Apply Black

Author: MatthiasValvekens

Diff for: .github/workflows/lint.yml

@@ -0,0 +1,15 @@
+name: Lint
+
+on: ["push", "pull_request"]
+
+jobs:
+  lint:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - uses: actions/setup-python@v2
+      - run: pip install isort black
+      - name: Check import order
+        run: isort --profile black --line-length 80 --check pyhanko_certvalidator tests
+      - name: Run Black
+        run: black -S --line-length 80 --check pyhanko_certvalidator tests

Diff for: pyhanko_certvalidator/__init__.py

@@ -1,24 +1,23 @@
 import asyncio
 import warnings
-from typing import Optional, Iterable
+from typing import Iterable, Optional
 
 from asn1crypto import x509
 
+from ._types import type_name
 from .context import ValidationContext
+from .errors import InvalidCertificateError, PathBuildingError, ValidationError
 from .policy_decl import PKIXValidationParams
-from .errors import ValidationError, PathBuildingError, InvalidCertificateError
+from .util import pretty_message
 from .validate import async_validate_path, validate_tls_hostname, validate_usage
 from .version import __version__, __version_info__
-from .util import pretty_message
-from ._types import type_name
-
 
 __all__ = [
     '__version__',
     '__version_info__',
     'CertificateValidator',
     'ValidationContext',
-    'PKIXValidationParams'
+    'PKIXValidationParams',
 ]
 
 
@@ -37,11 +36,12 @@ class CertificateValidator:
     _params = None
 
     def __init__(
-            self,
-            end_entity_cert: x509.Certificate,
-            intermediate_certs: Optional[Iterable[x509.Certificate]] = None,
-            validation_context: Optional[ValidationContext] = None,
-            pkix_params: PKIXValidationParams = None):
+        self,
+        end_entity_cert: x509.Certificate,
+        intermediate_certs: Optional[Iterable[x509.Certificate]] = None,
+        validation_context: Optional[ValidationContext] = None,
+        pkix_params: PKIXValidationParams = None,
+    ):
         """
         :param end_entity_cert:
             An asn1crypto.x509.Certificate object X.509 end-entity
@@ -100,31 +100,37 @@ async def _validate_path(self):
         exceptions = []
 
         if self._certificate.hash_algo in self._context.weak_hash_algos:
-            raise InvalidCertificateError(pretty_message(
-                '''
+            raise InvalidCertificateError(
+                pretty_message(
+                    '''
                 The X.509 certificate provided has a signature using the weak
                 hash algorithm %s
                 ''',
-                self._certificate.hash_algo
-            ))
+                    self._certificate.hash_algo,
+                )
+            )
 
         try:
             paths = await self._context.path_builder.async_build_paths(
                 self._certificate
             )
         except PathBuildingError:
             if self._certificate.self_signed in {'yes', 'maybe'}:
-                raise InvalidCertificateError(pretty_message(
-                    '''
+                raise InvalidCertificateError(
+                    pretty_message(
+                        '''
                     The X.509 certificate provided is self-signed - "%s"
                     ''',
-                    self._certificate.subject.human_friendly
-                ))
+                        self._certificate.subject.human_friendly,
+                    )
+                )
             raise
 
         for candidate_path in paths:
             try:
-                await async_validate_path(self._context, candidate_path, self._params)
+                await async_validate_path(
+                    self._context, candidate_path, self._params
+                )
                 self._path = candidate_path
                 return
             except ValidationError as e:
@@ -143,7 +149,9 @@ async def _validate_path(self):
 
         raise exceptions[0]
 
-    def validate_usage(self, key_usage, extended_key_usage=None, extended_optional=False):
+    def validate_usage(
+        self, key_usage, extended_key_usage=None, extended_optional=False
+    ):
         """
         Validates the certificate path and that the certificate is valid for
         the key usage and extended key usage purposes specified.
@@ -202,7 +210,7 @@ def validate_usage(self, key_usage, extended_key_usage=None, extended_optional=F
         warnings.warn(
             "'validate_usage' is deprecated, use "
             "'async_validate_usage' instead",
-            DeprecationWarning
+            DeprecationWarning,
         )
 
         return asyncio.run(
@@ -211,8 +219,9 @@ def validate_usage(self, key_usage, extended_key_usage=None, extended_optional=F
             )
         )
 
-    async def async_validate_usage(self, key_usage, extended_key_usage=None,
-                                   extended_optional=False):
+    async def async_validate_usage(
+        self, key_usage, extended_key_usage=None, extended_optional=False
+    ):
         """
         Validates the certificate path and that the certificate is valid for
         the key usage and extended key usage purposes specified.
@@ -271,7 +280,7 @@ async def async_validate_usage(self, key_usage, extended_key_usage=None,
             self._certificate,
             key_usage,
             extended_key_usage,
-            extended_optional
+            extended_optional,
         )
         return self._path
 
@@ -299,7 +308,7 @@ def validate_tls(self, hostname):
 
         warnings.warn(
             "'validate_tls' is deprecated, use 'async_validate_tls' instead",
-            DeprecationWarning
+            DeprecationWarning,
         )
 
         return asyncio.run(self.async_validate_tls(hostname))

Diff for: pyhanko_certvalidator/_asyncio_compat.py

@@ -1,7 +1,6 @@
+import asyncio
 import contextvars
 import functools
-import asyncio
-
 
 # Used as an alternative for asyncio.to_thread in python <=3.8
 # Repurposed from CPython, used under the terms of the PSL

Diff for: pyhanko_certvalidator/_state.py

@@ -8,10 +8,13 @@
 
 @dataclass
 class ValProcState:
-
-    def __init__(self, *, cert_path_stack: ConsList,
-                 ee_name_override: Optional[str] = None,
-                 is_side_validation: bool = False):
+    def __init__(
+        self,
+        *,
+        cert_path_stack: ConsList,
+        ee_name_override: Optional[str] = None,
+        is_side_validation: bool = False,
+    ):
         if cert_path_stack.head is None:
             raise ValueError("Empty path stack")
         self.index: int = 0
@@ -29,6 +32,7 @@ def path_len(self):
             the root doesn't count.
         """
         from pyhanko_certvalidator.path import ValidationPath
+
         path = self.cert_path_stack.head
         assert isinstance(path, ValidationPath)
         return path.pkix_len
@@ -45,6 +49,7 @@ def check_path_verif_recursion(self, ee_cert: x509.Certificate):
         which could cause a naive implementation to recurse.
         """
         from pyhanko_certvalidator.path import ValidationPath
+
         path: ValidationPath
         for path in self.cert_path_stack:
             cert = path.get_ee_cert_safe()
@@ -65,14 +70,12 @@ def describe_cert(self, def_interm=False, never_def=False):
             result = "certificate"
         elif not self.is_ee_cert:
             prefix &= def_interm
-            result = (
-                f'intermediate certificate {self.index}'
-            )
+            result = f'intermediate certificate {self.index}'
         elif self.ee_name_override is not None:
             result = self.ee_name_override
         else:
             result = 'end-entity certificate'
         if prefix:
             return "the " + result
         else:
-            return result
+            return result

Diff for: pyhanko_certvalidator/asn1_types.py

@@ -1,26 +1,30 @@
 from typing import Optional
 
-from asn1crypto import core, x509, cms
+from asn1crypto import cms, core, x509
 
 __all__ = [
-    'Target', 'TargetCert', 'Targets', 'SequenceOfTargets',
-    'AttrSpec', 'AAControls'
+    'Target',
+    'TargetCert',
+    'Targets',
+    'SequenceOfTargets',
+    'AttrSpec',
+    'AAControls',
 ]
 
 
 class TargetCert(core.Sequence):
     _fields = [
         ('target_certificate', cms.IssuerSerial),
         ('target_name', x509.GeneralName, {'optional': True}),
-        ('cert_digest_info', cms.ObjectDigestInfo, {'optional': True})
+        ('cert_digest_info', cms.ObjectDigestInfo, {'optional': True}),
     ]
 
 
 class Target(core.Choice):
     _alternatives = [
         ('target_name', x509.GeneralName, {'explicit': 0}),
         ('target_group', x509.GeneralName, {'explicit': 1}),
-        ('target_cert', TargetCert, {'explicit': 2})
+        ('target_cert', TargetCert, {'explicit': 2}),
     ]
 
 
@@ -42,7 +46,7 @@ class AAControls(core.Sequence):
         ('path_len_constraint', core.Integer, {'optional': True}),
         ('permitted_attrs', AttrSpec, {'optional': True, 'implicit': 0}),
         ('excluded_attrs', AttrSpec, {'optional': True, 'implicit': 1}),
-        ('permit_unspecified', core.Boolean, {'default': True})
+        ('permit_unspecified', core.Boolean, {'default': True}),
     ]
 
     def accept(self, attr_id: cms.AttCertAttributeType) -> bool:
@@ -60,8 +64,9 @@ def accept(self, attr_id: cms.AttCertAttributeType) -> bool:
         return bool(self['permit_unspecified'])
 
     @classmethod
-    def read_extension_value(cls, cert: x509.Certificate) \
-            -> Optional['AAControls']:
+    def read_extension_value(
+        cls, cert: x509.Certificate
+    ) -> Optional['AAControls']:
         # handle AA controls (not natively supported by asn1crypto, so
         # not available as an attribute).
         try:

Diff for: pyhanko_certvalidator/authority.py

@@ -2,14 +2,14 @@
 from dataclasses import dataclass
 from typing import Optional
 
-from asn1crypto import x509, keys
+from asn1crypto import keys, x509
 
 from .name_trees import process_general_subtrees
 from .policy_decl import PKIXValidationParams
 
-
 # TODO add support for roots that are limited in time?
 
+
 @dataclass(frozen=True)
 class TrustQualifiers:
     """
@@ -103,8 +103,9 @@ class TrustAnchor:
     Equality of trust roots reduces to equality of authorities.
     """
 
-    def __init__(self, authority: Authority,
-                 quals: Optional[TrustQualifiers] = None):
+    def __init__(
+        self, authority: Authority, quals: Optional[TrustQualifiers] = None
+    ):
         self._authority = authority
         self._quals = quals
 
@@ -120,8 +121,10 @@ def trust_qualifiers(self) -> TrustQualifiers:
         return self._quals or TrustQualifiers()
 
     def __eq__(self, other):
-        return isinstance(other, TrustAnchor) \
-               and other._authority == self._authority
+        return (
+            isinstance(other, TrustAnchor)
+            and other._authority == self._authority
+        )
 
     def __hash__(self):
         return hash(self._authority)
@@ -162,9 +165,9 @@ def derive_quals_from_cert(cert: x509.Certificate) -> TrustQualifiers:
     if cert.certificate_policies_value is not None:
         ext_found = True
         policies_val: x509.CertificatePolicies = cert.certificate_policies_value
-        acceptable_policies = frozenset([
-            pol_info['policy_identifier'].dotted for pol_info in policies_val
-        ])
+        acceptable_policies = frozenset(
+            [pol_info['policy_identifier'].dotted for pol_info in policies_val]
+        )
 
     params = None
     if ext_found:
@@ -176,7 +179,7 @@ def derive_quals_from_cert(cert: x509.Certificate) -> TrustQualifiers:
             #  let's assume that they want the policies to be enforced.
             initial_explicit_policy=acceptable_policies is not None,
             initial_permitted_subtrees=permitted_subtrees,
-            initial_excluded_subtrees=excluded_subtrees
+            initial_excluded_subtrees=excluded_subtrees,
         )
 
     return TrustQualifiers(
@@ -191,6 +194,7 @@ class AuthorityWithCert(Authority):
     :param cert:
         The certificate.
     """
+
     def __init__(self, cert: x509.Certificate):
         self._cert = cert
 
@@ -237,9 +241,12 @@ class CertTrustAnchor(TrustAnchor):
         content if explicit ones are not provided. Defaults to ``False``.
     """
 
-    def __init__(self, cert: x509.Certificate,
-                 quals: Optional[TrustQualifiers] = None,
-                 derive_default_quals_from_cert: bool = False):
+    def __init__(
+        self,
+        cert: x509.Certificate,
+        quals: Optional[TrustQualifiers] = None,
+        derive_default_quals_from_cert: bool = False,
+    ):
         authority = AuthorityWithCert(cert)
         self._cert = cert
         super().__init__(authority, quals)