reorder CertificateBuilder sign arguments
diff --git a/docs/x509/reference.rst b/docs/x509/reference.rst
index 799126b..61971fe 100644
--- a/docs/x509/reference.rst
+++ b/docs/x509/reference.rst
@@ -502,15 +502,10 @@
:param critical: Set to ``True`` if the extension must be understood and
handled by whoever reads the certificate.
- .. method:: sign(backend, private_key, algorithm)
+ .. method:: sign(private_key, algorithm, backend)
Sign the certificate using the CA's private key.
- :param backend: Backend that will be used to build the certificate.
- Must support the
- :class:`~cryptography.hazmat.backends.interfaces.X509Backend`
- interface.
-
:param private_key: The
:class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKey`,
:class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPrivateKey` or
@@ -521,6 +516,11 @@
:class:`~cryptography.hazmat.primitives.hashes.HashAlgorithm` that
will be used to generate the signature.
+ :param backend: Backend that will be used to build the certificate.
+ Must support the
+ :class:`~cryptography.hazmat.backends.interfaces.X509Backend`
+ interface.
+
X.509 CSR (Certificate Signing Request) Object
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
diff --git a/src/cryptography/x509.py b/src/cryptography/x509.py
index a831506..f35582b 100644
--- a/src/cryptography/x509.py
+++ b/src/cryptography/x509.py
@@ -1740,7 +1740,7 @@
self._not_valid_after, self._extensions + [extension]
)
- def sign(self, backend, private_key, algorithm):
+ def sign(self, private_key, algorithm, backend):
"""
Signs the certificate using the CA's private key.
"""
diff --git a/tests/test_x509.py b/tests/test_x509.py
index ac20f64..ba35f64 100644
--- a/tests/test_x509.py
+++ b/tests/test_x509.py
@@ -809,7 +809,7 @@
not_valid_after
)
- cert = builder.sign(backend, issuer_private_key, hashes.SHA1())
+ cert = builder.sign(issuer_private_key, hashes.SHA1(), backend)
assert cert.version is x509.Version.v3
assert cert.not_valid_before == not_valid_before
@@ -969,7 +969,7 @@
builder = x509.CertificateBuilder()
with pytest.raises(TypeError):
- builder.sign(backend, private_key, object())
+ builder.sign(private_key, object(), backend)
@pytest.mark.requires_backend_interface(interface=DSABackend)
@pytest.mark.requires_backend_interface(interface=X509Backend)
@@ -981,7 +981,7 @@
builder = x509.CertificateBuilder()
with pytest.raises(NotImplementedError):
- builder.sign(backend, private_key, hashes.SHA512())
+ builder.sign(private_key, hashes.SHA512(), backend)
@pytest.mark.requires_backend_interface(interface=EllipticCurveBackend)
@pytest.mark.requires_backend_interface(interface=X509Backend)
@@ -994,7 +994,7 @@
builder = x509.CertificateBuilder()
with pytest.raises(NotImplementedError):
- builder.sign(backend, private_key, hashes.SHA512())
+ builder.sign(private_key, hashes.SHA512(), backend)
@pytest.mark.requires_backend_interface(interface=DSABackend)
@pytest.mark.requires_backend_interface(interface=X509Backend)
@@ -1027,7 +1027,7 @@
not_valid_after
)
- cert = builder.sign(backend, issuer_private_key, hashes.SHA1())
+ cert = builder.sign(issuer_private_key, hashes.SHA1(), backend)
assert cert.version is x509.Version.v3
assert cert.not_valid_before == not_valid_before
@@ -1076,7 +1076,7 @@
not_valid_after
)
- cert = builder.sign(backend, issuer_private_key, hashes.SHA1())
+ cert = builder.sign(issuer_private_key, hashes.SHA1(), backend)
assert cert.version is x509.Version.v3
assert cert.not_valid_before == not_valid_before
@@ -1117,7 +1117,7 @@
)
with pytest.raises(ValueError):
- builder.sign(backend, issuer_private_key, hashes.SHA512())
+ builder.sign(issuer_private_key, hashes.SHA512(), backend)
@pytest.mark.requires_backend_interface(interface=X509Backend)