flake8 crypto.py
diff --git a/OpenSSL/crypto.py b/OpenSSL/crypto.py
index 845c0c1..9ff2e70 100644
--- a/OpenSSL/crypto.py
+++ b/OpenSSL/crypto.py
@@ -62,6 +62,7 @@
else:
data = _ffi.new("char[]", buffer)
bio = _lib.BIO_new_mem_buf(data, len(buffer))
+
# Keep the memory alive as long as the bio is alive!
def free(bio, ref=data):
return _lib.BIO_free(bio)
@@ -126,7 +127,9 @@
string_timestamp = _ffi.cast('ASN1_STRING*', timestamp)
if _lib.ASN1_STRING_length(string_timestamp) == 0:
return None
- elif _lib.ASN1_STRING_type(string_timestamp) == _lib.V_ASN1_GENERALIZEDTIME:
+ elif (
+ _lib.ASN1_STRING_type(string_timestamp) == _lib.V_ASN1_GENERALIZEDTIME
+ ):
return _ffi.string(_lib.ASN1_STRING_data(string_timestamp))
else:
generalized_timestamp = _ffi.new("ASN1_GENERALIZEDTIME**")
@@ -308,9 +311,9 @@
if lib.Cryptography_HAS_EC:
num_curves = lib.EC_get_builtin_curves(_ffi.NULL, 0)
builtin_curves = _ffi.new('EC_builtin_curve[]', num_curves)
- # The return value on this call should be num_curves again. We could
- # check it to make sure but if it *isn't* then.. what could we do?
- # Abort the whole process, I suppose...? -exarkun
+ # The return value on this call should be num_curves again. We
+ # could check it to make sure but if it *isn't* then.. what could
+ # we do? Abort the whole process, I suppose...? -exarkun
lib.EC_get_builtin_curves(builtin_curves, num_curves)
return set(
cls.from_nid(lib, c.nid)
@@ -436,6 +439,7 @@
:ivar emailAddress: The e-mail address of the entity.
"""
+
def __init__(self, name):
"""
Create a new X509Name, copying the given X509Name instance.
@@ -486,8 +490,8 @@
"""
Find attribute. An X509Name object has the following attributes:
countryName (alias C), stateOrProvince (alias ST), locality (alias L),
- organization (alias O), organizationalUnit (alias OU), commonName (alias
- CN) and more...
+ organization (alias O), organizationalUnit (alias OU), commonName
+ (alias CN) and more...
"""
nid = _lib.OBJ_txt2nid(_byte_string(name))
if nid == _lib.NID_undef:
@@ -516,7 +520,9 @@
_raise_current_error()
try:
- result = _ffi.buffer(result_buffer[0], data_length)[:].decode('utf-8')
+ result = _ffi.buffer(
+ result_buffer[0], data_length
+ )[:].decode('utf-8')
finally:
# XXX untested
_lib.OPENSSL_free(result_buffer[0])
@@ -616,6 +622,7 @@
"""
An X.509 v3 certificate extension.
"""
+
def __init__(self, type_name, critical, value, subject=None, issuer=None):
"""
Initializes an X509 extension.
@@ -624,7 +631,8 @@
http://openssl.org/docs/apps/x509v3_config.html#STANDARD_EXTENSIONS
:type typename: :py:data:`str`
- :param bool critical: A flag indicating whether this is a critical extension.
+ :param bool critical: A flag indicating whether this is a critical
+ extension.
:param value: The value of the extension.
:type value: :py:data:`str`
@@ -637,9 +645,9 @@
"""
ctx = _ffi.new("X509V3_CTX*")
- # A context is necessary for any extension which uses the r2i conversion
- # method. That is, X509V3_EXT_nconf may segfault if passed a NULL ctx.
- # Start off by initializing most of the fields to NULL.
+ # A context is necessary for any extension which uses the r2i
+ # conversion method. That is, X509V3_EXT_nconf may segfault if passed
+ # a NULL ctx. Start off by initializing most of the fields to NULL.
_lib.X509V3_set_ctx(ctx, _ffi.NULL, _ffi.NULL, _ffi.NULL, _ffi.NULL, 0)
# We have no configuration database - but perhaps we should (some
@@ -664,9 +672,9 @@
# separately, but they're harder to use, and since value is already
# a pile of crappy junk smuggling a ton of utterly important
# structured data, what's the point of trying to avoid nasty stuff
- # with strings? (However, X509V3_EXT_i2d in particular seems like it
- # would be a better API to invoke. I do not know where to get the
- # ext_struc it desires for its last parameter, though.)
+ # with strings? (However, X509V3_EXT_i2d in particular seems like
+ # it would be a better API to invoke. I do not know where to get
+ # the ext_struc it desires for its last parameter, though.)
value = b"critical," + value
extension = _lib.X509V3_EXT_nconf(_ffi.NULL, ctx, type_name, value)
@@ -1122,8 +1130,8 @@
bignum_serial = _ffi.new("BIGNUM**")
# BN_hex2bn stores the result in &bignum. Unless it doesn't feel like
- # it. If bignum is still NULL after this call, then the return value is
- # actually the result. I hope. -exarkun
+ # it. If bignum is still NULL after this call, then the return value
+ # is actually the result. I hope. -exarkun
small_serial = _lib.BN_hex2bn(bignum_serial, hex_serial)
if bignum_serial[0] == _ffi.NULL:
@@ -1484,7 +1492,9 @@
"""
Set up the store context for a subsequent verification operation.
"""
- ret = _lib.X509_STORE_CTX_init(self._store_ctx, self._store._store, self._cert._x509, _ffi.NULL)
+ ret = _lib.X509_STORE_CTX_init(
+ self._store_ctx, self._store._store, self._cert._x509, _ffi.NULL
+ )
if ret <= 0:
_raise_current_error()
@@ -1502,14 +1512,14 @@
Convert an OpenSSL native context error failure into a Python
exception.
- When a call to native OpenSSL X509_verify_cert fails, additional information
- about the failure can be obtained from the store context.
+ When a call to native OpenSSL X509_verify_cert fails, additional
+ information about the failure can be obtained from the store context.
"""
errors = [
_lib.X509_STORE_CTX_get_error(self._store_ctx),
_lib.X509_STORE_CTX_get_error_depth(self._store_ctx),
_native(_ffi.string(_lib.X509_verify_cert_error_string(
- _lib.X509_STORE_CTX_get_error(self._store_ctx)))),
+ _lib.X509_STORE_CTX_get_error(self._store_ctx)))),
]
# A context error should always be associated with a certificate, so we
# expect this call to never return :class:`None`.
@@ -1539,8 +1549,8 @@
:param store_ctx: The :py:class:`X509StoreContext` to verify.
:raises X509StoreContextError: If an error occurred when validating a
- certificate in the context. Sets ``certificate`` attribute to indicate
- which certificate caused the error.
+ certificate in the context. Sets ``certificate`` attribute to
+ indicate which certificate caused the error.
"""
# Always re-initialize the store context in case
# :py:meth:`verify_certificate` is called multiple times.
@@ -1824,7 +1834,9 @@
print_result = _lib.X509V3_EXT_print(bio, ext, 0, 0)
if not print_result:
- print_result = _lib.M_ASN1_OCTET_STRING_print(bio, ext.value)
+ print_result = _lib.M_ASN1_OCTET_STRING_print(
+ bio, ext.value
+ )
if print_result == 0:
# TODO: This is untested.
_raise_current_error()
@@ -1978,7 +1990,9 @@
_lib.X509_gmtime_adj(sometime, days * 24 * 60 * 60)
_lib.X509_CRL_set_nextUpdate(self._crl, sometime)
- _lib.X509_CRL_set_issuer_name(self._crl, _lib.X509_get_subject_name(cert._x509))
+ _lib.X509_CRL_set_issuer_name(
+ self._crl, _lib.X509_get_subject_name(cert._x509)
+ )
sign_result = _lib.X509_CRL_sign(self._crl, key._pkey, digest_obj)
if not sign_result:
@@ -1992,7 +2006,9 @@
ret = _lib.X509_CRL_print(bio, self._crl)
else:
raise ValueError(
- "type argument must be FILETYPE_PEM, FILETYPE_ASN1, or FILETYPE_TEXT")
+ "type argument must be FILETYPE_PEM, FILETYPE_ASN1, or "
+ "FILETYPE_TEXT"
+ )
if not ret:
# TODO: This is untested.
@@ -2138,7 +2154,9 @@
cacerts = list(cacerts)
for cert in cacerts:
if not isinstance(cert, X509):
- raise TypeError("iterable must only contain X509 instances")
+ raise TypeError(
+ "iterable must only contain X509 instances"
+ )
self._cacerts = cacerts
def set_friendlyname(self, name):
@@ -2153,7 +2171,9 @@
if name is None:
self._friendlyname = None
elif not isinstance(name, bytes):
- raise TypeError("name must be a byte string or None (not %r)" % (name,))
+ raise TypeError(
+ "name must be a byte string or None (not %r)" % (name,)
+ )
self._friendlyname = name
def get_friendlyname(self):
@@ -2260,7 +2280,9 @@
if digest_obj == _ffi.NULL:
raise ValueError("No such digest method")
- sign_result = _lib.NETSCAPE_SPKI_sign(self._spki, pkey._pkey, digest_obj)
+ sign_result = _lib.NETSCAPE_SPKI_sign(
+ self._spki, pkey._pkey, digest_obj
+ )
if not sign_result:
# TODO: This is untested.
_raise_current_error()
@@ -2330,7 +2352,9 @@
class _PassphraseHelper(object):
def __init__(self, type, passphrase, more_args=False, truncate=False):
if type != FILETYPE_PEM and passphrase is not None:
- raise ValueError("only FILETYPE_PEM key format supports encryption")
+ raise ValueError(
+ "only FILETYPE_PEM key format supports encryption"
+ )
self._passphrase = passphrase
self._more_args = more_args
self._truncate = truncate
@@ -2379,7 +2403,9 @@
if self._truncate:
result = result[:size]
else:
- raise ValueError("passphrase returned by callback is too long")
+ raise ValueError(
+ "passphrase returned by callback is too long"
+ )
for i in range(len(result)):
buf[i] = result[i:i + 1]
return len(result)
@@ -2440,7 +2466,10 @@
elif type == FILETYPE_TEXT:
result_code = _lib.X509_REQ_print_ex(bio, req._req, 0, 0)
else:
- raise ValueError("type argument must be FILETYPE_PEM, FILETYPE_ASN1, or FILETYPE_TEXT")
+ raise ValueError(
+ "type argument must be FILETYPE_PEM, FILETYPE_ASN1, or "
+ "FILETYPE_TEXT"
+ )
if result_code == 0:
# TODO: This is untested.
@@ -2520,7 +2549,8 @@
:param signature: signature returned by sign function
:param data: data to be verified
:param digest: message digest to use
- :return: :py:const:`None` if the signature is correct, raise exception otherwise
+ :return: :py:const:`None` if the signature is correct, raise exception
+ otherwise
"""
data = _text_to_bytes_and_warn("data", data)
@@ -2539,7 +2569,9 @@
_lib.EVP_VerifyInit(md_ctx, digest_obj)
_lib.EVP_VerifyUpdate(md_ctx, data, len(data))
- verify_result = _lib.EVP_VerifyFinal(md_ctx, signature, len(signature), pkey)
+ verify_result = _lib.EVP_VerifyFinal(
+ md_ctx, signature, len(signature), pkey
+ )
if verify_result != 1:
_raise_current_error()
@@ -2663,8 +2695,12 @@
pycert._x509 = _ffi.gc(cert[0], _lib.X509_free)
friendlyname_length = _ffi.new("int*")
- friendlyname_buffer = _lib.X509_alias_get0(cert[0], friendlyname_length)
- friendlyname = _ffi.buffer(friendlyname_buffer, friendlyname_length[0])[:]
+ friendlyname_buffer = _lib.X509_alias_get0(
+ cert[0], friendlyname_length
+ )
+ friendlyname = _ffi.buffer(
+ friendlyname_buffer, friendlyname_length[0]
+ )[:]
if friendlyname_buffer == _ffi.NULL:
friendlyname = None