8 +2721,8 @@ def test_load_privatekey_passphrase_callback_length(self) -> None:
provided by the callback is too long, not silently truncate it.
"""

def cb(ignored):
return "a" * 1025
def cb(ignored: object) -> bytes:
return b"a" * 1025

with pytest.raises(ValueError):
load_privatekey(FILETYPE_PEM, encryptedPrivateKeyPEM, cb)
Expand All @@ -2739,7 +2748,7 @@ def test_dump_privatekey_passphrase_wrong_type(self) -> None:
"""
key = load_privatekey(FILETYPE_PEM, root_key_pem)
with pytest.raises(ValueError):
dump_privatekey(FILETYPE_ASN1, key, GOOD_CIPHER, "secret")
dump_privatekey(FILETYPE_ASN1, key, GOOD_CIPHER, b"secret")

def test_dump_certificate(self) -> None:
"""
Expand All @@ -2765,7 +2774,7 @@ def test_dump_certificate_bad_type(self) -> None:
"""
cert = load_certificate(FILETYPE_PEM, root_cert_pem)
with pytest.raises(ValueError):
dump_certificate(object(), cert)
dump_certificate(object(), cert) # type: ignore[arg-type]

def test_dump_privatekey_pem(self) -> None:
"""
Expand Down Expand Up @@ -2856,7 +2865,7 @@ def test_dump_privatekey_passphrase_callback(self) -> None:
passphrase = b"foo"
called = []

def cb(writing):
def cb(writing: bool) -> bytes:
called.append(writing)
return passphrase

Expand All @@ -2875,7 +2884,7 @@ def test_dump_privatekey_passphrase_exception(self) -> None:
by the passphrase callback.
"""

def cb(ignored):
def cb(ignored: object) -> bytes:
raise ArithmeticError

key = load_privatekey(FILETYPE_PEM, root_key_pem)
Expand All @@ -2888,8 +2897,8 @@ def test_dump_privatekey_passphraseCallbackLength(self) -> None:
provided by the callback is too long, not silently truncate it.
"""

def cb(ignored):
return "a" * 1025
def cb(ignored: object) -> bytes:
return b"a" * 1025

key = load_privatekey(FILETYPE_PEM, root_key_pem)
with pytest.raises(ValueError):
Expand Down Expand Up @@ -2945,9 +2954,9 @@ def test_bad_file_type(self) -> None:
`FILETYPE_PEM` nor `FILETYPE_ASN1` then `ValueError` is raised.
"""
with pytest.raises(ValueError):
load_certificate_request(object(), b"")
load_certificate_request(object(), b"") # type: ignore[arg-type]
with pytest.raises(ValueError):
load_certificate(object(), b"")
load_certificate(object(), b"") # type: ignore[arg-type]

def test_bad_certificate(self) -> None:
"""
Expand Down Expand Up @@ -2978,7 +2987,9 @@ class TestCRL:
)

@staticmethod
def _make_test_crl_cryptography(issuer_cert, issuer_key, certs=()):
def _make_test_crl_cryptography(
issuer_cert: X509, issuer_key: PKey, certs: list[X509] = []
) -> x509.CertificateRevocationList:
"""
Create a CRL using cryptography's API.
Expand All @@ -2988,9 +2999,7 @@ def _make_test_crl_cryptography(issuer_cert, issuer_key, certs=()):
from cryptography.x509.extensions import CRLReason, ReasonFlags

builder = x509.CertificateRevocationListBuilder()
builder = builder.issuer_name(
X509.to_cryptography(issuer_cert).subject
)
builder = builder.issuer_name(issuer_cert.to_cryptography().subject)
for cert in certs:
revoked = (
x509.RevokedCertificateBuilder()
Expand All @@ -3007,7 +3016,7 @@ def _make_test_crl_cryptography(issuer_cert, issuer_key, certs=()):
builder = builder.next_update(datetime(5000, 6, 1, 0, 0, 0))

crl = builder.sign(
private_key=PKey.to_cryptography_key(issuer_key),
private_key=issuer_key.to_cryptography_key(),
algorithm=hashes.SHA512(),
)
return crl
Expand Down Expand Up @@ -3078,7 +3087,7 @@ def test_valid(self) -> None:
store.add_cert(self.root_cert)
store.add_cert(self.intermediate_cert)
store_ctx = X509StoreContext(store, self.intermediate_server_cert)
assert store_ctx.verify_certificate() is None
assert store_ctx.verify_certificate() is None # type: ignore[func-returns-value]

def test_reuse(self) -> None:
"""
Expand All @@ -3089,8 +3098,8 @@ def test_reuse(self) -> None:
store.add_cert(self.root_cert)
store.add_cert(self.intermediate_cert)
store_ctx = X509StoreContext(store, self.intermediate_server_cert)
assert store_ctx.verify_certificate() is None
assert store_ctx.verify_certificate() is None
assert store_ctx.verify_certificate() is None # type: ignore[func-returns-value]
assert store_ctx.verify_certificate() is None # type: ignore[func-returns-value]

@pytest.mark.parametrize(
"root_cert, chain, verified_cert",
Expand All @@ -3116,12 +3125,12 @@ def test_reuse(self) -> None:
],
)
def test_verify_success_with_chain(
self, root_cert, chain, verified_cert
self, root_cert: X509, chain: list[X509], verified_cert: X509
) -> None:
store = X509Store()
store.add_cert(root_cert)
store_ctx = X509StoreContext(store, verified_cert, chain=chain)
assert store_ctx.verify_certificate() is None
assert store_ctx.verify_certificate() is None # type: ignore[func-returns-value]

def test_valid_untrusted_chain_reuse(self) -> None:
"""
Expand All @@ -3136,8 +3145,8 @@ def test_valid_untrusted_chain_reuse(self) -> None:
store_ctx = X509StoreContext(
store, self.intermediate_server_cert, chain=chain
)
assert store_ctx.verify_certificate() is None
assert store_ctx.verify_certificate() is None
assert store_ctx.verify_certificate() is None # type: ignore[func-returns-value]
assert store_ctx.verify_certificate() is None # type: ignore[func-returns-value]

def test_chain_reference(self) -> None:
"""
Expand All @@ -3153,7 +3162,7 @@ def test_chain_reference(self) -> None:
)

del chain
assert store_ctx.verify_certificate() is None
assert store_ctx.verify_certificate() is None # type: ignore[func-returns-value]

@pytest.mark.parametrize(
"root_cert, chain, verified_cert",
Expand Down Expand Up @@ -3185,7 +3194,7 @@ def test_chain_reference(self) -> None:
],
)
def test_verify_fail_with_chain(
self, root_cert, chain, verified_cert
self, root_cert: X509, chain: list[X509], verified_cert: X509
) -> None:
store = X509Store()
if root_cert:
Expand All @@ -3211,7 +3220,9 @@ def test_verify_fail_with_chain(
),
],
)
def test_untrusted_chain_wrong_args(self, chain, expected_error) -> None:
def test_untrusted_chain_wrong_args(
self, chain: list[X509], expected_error: type[Exception]
) -> None:
"""
Creating ``X509StoreContext`` with wrong chain raises an exception.
"""
Expand Down Expand Up @@ -3245,7 +3256,7 @@ def test_trusted_self_signed(self) -> None:
store = X509Store()
store.add_cert(self.root_cert)
store_ctx = X509StoreContext(store, self.root_cert)
assert store_ctx.verify_certificate() is None
assert store_ctx.verify_certificate() is None # type: ignore[func-returns-value]

def test_untrusted_self_signed(self) -> None:
"""
Expand Down Expand Up @@ -3313,7 +3324,7 @@ def test_modification_pre_verify(self) -> None:
assert exc.value.certificate.get_subject().CN == "intermediate"

store_ctx.set_store(store_good)
assert store_ctx.verify_certificate() is None
assert store_ctx.verify_certificate() is None # type: ignore[func-returns-value]

def test_verify_with_time(self) -> None:
"""
Expand All @@ -3325,6 +3336,7 @@ def test_verify_with_time(self) -> None:
store.add_cert(self.intermediate_cert)

expire_time = self.intermediate_server_cert.get_notAfter()
assert expire_time is not None
expire_datetime = datetime.strptime(
expire_time.decode("utf-8"), "%Y%m%d%H%M%SZ"
)
Expand Down Expand Up @@ -3393,23 +3405,29 @@ def _create_ca_file(
cafile.write_bytes(dump_certificate(FILETYPE_PEM, cacert))
return cafile

def test_verify_with_ca_file_location(self, root_ca_file) -> None:
def test_verify_with_ca_file_location(
self, root_ca_file: pathlib.Path
) -> None:
store = X509Store()
store.load_locations(str(root_ca_file))

store_ctx = X509StoreContext(store, self.intermediate_cert)
store_ctx.verify_certificate()

def test_verify_with_ca_path_location(self, root_ca_file) -> None:
def test_verify_with_ca_path_location(
self, root_ca_file: pathlib.Path
) -> None:
store = X509Store()
store.load_locations(None, str(root_ca_file.parent))

store_ctx = X509StoreContext(store, self.intermediate_cert)
store_ctx.verify_certificate()

def test_verify_with_cafile_and_capath(
self, root_ca_file, intermediate_ca_file
):
self,
root_ca_file: pathlib.Path,
intermediate_ca_file: pathlib.Path,
) -> None:
store = X509Store()
store.load_locations(
cafile=str(root_ca_file), capath=str(intermediate_ca_file.parent)
Expand All @@ -3419,8 +3437,8 @@ def test_verify_with_cafile_and_capath(
store_ctx.verify_certificate()

def test_verify_with_multiple_ca_files(
self, root_ca_file, intermediate_ca_file
):
self, root_ca_file: pathlib.Path, intermediate_ca_file: pathlib.Path
) -> None:
store = X509Store()
store.load_locations(str(root_ca_file))
store.load_locations(str(intermediate_ca_file))
Expand Down Expand Up @@ -3451,7 +3469,7 @@ def test_verify_with_partial_chain(self) -> None:
# Now set the partial verification flag for verification.
store.set_flags(X509StoreFlags.PARTIAL_CHAIN)
store_ctx = X509StoreContext(store, self.intermediate_server_cert)
assert store_ctx.verify_certificate() is None
assert store_ctx.verify_certificate() is None # type: ignore[func-returns-value]


class TestEllipticCurve:
Expand Down

0 comments on commit d3621f5

Please sign in to comment.