Add more stubs for cryptography (#3307)

third_party/2and3/cryptography/__init__.pyi

@@ -1,3 +0,0 @@
-from typing import Any
-
-def __getattr__(name: str) -> Any: ...

third_party/2and3/cryptography/exceptions.pyi

@@ -0,0 +1,7 @@
+class AlreadyFinalized(Exception): ...
+class AlreadyUpdated(Exception): ...
+class InvalidKey(Exception): ...
+class InvalidSignature(Exception): ...
+class InvalidTag(Exception): ...
+class NotYetFinalized(Exception): ...
+class UnsupportedAlgorithm(Exception): ...

third_party/2and3/cryptography/fernet.pyi

@@ -0,0 +1,17 @@
+from typing import List, Optional
+
+class InvalidToken(Exception): ...
+
+class Fernet(object):
+    def __init__(self, key: bytes) -> None: ...
+    def decrypt(self, token: bytes, ttl: Optional[int] = ...) -> bytes: ...
+    def encrypt(self, data: bytes) -> bytes: ...
+    def extract_timestamp(self, token: bytes) -> int: ...
+    @classmethod
+    def generate_key(cls) -> bytes: ...
+
+class MultiFernet(object):
+    def __init__(self, fernets: List[Fernet]) -> None: ...
+    def decrypt(self, token: bytes, ttl: Optional[int] = ...) -> bytes: ...
+    def encrypt(self, data: bytes) -> bytes: ...
+    def rotate(self, msg: bytes) -> bytes: ...

third_party/2and3/cryptography/hazmat/backends/__init__.pyi

@@ -0,0 +1,3 @@
+from typing import Any
+
+def default_backend() -> Any: ...

third_party/2and3/cryptography/hazmat/backends/interfaces.pyi

@@ -0,0 +1,196 @@
+from abc import ABCMeta, abstractmethod
+from typing import Any, Optional, Union
+
+from cryptography.hazmat.primitives.asymmetric.dh import (
+    DHParameterNumbers,
+    DHParameters,
+    DHPrivateKey,
+    DHPrivateNumbers,
+    DHPublicKey,
+    DHPublicNumbers,
+)
+from cryptography.hazmat.primitives.asymmetric.dsa import (
+    DSAParameterNumbers,
+    DSAParameters,
+    DSAPrivateKey,
+    DSAPrivateNumbers,
+    DSAPublicKey,
+    DSAPublicNumbers,
+)
+from cryptography.hazmat.primitives.asymmetric.ec import (
+    EllipticCurve,
+    EllipticCurvePrivateKey,
+    EllipticCurvePrivateNumbers,
+    EllipticCurvePublicKey,
+    EllipticCurvePublicNumbers,
+    EllipticCurveSignatureAlgorithm,
+)
+from cryptography.hazmat.primitives.asymmetric.padding import AsymmetricPadding
+from cryptography.hazmat.primitives.asymmetric.rsa import RSAPrivateKey, RSAPrivateNumbers, RSAPublicKey, RSAPublicNumbers
+from cryptography.hazmat.primitives.ciphers import BlockCipherAlgorithm, CipherAlgorithm, CipherContext
+from cryptography.hazmat.primitives.ciphers.modes import Mode
+from cryptography.hazmat.primitives.hashes import HashAlgorithm, HashContext
+from cryptography.x509 import (
+    Certificate,
+    CertificateBuilder,
+    CertificateRevocationList,
+    CertificateRevocationListBuilder,
+    CertificateSigningRequest,
+    CertificateSigningRequestBuilder,
+    Name,
+    RevokedCertificate,
+    RevokedCertificateBuilder,
+)
+
+class CipherBackend(metaclass=ABCMeta):
+    @abstractmethod
+    def cipher_supported(self, cipher: CipherAlgorithm, mode: Mode) -> bool: ...
+    @abstractmethod
+    def create_symmetric_encryption_ctx(self, cipher: CipherAlgorithm, mode: Mode) -> CipherContext: ...
+    @abstractmethod
+    def create_symmetric_decryption_ctx(self, cipher: CipherAlgorithm, mode: Mode) -> CipherContext: ...
+
+class CMACBackend(metaclass=ABCMeta):
+    @abstractmethod
+    def cmac_algorithm_supported(self, algorithm: BlockCipherAlgorithm) -> bool: ...
+    @abstractmethod
+    def create_cmac_ctx(self, algorithm: BlockCipherAlgorithm) -> Any: ...
+
+class DERSerializationBackend(metaclass=ABCMeta):
+    @abstractmethod
+    def load_der_parameters(self, data: bytes) -> Any: ...
+    @abstractmethod
+    def load_der_private_key(self, data: bytes, password: Optional[bytes]) -> Any: ...
+    @abstractmethod
+    def load_der_public_key(self, data: bytes) -> Any: ...
+
+class DHBackend(metaclass=ABCMeta):
+    @abstractmethod
+    def dh_parameters_supported(self, p: int, g: int, q: Optional[int]) -> bool: ...
+    @abstractmethod
+    def dh_x942_serialization_supported(self) -> bool: ...
+    @abstractmethod
+    def generate_dh_parameters(self, generator: int, key_size: int) -> DHParameters: ...
+    @abstractmethod
+    def generate_dh_private_key(self, parameters: DHParameters) -> DHPrivateKey: ...
+    @abstractmethod
+    def generate_dh_private_key_and_parameters(self, generator: int, key_size: int) -> DHPrivateKey: ...
+    @abstractmethod
+    def load_dh_parameter_numbers(self, numbers: DHParameterNumbers) -> DHParameters: ...
+    @abstractmethod
+    def load_dh_private_numbers(self, numbers: DHPrivateNumbers) -> DHPrivateKey: ...
+    @abstractmethod
+    def load_dh_public_numbers(self, numbers: DHPublicNumbers) -> DHPublicKey: ...
+
+class DSABackend(metaclass=ABCMeta):
+    @abstractmethod
+    def dsa_hash_supported(self, algorithm: HashAlgorithm) -> bool: ...
+    @abstractmethod
+    def dsa_parameters_supported(self, p: int, q: int, g: int) -> bool: ...
+    @abstractmethod
+    def generate_dsa_parameters(self, key_size: int) -> DSAParameters: ...
+    @abstractmethod
+    def generate_dsa_private_key(self, parameters: DSAParameters) -> DSAPrivateKey: ...
+    @abstractmethod
+    def generate_dsa_private_key_and_parameters(self, key_size: int) -> DSAPrivateKey: ...
+    @abstractmethod
+    def load_dsa_parameter_numbers(self, numbers: DSAParameterNumbers) -> DSAParameters: ...
+    @abstractmethod
+    def load_dsa_private_numbers(self, numbers: DSAPrivateNumbers) -> DSAPrivateKey: ...
+    @abstractmethod
+    def load_dsa_public_numbers(self, numbers: DSAPublicNumbers) -> DSAPublicKey: ...
+
+class EllipticCurveBackend(metaclass=ABCMeta):
+    @abstractmethod
+    def derive_elliptic_curve_private_key(self, private_value: int, curve: EllipticCurve) -> EllipticCurvePrivateKey: ...
+    @abstractmethod
+    def elliptic_curve_signature_algorithm_supported(
+        self, signature_algorithm: EllipticCurveSignatureAlgorithm, curve: EllipticCurve
+    ) -> bool: ...
+    @abstractmethod
+    def elliptic_curve_supported(self, curve: EllipticCurve) -> bool: ...
+    @abstractmethod
+    def generate_elliptic_curve_private_key(self, curve: EllipticCurve) -> EllipticCurvePrivateKey: ...
+    @abstractmethod
+    def load_elliptic_curve_private_numbers(self, numbers: EllipticCurvePrivateNumbers) -> EllipticCurvePrivateKey: ...
+    @abstractmethod
+    def load_elliptic_curve_public_numbers(self, numbers: EllipticCurvePublicNumbers) -> EllipticCurvePublicKey: ...
+
+class HMACBackend(metaclass=ABCMeta):
+    @abstractmethod
+    def create_hmac_ctx(self, key: bytes, algorithm: HashAlgorithm) -> HashContext: ...
+    @abstractmethod
+    def cmac_algorithm_supported(self, algorithm: HashAlgorithm) -> bool: ...
+
+class HashBackend(metaclass=ABCMeta):
+    @abstractmethod
+    def create_hash_ctx(self, algorithm: HashAlgorithm) -> HashContext: ...
+    @abstractmethod
+    def hash_supported(self, algorithm: HashAlgorithm) -> bool: ...
+
+class PBKDF2HMACBackend(metaclass=ABCMeta):
+    @abstractmethod
+    def derive_pbkdf2_hmac(
+        self, algorithm: HashAlgorithm, length: int, salt: bytes, iterations: int, key_material: bytes
+    ) -> bytes: ...
+    @abstractmethod
+    def pbkdf2_hmac_supported(self, algorithm: HashAlgorithm) -> bool: ...
+
+class PEMSerializationBackend(metaclass=ABCMeta):
+    @abstractmethod
+    def load_pem_parameters(self, data: bytes) -> Any: ...
+    @abstractmethod
+    def load_pem_private_key(self, data: bytes, password: Optional[bytes]) -> Any: ...
+    @abstractmethod
+    def load_pem_public_key(self, data: bytes) -> Any: ...
+
+class RSABackend(metaclass=ABCMeta):
+    @abstractmethod
+    def generate_rsa_parameters_supported(self, public_exponent: int, key_size: int) -> bool: ...
+    @abstractmethod
+    def generate_rsa_private_key(self, public_exponent: int, key_size: int) -> RSAPrivateKey: ...
+    @abstractmethod
+    def load_rsa_public_numbers(self, numbers: RSAPublicNumbers) -> RSAPublicKey: ...
+    @abstractmethod
+    def load_rsa_private_numbers(self, numbers: RSAPrivateNumbers) -> RSAPrivateKey: ...
+    @abstractmethod
+    def rsa_padding_supported(self, padding: AsymmetricPadding) -> bool: ...
+
+class ScryptBackend(metaclass=ABCMeta):
+    @abstractmethod
+    def derive_scrypt(self, key_material: bytes, salt: bytes, length: int, n: int, r: int, p: int) -> bytes: ...
+
+class X509Backend(metaclass=ABCMeta):
+    @abstractmethod
+    def create_x509_certificate(
+        self,
+        builder: CertificateBuilder,
+        private_key: Union[DSAPrivateKey, EllipticCurvePrivateKey, RSAPrivateKey],
+        algorithm: HashAlgorithm,
+    ) -> Certificate: ...
+    @abstractmethod
+    def create_x509_crl(
+        self,
+        builder: CertificateRevocationListBuilder,
+        private_key: Union[DSAPrivateKey, EllipticCurvePrivateKey, RSAPrivateKey],
+        algorithm: HashAlgorithm,
+    ) -> CertificateRevocationList: ...
+    @abstractmethod
+    def create_x509_csr(
+        self,
+        builder: CertificateSigningRequestBuilder,
+        private_key: Union[DSAPrivateKey, EllipticCurvePrivateKey, RSAPrivateKey],
+        algorithm: HashAlgorithm,
+    ) -> CertificateSigningRequest: ...
+    @abstractmethod
+    def create_x509_revoked_certificate(self, builder: RevokedCertificateBuilder) -> RevokedCertificate: ...
+    @abstractmethod
+    def load_der_x509_certificate(self, data: bytes) -> Certificate: ...
+    @abstractmethod
+    def load_der_x509_csr(self, data: bytes) -> CertificateSigningRequest: ...
+    @abstractmethod
+    def load_pem_x509_certificate(self, data: bytes) -> Certificate: ...
+    @abstractmethod
+    def load_pem_x509_csr(self, data: bytes) -> CertificateSigningRequest: ...
+    @abstractmethod
+    def x509_name_bytes(self, name: Name) -> bytes: ...

third_party/2and3/cryptography/hazmat/bindings/openssl/binding.pyi

@@ -0,0 +1,6 @@
+from typing import Any, Optional
+
+class Binding(object):
+    ffi: Optional[Any]
+    lib: Optional[Any]
+    def init_static_locks(self) -> None: ...

third_party/2and3/cryptography/hazmat/primitives/asymmetric/dh.pyi

@@ -0,0 +1,77 @@
+from abc import ABCMeta, abstractmethod
+from typing import Optional
+
+from cryptography.hazmat.backends.interfaces import DHBackend
+from cryptography.hazmat.primitives.serialization import (
+    Encoding,
+    KeySerializationEncryption,
+    ParameterFormat,
+    PrivateFormat,
+    PublicFormat,
+)
+
+class DHParameters(metaclass=ABCMeta):
+    @abstractmethod
+    def generate_private_key(self) -> DHPrivateKey: ...
+    @abstractmethod
+    def parameter_bytes(self, encoding: Encoding, format: ParameterFormat) -> bytes: ...
+    @abstractmethod
+    def parameter_numbers(self) -> DHParameterNumbers: ...
+
+DHParametersWithSerialization = DHParameters
+
+class DHParameterNumbers(object):
+    @property
+    def p(self) -> int: ...
+    @property
+    def g(self) -> int: ...
+    @property
+    def q(self) -> int: ...
+    def __init__(self, p: int, g: int, q: Optional[int]) -> None: ...
+    def parameters(self, backend: DHBackend) -> DHParameters: ...
+
+class DHPrivateKey(metaclass=ABCMeta):
+    key_size: int
+    @abstractmethod
+    def exchange(self, peer_public_key: DHPublicKey) -> bytes: ...
+    @abstractmethod
+    def parameters(self) -> DHParameters: ...
+    @abstractmethod
+    def public_key(self) -> DHPublicKey: ...
+
+class DHPrivateKeyWithSerialization(DHPrivateKey):
+    @abstractmethod
+    def private_bytes(
+        self, encoding: Encoding, format: PrivateFormat, encryption_algorithm: KeySerializationEncryption
+    ) -> bytes: ...
+    @abstractmethod
+    def private_numbers(self) -> DHPrivateNumbers: ...
+
+class DHPrivateNumbers(object):
+    @property
+    def public_numbers(self) -> DHPublicNumbers: ...
+    @property
+    def x(self) -> int: ...
+    def __init__(self, x: int, public_numbers: DHPublicNumbers) -> None: ...
+    def private_key(self, backend: DHBackend) -> DHPrivateKey: ...
+
+class DHPublicKey(metaclass=ABCMeta):
+    @property
+    @abstractmethod
+    def key_size(self) -> int: ...
+    @abstractmethod
+    def parameters(self) -> DHParameters: ...
+    @abstractmethod
+    def public_bytes(self, encoding: Encoding, format: PublicFormat) -> bytes: ...
+    @abstractmethod
+    def public_numbers(self) -> DHPublicNumbers: ...
+
+DHPublicKeyWithSerialization = DHPublicKey
+
+class DHPublicNumbers(object):
+    @property
+    def parameter_numbers(self) -> DHParameterNumbers: ...
+    @property
+    def y(self) -> int: ...
+    def __init__(self, y: int, parameter_numbers: DHParameterNumbers) -> None: ...
+    def public_key(self, backend: DHBackend) -> DHPublicKey: ...

third_party/2and3/cryptography/hazmat/primitives/asymmetric/dsa.pyi

@@ -1,4 +1,75 @@
-# Minimal stub expressing only the classes required by OpenSSL.crypto.
+from abc import ABCMeta, abstractmethod
 
-class DSAPrivateKey: ...
-class DSAPublicKey: ...
+from cryptography.hazmat.backends.interfaces import DSABackend
+from cryptography.hazmat.primitives.asymmetric.padding import AsymmetricPadding
+from cryptography.hazmat.primitives.hashes import HashAlgorithm
+from cryptography.hazmat.primitives.serialization import Encoding, KeySerializationEncryption, PrivateFormat, PublicFormat
+
+class DSAParameters(metaclass=ABCMeta):
+    @abstractmethod
+    def generate_private_key(self) -> DSAPrivateKey: ...
+
+class DSAParametersWithNumbers(DSAParameters):
+    @abstractmethod
+    def parameter_numbers(self) -> DSAParameterNumbers: ...
+
+class DSAParameterNumbers(object):
+    @property
+    def p(self) -> int: ...
+    @property
+    def q(self) -> int: ...
+    @property
+    def g(self) -> int: ...
+    def __init__(self, p: int, q: int, g: int) -> None: ...
+    def parameters(self, backend: DSABackend) -> DSAParameters: ...
+
+class DSAPrivateKey(metaclass=ABCMeta):
+    @property
+    @abstractmethod
+    def key_size(self) -> int: ...
+    @abstractmethod
+    def parameters(self) -> DSAParameters: ...
+    @abstractmethod
+    def public_key(self) -> DSAPublicKey: ...
+    @abstractmethod
+    def sign(self, data: bytes, algorithm: HashAlgorithm) -> bytes: ...
+
+class DSAPrivateKeyWithSerialization(DSAPrivateKey):
+    @abstractmethod
+    def private_bytes(
+        self, encoding: Encoding, format: PrivateFormat, encryption_algorithm: KeySerializationEncryption
+    ) -> bytes: ...
+    @abstractmethod
+    def private_numbers(self) -> DSAPrivateNumbers: ...
+
+class DSAPrivateNumbers(object):
+    @property
+    def x(self) -> int: ...
+    @property
+    def public_numbers(self) -> DSAPublicNumbers: ...
+    def __init__(self, x: int, public_numbers: DSAPublicNumbers) -> None: ...
+
+class DSAPublicKey(metaclass=ABCMeta):
+    @property
+    @abstractmethod
+    def key_size(self) -> int: ...
+    @abstractmethod
+    def public_bytes(self, encoding: Encoding, format: PublicFormat) -> bytes: ...
+    @abstractmethod
+    def public_numbers(self) -> DSAPublicNumbers: ...
+    @abstractmethod
+    def sign(self, data: bytes, padding: AsymmetricPadding, algorithm: HashAlgorithm) -> bytes: ...
+    @abstractmethod
+    def verify(self, signature: bytes, data: bytes, padding: AsymmetricPadding, algorithm: HashAlgorithm) -> None: ...
+
+DSAPublicKeyWithSerialization = DSAPublicKey
+
+class DSAPublicNumbers(object):
+    @property
+    def y(self) -> int: ...
+    @property
+    def parameter_numbers(self) -> DSAParameterNumbers: ...
+    def __init__(self, y: int, parameter_numbers: DSAParameterNumbers) -> None: ...
+
+def generate_parameters(key_size: int, backend: DSABackend) -> DSAParameters: ...
+def generate_private_key(key_size: int, backend: DSABackend) -> DSAPrivateKey: ...

third_party/2and3/cryptography/hazmat/primitives/asymmetric/ec.pyi

@@ -0,0 +1,228 @@
+from abc import ABCMeta, abstractmethod
+from typing import ClassVar, Union
+
+from cryptography.hazmat.backends.interfaces import EllipticCurveBackend
+from cryptography.hazmat.primitives.asymmetric.padding import AsymmetricPadding
+from cryptography.hazmat.primitives.asymmetric.utils import Prehashed
+from cryptography.hazmat.primitives.hashes import HashAlgorithm
+from cryptography.hazmat.primitives.serialization import Encoding, KeySerializationEncryption, PrivateFormat, PublicFormat
+from cryptography.x509 import ObjectIdentifier
+
+class EllipticCurve(metaclass=ABCMeta):
+    @property
+    @abstractmethod
+    def key_size(self) -> int: ...
+    @property
+    @abstractmethod
+    def name(self) -> str: ...
+
+class BrainpoolP256R1(EllipticCurve):
+    @property
+    def key_size(self) -> int: ...
+    @property
+    def name(self) -> str: ...
+
+class BrainpoolP384R1(EllipticCurve):
+    @property
+    def key_size(self) -> int: ...
+    @property
+    def name(self) -> str: ...
+
+class BrainpoolP512R1(EllipticCurve):
+    @property
+    def key_size(self) -> int: ...
+    @property
+    def name(self) -> str: ...
+
+class SECP192R1(EllipticCurve):
+    @property
+    def key_size(self) -> int: ...
+    @property
+    def name(self) -> str: ...
+
+class SECP224R1(EllipticCurve):
+    @property
+    def key_size(self) -> int: ...
+    @property
+    def name(self) -> str: ...
+
+class SECP256K1(EllipticCurve):
+    @property
+    def key_size(self) -> int: ...
+    @property
+    def name(self) -> str: ...
+
+class SECP256R1(EllipticCurve):
+    @property
+    def key_size(self) -> int: ...
+    @property
+    def name(self) -> str: ...
+
+class SECP384R1(EllipticCurve):
+    @property
+    def key_size(self) -> int: ...
+    @property
+    def name(self) -> str: ...
+
+class SECP521R1(EllipticCurve):
+    @property
+    def key_size(self) -> int: ...
+    @property
+    def name(self) -> str: ...
+
+class SECT163K1(EllipticCurve):
+    @property
+    def key_size(self) -> int: ...
+    @property
+    def name(self) -> str: ...
+
+class SECT163R2(EllipticCurve):
+    @property
+    def key_size(self) -> int: ...
+    @property
+    def name(self) -> str: ...
+
+class SECT233K1(EllipticCurve):
+    @property
+    def key_size(self) -> int: ...
+    @property
+    def name(self) -> str: ...
+
+class SECT233R1(EllipticCurve):
+    @property
+    def key_size(self) -> int: ...
+    @property
+    def name(self) -> str: ...
+
+class SECT283K1(EllipticCurve):
+    @property
+    def key_size(self) -> int: ...
+    @property
+    def name(self) -> str: ...
+
+class SECT283R1(EllipticCurve):
+    @property
+    def key_size(self) -> int: ...
+    @property
+    def name(self) -> str: ...
+
+class SECT409K1(EllipticCurve):
+    @property
+    def key_size(self) -> int: ...
+    @property
+    def name(self) -> str: ...
+
+class SECT409R1(EllipticCurve):
+    @property
+    def key_size(self) -> int: ...
+    @property
+    def name(self) -> str: ...
+
+class SECT571K1(EllipticCurve):
+    @property
+    def key_size(self) -> int: ...
+    @property
+    def name(self) -> str: ...
+
+class SECT571R1(EllipticCurve):
+    @property
+    def key_size(self) -> int: ...
+    @property
+    def name(self) -> str: ...
+
+class EllipticCurveOID(object):
+    SECP192R1: ClassVar[ObjectIdentifier]
+    SECP224R1: ClassVar[ObjectIdentifier]
+    SECP256K1: ClassVar[ObjectIdentifier]
+    SECP256R1: ClassVar[ObjectIdentifier]
+    SECP384R1: ClassVar[ObjectIdentifier]
+    SECP521R1: ClassVar[ObjectIdentifier]
+    BRAINPOOLP256R1: ClassVar[ObjectIdentifier]
+    BRAINPOOLP384R1: ClassVar[ObjectIdentifier]
+    BRAINPOOLP512R1: ClassVar[ObjectIdentifier]
+    SECT163K1: ClassVar[ObjectIdentifier]
+    SECT163R2: ClassVar[ObjectIdentifier]
+    SECT233K1: ClassVar[ObjectIdentifier]
+    SECT233R1: ClassVar[ObjectIdentifier]
+    SECT283K1: ClassVar[ObjectIdentifier]
+    SECT283R1: ClassVar[ObjectIdentifier]
+    SECT409K1: ClassVar[ObjectIdentifier]
+    SECT409R1: ClassVar[ObjectIdentifier]
+    SECT571K1: ClassVar[ObjectIdentifier]
+    SECT571R1: ClassVar[ObjectIdentifier]
+
+class EllipticCurvePrivateKey(metaclass=ABCMeta):
+    @property
+    @abstractmethod
+    def curve(self) -> EllipticCurve: ...
+    @property
+    @abstractmethod
+    def key_size(self) -> int: ...
+    @abstractmethod
+    def exchange(self, algorithm: ECDH, peer_public_key: EllipticCurvePublicKey) -> bytes: ...
+    @abstractmethod
+    def public_key(self) -> EllipticCurvePublicKey: ...
+
+class EllipticCurvePrivateKeyWithSerialization(EllipticCurvePrivateKey):
+    @abstractmethod
+    def private_bytes(
+        self, encoding: Encoding, format: PrivateFormat, encryption_algorithm: KeySerializationEncryption
+    ) -> bytes: ...
+    @abstractmethod
+    def private_numbers(self) -> EllipticCurvePrivateNumbers: ...
+
+class EllipticCurvePrivateNumbers(object):
+    @property
+    def private_value(self) -> int: ...
+    @property
+    def public_numbers(self) -> EllipticCurvePublicNumbers: ...
+    def __init__(self, private_value: int, public_numbers: EllipticCurvePublicNumbers) -> None: ...
+    def private_key(self, backend: EllipticCurveBackend) -> EllipticCurvePrivateKey: ...
+
+class EllipticCurvePublicKey(metaclass=ABCMeta):
+    @property
+    @abstractmethod
+    def curve(self) -> EllipticCurve: ...
+    @property
+    @abstractmethod
+    def key_size(self) -> int: ...
+    @classmethod
+    def from_encoded_point(cls, curve: EllipticCurve, data: bytes) -> EllipticCurvePublicKey: ...
+    @abstractmethod
+    def public_bytes(self, encoding: Encoding, format: PublicFormat) -> bytes: ...
+    @abstractmethod
+    def public_numbers(self) -> EllipticCurvePublicNumbers: ...
+    @abstractmethod
+    def sign(self, data: bytes, padding: AsymmetricPadding, algorithm: HashAlgorithm) -> bytes: ...
+    @abstractmethod
+    def verify(self, signature: bytes, data: bytes, padding: AsymmetricPadding, algorithm: HashAlgorithm) -> None: ...
+
+EllipticCurvePublicKeyWithSerialization = EllipticCurvePublicKey
+
+class EllipticCurvePublicNumbers(object):
+    @property
+    def curve(self) -> EllipticCurve: ...
+    @property
+    def x(self) -> int: ...
+    @property
+    def y(self) -> int: ...
+    def __init__(self, x: int, y: int, curve: EllipticCurve) -> None: ...
+    @classmethod
+    def from_encoded_point(cls, curve: EllipticCurve, data: bytes) -> EllipticCurvePublicNumbers: ...
+    def public_key(self, backend: EllipticCurveBackend) -> EllipticCurvePublicKey: ...
+
+class EllipticCurveSignatureAlgorithm(metaclass=ABCMeta):
+    @property
+    @abstractmethod
+    def algorithm(self) -> Union[HashAlgorithm, Prehashed]: ...
+
+class ECDH(object): ...
+
+class ECDSA(EllipticCurveSignatureAlgorithm):
+    def __init__(self, algorithm: HashAlgorithm): ...
+    @property
+    def algorithm(self) -> Union[HashAlgorithm, Prehashed]: ...
+
+def derive_private_key(private_value: int, curve: EllipticCurve, backend: EllipticCurveBackend) -> EllipticCurvePrivateKey: ...
+def generate_private_key(curve: EllipticCurve, backend: EllipticCurveBackend) -> EllipticCurvePrivateKey: ...
+def get_curve_for_oid(oid: ObjectIdentifier) -> EllipticCurve: ...

third_party/2and3/cryptography/hazmat/primitives/asymmetric/ed25519.pyi

@@ -0,0 +1,25 @@
+from abc import ABCMeta, abstractmethod
+
+from cryptography.hazmat.primitives.serialization import Encoding, KeySerializationEncryption, PrivateFormat, PublicFormat
+
+class Ed25519PrivateKey(metaclass=ABCMeta):
+    @classmethod
+    def generate(cls) -> Ed25519PrivateKey: ...
+    @classmethod
+    def from_private_bytes(cls, data: bytes) -> Ed25519PrivateKey: ...
+    @abstractmethod
+    def private_bytes(
+        self, encoding: Encoding, format: PrivateFormat, encryption_algorithm: KeySerializationEncryption
+    ) -> bytes: ...
+    @abstractmethod
+    def public_key(self) -> Ed25519PublicKey: ...
+    @abstractmethod
+    def sign(self, data: bytes) -> bytes: ...
+
+class Ed25519PublicKey(metaclass=ABCMeta):
+    @classmethod
+    def from_public_bytes(cls, data: bytes) -> Ed25519PublicKey: ...
+    @abstractmethod
+    def public_bytes(self, encoding: Encoding, format: PublicFormat) -> bytes: ...
+    @abstractmethod
+    def verify(self, signature: bytes, data: bytes) -> None: ...

third_party/2and3/cryptography/hazmat/primitives/asymmetric/ed448.pyi

@@ -0,0 +1,25 @@
+from abc import ABCMeta, abstractmethod
+
+from cryptography.hazmat.primitives.serialization import Encoding, KeySerializationEncryption, PrivateFormat, PublicFormat
+
+class Ed448PrivateKey(metaclass=ABCMeta):
+    @classmethod
+    def generate(cls) -> Ed448PrivateKey: ...
+    @classmethod
+    def from_private_bytes(cls, data: bytes) -> Ed448PrivateKey: ...
+    @abstractmethod
+    def private_bytes(
+        self, encoding: Encoding, format: PrivateFormat, encryption_algorithm: KeySerializationEncryption
+    ) -> bytes: ...
+    @abstractmethod
+    def public_key(self) -> Ed448PublicKey: ...
+    @abstractmethod
+    def sign(self, data: bytes) -> bytes: ...
+
+class Ed448PublicKey(metaclass=ABCMeta):
+    @classmethod
+    def from_public_bytes(cls, data: bytes) -> Ed448PublicKey: ...
+    @abstractmethod
+    def public_bytes(self, encoding: Encoding, format: PublicFormat) -> bytes: ...
+    @abstractmethod
+    def verify(self, signature: bytes, data: bytes) -> None: ...

third_party/2and3/cryptography/hazmat/primitives/asymmetric/padding.pyi

@@ -0,0 +1,27 @@
+from abc import ABCMeta, abstractmethod
+from typing import ClassVar, Optional
+
+from cryptography.hazmat.primitives.hashes import HashAlgorithm
+
+class AsymmetricPadding(metaclass=ABCMeta):
+    @property
+    @abstractmethod
+    def name(self) -> str: ...
+
+class MGF1(object):
+    def __init__(self, algorithm: HashAlgorithm) -> None: ...
+
+class OAEP(AsymmetricPadding):
+    def __init__(self, mgf: MGF1, algorithm: HashAlgorithm, label: Optional[bytes]) -> None: ...
+    @property
+    def name(self) -> str: ...
+
+class PKCS1v15(AsymmetricPadding):
+    @property
+    def name(self) -> str: ...
+
+class PSS(AsymmetricPadding):
+    MAX_LENGTH: ClassVar[object]
+    def __init__(self, mgf: MGF1, salt_length: int) -> None: ...
+    @property
+    def name(self) -> str: ...

third_party/2and3/cryptography/hazmat/primitives/asymmetric/rsa.pyi

@@ -1,37 +1,55 @@
-from cryptography.hazmat.primitives.serialization import Encoding, KeySerializationEncryption, PrivateFormat, PublicFormat
-from typing import Tuple
+from abc import ABCMeta, abstractmethod
+from typing import Tuple, Union
 
-class RSAPrivateKey:
-    def signer(self, padding, algorithm): ...
-    def decrypt(self, ciphertext: bytes, padding) -> bytes: ...
-    def public_key(self) -> RSAPublicKey: ...
+from cryptography.hazmat.backends.interfaces import RSABackend
+from cryptography.hazmat.primitives.asymmetric.padding import AsymmetricPadding
+from cryptography.hazmat.primitives.asymmetric.utils import Prehashed
+from cryptography.hazmat.primitives.hashes import HashAlgorithm
+from cryptography.hazmat.primitives.serialization import Encoding, KeySerializationEncryption, PrivateFormat, PublicFormat
+
+class RSAPrivateKey(metaclass=ABCMeta):
     @property
+    @abstractmethod
     def key_size(self) -> int: ...
-    def sign(self, data: bytes, padding, algorithm) -> bytes: ...
+    @abstractmethod
+    def decrypt(self, ciphertext: bytes, padding: AsymmetricPadding) -> bytes: ...
+    @abstractmethod
+    def public_key(self) -> RSAPublicKey: ...
+    @abstractmethod
+    def sign(self, data: bytes, padding: AsymmetricPadding, algorithm: Union[HashAlgorithm, Prehashed]) -> bytes: ...
 
 class RSAPrivateKeyWithSerialization(RSAPrivateKey):
+    @abstractmethod
+    def private_bytes(
+        self, encoding: Encoding, format: PrivateFormat, encryption_algorithm: KeySerializationEncryption
+    ) -> bytes: ...
+    @abstractmethod
     def private_numbers(self) -> RSAPrivateNumbers: ...
-    def private_bytes(self, encoding: Encoding, format: PrivateFormat,
-                      encryption_algorithm: KeySerializationEncryption) -> bytes: ...
 
-class RSAPublicKey:
-    def verifier(self, signature: bytes, padding, algorithm): ...
-    def encrypt(self, plaintext: bytes, padding) -> bytes: ...
+class RSAPublicKey(metaclass=ABCMeta):
     @property
+    @abstractmethod
     def key_size(self) -> int: ...
-    def public_numbers(self) -> RSAPublicNumbers: ...
+    @abstractmethod
+    def encrypt(self, plaintext: bytes, padding: AsymmetricPadding) -> bytes: ...
+    @abstractmethod
     def public_bytes(self, encoding: Encoding, format: PublicFormat) -> bytes: ...
-    def verify(self, signature: bytes, data: bytes, padding, algorithm) -> None: ...
+    @abstractmethod
+    def public_numbers(self) -> RSAPublicNumbers: ...
+    @abstractmethod
+    def sign(self, data: bytes, padding: AsymmetricPadding, algorithm: HashAlgorithm) -> bytes: ...
+    @abstractmethod
+    def verify(self, signature: bytes, data: bytes, padding: AsymmetricPadding, algorithm: HashAlgorithm) -> None: ...
 
 RSAPublicKeyWithSerialization = RSAPublicKey
 
-def generate_private_key(public_exponent: int, key_size: int, backend) -> RSAPrivateKeyWithSerialization: ...
+def generate_private_key(public_exponent: int, key_size: int, backend: RSABackend) -> RSAPrivateKeyWithSerialization: ...
 def rsa_crt_iqmp(p: int, q: int) -> int: ...
 def rsa_crt_dmp1(private_exponent: int, p: int) -> int: ...
 def rsa_crt_dmq1(private_exponent: int, q: int) -> int: ...
 def rsa_recover_prime_factors(n: int, e: int, d: int) -> Tuple[int, int]: ...
 
-class RSAPrivateNumbers:
+class RSAPrivateNumbers(object):
     def __init__(self, p: int, q: int, d: int, dmp1: int, dmq1: int, iqmp: int, public_numbers: RSAPublicNumbers) -> None: ...
     @property
     def p(self) -> int: ...
@@ -49,7 +67,7 @@ class RSAPrivateNumbers:
     def public_numbers(self) -> RSAPublicNumbers: ...
     def private_key(self, backend) -> RSAPrivateKey: ...
 
-class RSAPublicNumbers:
+class RSAPublicNumbers(object):
     def __init__(self, e: int, n: int) -> None: ...
     @property
     def p(self) -> int: ...

third_party/2and3/cryptography/hazmat/primitives/asymmetric/utils.pyi

@@ -0,0 +1,6 @@
+from typing import Tuple
+
+def decode_dss_signature(signature: bytes) -> Tuple[int, int]: ...
+def encode_dss_signature(r: int, s: int) -> bytes: ...
+
+class Prehashed(object): ...

third_party/2and3/cryptography/hazmat/primitives/asymmetric/x25519.pyi

@@ -0,0 +1,23 @@
+from abc import ABCMeta, abstractmethod
+
+from cryptography.hazmat.primitives.serialization import Encoding, KeySerializationEncryption, PrivateFormat, PublicFormat
+
+class X25519PrivateKey(metaclass=ABCMeta):
+    @classmethod
+    def from_private_bytes(cls, data: bytes) -> X25519PrivateKey: ...
+    @classmethod
+    def generate(cls) -> X25519PrivateKey: ...
+    @abstractmethod
+    def exchange(self, peer_public_key: X25519PublicKey) -> bytes: ...
+    @abstractmethod
+    def private_bytes(
+        self, encoding: Encoding, format: PrivateFormat, encryption_algorithm: KeySerializationEncryption
+    ) -> bytes: ...
+    @abstractmethod
+    def public_key(self) -> X25519PublicKey: ...
+
+class X25519PublicKey(metaclass=ABCMeta):
+    @classmethod
+    def from_public_bytes(cls, data: bytes) -> X25519PublicKey: ...
+    @abstractmethod
+    def public_bytes(self, encoding: Encoding, format: PublicFormat) -> bytes: ...

third_party/2and3/cryptography/hazmat/primitives/asymmetric/x448.pyi

@@ -0,0 +1,23 @@
+from abc import ABCMeta, abstractmethod
+
+from cryptography.hazmat.primitives.serialization import Encoding, KeySerializationEncryption, PrivateFormat, PublicFormat
+
+class X448PrivateKey(metaclass=ABCMeta):
+    @classmethod
+    def from_private_bytes(cls, data: bytes) -> X448PrivateKey: ...
+    @classmethod
+    def generate(cls) -> X448PrivateKey: ...
+    @abstractmethod
+    def exchange(self, peer_public_key: X448PublicKey) -> bytes: ...
+    @abstractmethod
+    def private_bytes(
+        self, encoding: Encoding, format: PrivateFormat, encryption_algorithm: KeySerializationEncryption
+    ) -> bytes: ...
+    @abstractmethod
+    def public_key(self) -> X448PublicKey: ...
+
+class X448PublicKey(metaclass=ABCMeta):
+    @classmethod
+    def from_public_bytes(cls, data: bytes) -> X448PublicKey: ...
+    @abstractmethod
+    def public_bytes(self, encoding: Encoding, format: PublicFormat) -> bytes: ...

third_party/2and3/cryptography/hazmat/primitives/ciphers/__init__.pyi

@@ -0,0 +1,43 @@
+from abc import ABCMeta, abstractmethod
+
+from cryptography.hazmat.backends.interfaces import CipherBackend
+from cryptography.hazmat.primitives.ciphers.modes import Mode
+
+class AEADCipherContext(metaclass=ABCMeta):
+    @abstractmethod
+    def authenticate_additional_data(self, data: bytes) -> None: ...
+
+class AEADDecryptionContext(metaclass=ABCMeta):
+    @abstractmethod
+    def finalize_with_tag(self, tag: bytes) -> bytes: ...
+
+class AEADEncryptionContext(metaclass=ABCMeta):
+    @property
+    @abstractmethod
+    def tag(self) -> bytes: ...
+
+class BlockCipherAlgorithm(metaclass=ABCMeta):
+    @property
+    @abstractmethod
+    def block_size(self) -> int: ...
+
+class Cipher(object):
+    def __init__(self, algorithm: CipherAlgorithm, mode: Mode, backend: CipherBackend) -> None: ...
+    def decryptor(self) -> CipherContext: ...
+    def encryptor(self) -> CipherContext: ...
+
+class CipherAlgorithm(metaclass=ABCMeta):
+    @property
+    @abstractmethod
+    def key_size(self) -> int: ...
+    @property
+    @abstractmethod
+    def name(self) -> str: ...
+
+class CipherContext(metaclass=ABCMeta):
+    @abstractmethod
+    def finalize(self) -> bytes: ...
+    @abstractmethod
+    def update(self, data: bytes) -> bytes: ...
+    @abstractmethod
+    def update_into(self, data: bytes, buf) -> int: ...

third_party/2and3/cryptography/hazmat/primitives/ciphers/aead.pyi

@@ -0,0 +1,22 @@
+from typing import Optional
+
+class AESCCM(object):
+    def __init__(self, key: bytes, tag_length: Optional[int]) -> None: ...
+    def decrypt(self, nonce: bytes, data: bytes, associated_data: Optional[bytes]) -> bytes: ...
+    def encrypt(self, nonce: bytes, data: bytes, associated_data: Optional[bytes]) -> bytes: ...
+    @classmethod
+    def generate_key(cls, bit_length: int) -> bytes: ...
+
+class AESGCM(object):
+    def __init__(self, key: bytes) -> None: ...
+    def decrypt(self, nonce: bytes, data: bytes, associated_data: Optional[bytes]) -> bytes: ...
+    def encrypt(self, nonce: bytes, data: bytes, associated_data: Optional[bytes]) -> bytes: ...
+    @classmethod
+    def generate_key(cls, bit_length: int) -> bytes: ...
+
+class ChaCha20Poly1305(object):
+    def __init__(self, key: bytes) -> None: ...
+    def decrypt(self, nonce: bytes, data: bytes, associated_data: Optional[bytes]) -> bytes: ...
+    def encrypt(self, nonce: bytes, data: bytes, associated_data: Optional[bytes]) -> bytes: ...
+    @classmethod
+    def generate_key(cls) -> bytes: ...

third_party/2and3/cryptography/hazmat/primitives/ciphers/algorithms.pyi

@@ -0,0 +1,79 @@
+from cryptography.hazmat.primitives.ciphers import BlockCipherAlgorithm, CipherAlgorithm
+from cryptography.hazmat.primitives.ciphers.modes import ModeWithNonce
+
+class AES(BlockCipherAlgorithm, CipherAlgorithm):
+    def __init__(self, key: bytes) -> None: ...
+    @property
+    def block_size(self) -> int: ...
+    @property
+    def key_size(self) -> int: ...
+    @property
+    def name(self) -> str: ...
+
+class ARC4(CipherAlgorithm):
+    def __init__(self, key: bytes) -> None: ...
+    @property
+    def key_size(self) -> int: ...
+    @property
+    def name(self) -> str: ...
+
+class Blowfish(BlockCipherAlgorithm, CipherAlgorithm):
+    def __init__(self, key: bytes) -> None: ...
+    @property
+    def block_size(self) -> int: ...
+    @property
+    def key_size(self) -> int: ...
+    @property
+    def name(self) -> str: ...
+
+class Camelia(BlockCipherAlgorithm, CipherAlgorithm):
+    def __init__(self, key: bytes) -> None: ...
+    @property
+    def block_size(self) -> int: ...
+    @property
+    def key_size(self) -> int: ...
+    @property
+    def name(self) -> str: ...
+
+class CAST5(BlockCipherAlgorithm, CipherAlgorithm):
+    def __init__(self, key: bytes) -> None: ...
+    @property
+    def block_size(self) -> int: ...
+    @property
+    def key_size(self) -> int: ...
+    @property
+    def name(self) -> str: ...
+
+class ChaCha20(CipherAlgorithm, ModeWithNonce):
+    def __init__(self, key: bytes, nonce: bytes) -> None: ...
+    @property
+    def key_size(self) -> int: ...
+    @property
+    def name(self) -> str: ...
+    @property
+    def nonce(self) -> bytes: ...
+
+class IDEA(CipherAlgorithm):
+    def __init__(self, key: bytes) -> None: ...
+    @property
+    def key_size(self) -> int: ...
+    @property
+    def name(self) -> str: ...
+
+class SEED(BlockCipherAlgorithm, CipherAlgorithm):
+    def __init__(self, key: bytes) -> None: ...
+    @property
+    def block_size(self) -> int: ...
+    @property
+    def key_size(self) -> int: ...
+    @property
+    def name(self) -> str: ...
+
+class TripleDES(BlockCipherAlgorithm, CipherAlgorithm):
+    def __init__(self, key: bytes) -> None: ...
+    @property
+    def block_size(self) -> int: ...
+    @property
+    def key_size(self) -> int: ...
+    @property
+    def name(self) -> str: ...

third_party/2and3/cryptography/hazmat/primitives/ciphers/modes.pyi

@@ -0,0 +1,94 @@
+from abc import ABCMeta, abstractmethod
+from typing import Optional
+
+from cryptography.hazmat.primitives.ciphers import CipherAlgorithm
+
+class Mode(metaclass=ABCMeta):
+    @property
+    @abstractmethod
+    def name(self) -> str: ...
+    @abstractmethod
+    def validate_for_algorithm(self, algorithm: CipherAlgorithm) -> None: ...
+
+class ModeWithAuthenticationTag(metaclass=ABCMeta):
+    @property
+    @abstractmethod
+    def tag(self) -> bytes: ...
+
+class ModeWithInitializationVector(metaclass=ABCMeta):
+    @property
+    @abstractmethod
+    def initialization_vector(self) -> bytes: ...
+
+class ModeWithNonce(metaclass=ABCMeta):
+    @property
+    @abstractmethod
+    def nonce(self) -> bytes: ...
+
+class ModeWithTweak(metaclass=ABCMeta):
+    @property
+    @abstractmethod
+    def tweak(self) -> bytes: ...
+
+class CBC(Mode, ModeWithInitializationVector):
+    def __init__(self, initialization_vector: bytes) -> None: ...
+    @property
+    def initialization_vector(self) -> bytes: ...
+    @property
+    def name(self) -> str: ...
+    def validate_for_algorithm(self, algorithm: CipherAlgorithm) -> None: ...
+
+class CTR(Mode, ModeWithNonce):
+    def __init__(self, nonce: bytes) -> None: ...
+    @property
+    def name(self) -> str: ...
+    @property
+    def nonce(self) -> bytes: ...
+    def validate_for_algorithm(self, algorithm: CipherAlgorithm) -> None: ...
+
+class CFB(Mode, ModeWithInitializationVector):
+    def __init__(self, initialization_vector: bytes) -> None: ...
+    @property
+    def initialization_vector(self) -> bytes: ...
+    @property
+    def name(self) -> str: ...
+    def validate_for_algorithm(self, algorithm: CipherAlgorithm) -> None: ...
+
+class CFB8(Mode, ModeWithInitializationVector):
+    def __init__(self, initialization_vector: bytes) -> None: ...
+    @property
+    def initialization_vector(self) -> bytes: ...
+    @property
+    def name(self) -> str: ...
+    def validate_for_algorithm(self, algorithm: CipherAlgorithm) -> None: ...
+
+class ECB(Mode):
+    @property
+    def name(self) -> str: ...
+    def validate_for_algorithm(self, algorithm: CipherAlgorithm) -> None: ...
+
+class GCM(Mode, ModeWithInitializationVector, ModeWithAuthenticationTag):
+    def __init__(self, initialization_vector: bytes, tag: Optional[bytes], min_tag_length: Optional[int]) -> None: ...
+    @property
+    def initialization_vector(self) -> bytes: ...
+    @property
+    def name(self) -> str: ...
+    @property
+    def tag(self) -> bytes: ...
+    def validate_for_algorithm(self, algorithm: CipherAlgorithm) -> None: ...
+
+class OFB(Mode, ModeWithInitializationVector):
+    def __init__(self, initialization_vector: bytes) -> None: ...
+    @property
+    def initialization_vector(self) -> bytes: ...
+    @property
+    def name(self) -> str: ...
+    def validate_for_algorithm(self, algorithm: CipherAlgorithm) -> None: ...
+
+class XTS(Mode, ModeWithTweak):
+    def __init__(self, tweak: bytes) -> None: ...
+    @property
+    def name(self) -> str: ...
+    @property
+    def tweak(self) -> bytes: ...
+    def validate_for_algorithm(self, algorithm: CipherAlgorithm) -> None: ...

third_party/2and3/cryptography/hazmat/primitives/cmac.pyi

@@ -0,0 +1,9 @@
+from cryptography.hazmat.backends.interfaces import CMACBackend
+from cryptography.hazmat.primitives.ciphers import BlockCipherAlgorithm
+
+class CMAC(object):
+    def __init__(self, algorithm: BlockCipherAlgorithm, backend: CMACBackend) -> None: ...
+    def copy(self) -> CMAC: ...
+    def finalize(self) -> bytes: ...
+    def update(self, data: bytes) -> None: ...
+    def verify(self, signature: bytes) -> None: ...

third_party/2and3/cryptography/hazmat/primitives/constant_time.pyi

@@ -0,0 +1 @@
+def bytes_eq(a: bytes, b: bytes) -> bool: ...

third_party/2and3/cryptography/hazmat/primitives/hashes.pyi

@@ -0,0 +1,43 @@
+from abc import ABCMeta, abstractmethod
+
+from cryptography.hazmat.backends.interfaces import HashBackend
+
+class HashAlgorithm(metaclass=ABCMeta):
+    digest_size: int
+    name: str
+
+class HashContext(metaclass=ABCMeta):
+    algorithm: HashAlgorithm
+    @abstractmethod
+    def copy(self) -> HashContext: ...
+    @abstractmethod
+    def finalize(self) -> bytes: ...
+    @abstractmethod
+    def update(self, data: bytes) -> None: ...
+
+class BLAKE2b(HashAlgorithm): ...
+class BLAKE2s(HashAlgorithm): ...
+class MD5(HashAlgorithm): ...
+class SHA1(HashAlgorithm): ...
+class SHA224(HashAlgorithm): ...
+class SHA256(HashAlgorithm): ...
+class SHA384(HashAlgorithm): ...
+class SHA3_224(HashAlgorithm): ...
+class SHA3_256(HashAlgorithm): ...
+class SHA3_384(HashAlgorithm): ...
+class SHA3_512(HashAlgorithm): ...
+class SHA512(HashAlgorithm): ...
+class SHA512_224(HashAlgorithm): ...
+class SHA512_256(HashAlgorithm): ...
+
+class SHAKE128(HashAlgorithm):
+    def __init__(self, digest_size: int) -> None: ...
+
+class SHAKE256(HashAlgorithm):
+    def __init__(self, digest_size: int) -> None: ...
+
+class Hash(HashContext):
+    def __init__(self, algorithm: HashAlgorithm, backend: HashBackend): ...
+    def copy(self) -> Hash: ...
+    def finalize(self) -> bytes: ...
+    def update(self, data: bytes) -> None: ...

third_party/2and3/cryptography/hazmat/primitives/hmac.pyi

@@ -0,0 +1,9 @@
+from cryptography.hazmat.backends.interfaces import HMACBackend
+from cryptography.hazmat.primitives.hashes import HashAlgorithm
+
+class HMAC(object):
+    def __init__(self, key: bytes, algorithm: HashAlgorithm, backend: HMACBackend) -> None: ...
+    def copy(self) -> HMAC: ...
+    def finalize(self) -> bytes: ...
+    def update(self, msg: bytes) -> None: ...
+    def verify(self, signature: bytes) -> None: ...

third_party/2and3/cryptography/hazmat/primitives/kdf/__init__.pyi

@@ -0,0 +1,7 @@
+from abc import ABCMeta, abstractmethod
+
+class KeyDerivationFunction(metaclass=ABCMeta):
+    @abstractmethod
+    def derive(self, key_material: bytes) -> bytes: ...
+    @abstractmethod
+    def verify(self, key_material: bytes, expected_key: bytes) -> None: ...

third_party/2and3/cryptography/hazmat/primitives/kdf/concatkdf.pyi

@@ -0,0 +1,17 @@
+from typing import Optional
+
+from cryptography.hazmat.backends.interfaces import HashBackend, HMACBackend
+from cryptography.hazmat.primitives.hashes import HashAlgorithm
+from cryptography.hazmat.primitives.kdf import KeyDerivationFunction
+
+class ConcatKDFHash(KeyDerivationFunction):
+    def __init__(self, algorithm: HashAlgorithm, length: int, otherinfo: Optional[bytes], backend: HashBackend): ...
+    def derive(self, key_material: bytes) -> bytes: ...
+    def verify(self, key_material: bytes, expected_key: bytes) -> None: ...
+
+class ConcatKDFHMAC(KeyDerivationFunction):
+    def __init__(
+        self, algorithm: HashAlgorithm, length: int, salt: Optional[bytes], otherinfo: Optional[bytes], backend: HMACBackend
+    ): ...
+    def derive(self, key_material: bytes) -> bytes: ...
+    def verify(self, key_material: bytes, expected_key: bytes) -> None: ...

third_party/2and3/cryptography/hazmat/primitives/kdf/hkdf.pyi

@@ -0,0 +1,17 @@
+from typing import Optional
+
+from cryptography.hazmat.backends.interfaces import HMACBackend
+from cryptography.hazmat.primitives.hashes import HashAlgorithm
+from cryptography.hazmat.primitives.kdf import KeyDerivationFunction
+
+class HKDF(KeyDerivationFunction):
+    def __init__(
+        self, algorithm: HashAlgorithm, length: int, salt: Optional[bytes], info: Optional[bytes], backend: HMACBackend
+    ): ...
+    def derive(self, key_material: bytes) -> bytes: ...
+    def verify(self, key_material: bytes, expected_key: bytes) -> None: ...
+
+class HKDFExpand(KeyDerivationFunction):
+    def __init__(self, algorithm: HashAlgorithm, length: int, info: Optional[bytes], backend: HMACBackend): ...
+    def derive(self, key_material: bytes) -> bytes: ...
+    def verify(self, key_material: bytes, expected_key: bytes) -> None: ...

third_party/2and3/cryptography/hazmat/primitives/kdf/kbkdf.pyi

@@ -0,0 +1,30 @@
+from enum import Enum
+from typing import Optional
+
+from cryptography.hazmat.backends.interfaces import HMACBackend
+from cryptography.hazmat.primitives.hashes import HashAlgorithm
+from cryptography.hazmat.primitives.kdf import KeyDerivationFunction
+
+class Mode(Enum):
+    CounterMode: str
+
+class CounterLocation(Enum):
+    BeforeFixed: str
+    AfterFixed: str
+
+class KBKDFHMAC(KeyDerivationFunction):
+    def __init__(
+        self,
+        algorithm: HashAlgorithm,
+        mode: Mode,
+        length: int,
+        rlen: int,
+        llen: int,
+        location: CounterLocation,
+        label: Optional[bytes],
+        context: Optional[bytes],
+        fixed: Optional[bytes],
+        backend: HMACBackend,
+    ): ...
+    def derive(self, key_material: bytes) -> bytes: ...
+    def verify(self, key_material: bytes, expected_key: bytes) -> None: ...

third_party/2and3/cryptography/hazmat/primitives/kdf/pbkdf2.pyi

@@ -0,0 +1,8 @@
+from cryptography.hazmat.backends.interfaces import PBKDF2HMACBackend
+from cryptography.hazmat.primitives.hashes import HashAlgorithm
+from cryptography.hazmat.primitives.kdf import KeyDerivationFunction
+
+class PBKDF2HMAC(KeyDerivationFunction):
+    def __init__(self, algorithm: HashAlgorithm, length: int, salt: bytes, iterations: int, backend: PBKDF2HMACBackend): ...
+    def derive(self, key_material: bytes) -> bytes: ...
+    def verify(self, key_material: bytes, expected_key: bytes) -> None: ...

third_party/2and3/cryptography/hazmat/primitives/kdf/scrypt.pyi

@@ -0,0 +1,7 @@
+from cryptography.hazmat.backends.interfaces import ScryptBackend
+from cryptography.hazmat.primitives.kdf import KeyDerivationFunction
+
+class Scrypt(KeyDerivationFunction):
+    def __init__(self, salt: bytes, length: int, n: int, r: int, p: int, backend: ScryptBackend): ...
+    def derive(self, key_material: bytes) -> bytes: ...
+    def verify(self, key_material: bytes, expected_key: bytes) -> None: ...

third_party/2and3/cryptography/hazmat/primitives/kdf/x963kdf.pyi

@@ -0,0 +1,10 @@
+from typing import Optional
+
+from cryptography.hazmat.backends.interfaces import HashBackend
+from cryptography.hazmat.primitives.hashes import HashAlgorithm
+from cryptography.hazmat.primitives.kdf import KeyDerivationFunction
+
+class X963KDF(KeyDerivationFunction):
+    def __init__(self, algorithm: HashAlgorithm, length: int, sharedinfo: Optional[bytes], backend: HashBackend): ...
+    def derive(self, key_material: bytes) -> bytes: ...
+    def verify(self, key_material: bytes, expected_key: bytes) -> None: ...

third_party/2and3/cryptography/hazmat/primitives/keywrap.pyi

@@ -0,0 +1,8 @@
+from cryptography.hazmat.backends.interfaces import CipherBackend
+
+def aes_key_wrap(wrapping_key: bytes, key_to_wrap: bytes, backend: CipherBackend) -> bytes: ...
+def aes_key_wrap_with_padding(wrapping_key: bytes, key_to_wrap: bytes, backend: CipherBackend) -> bytes: ...
+def aes_key_unwrap(wrapping_key: bytes, wrapped_key: bytes, backend: CipherBackend) -> bytes: ...
+def aes_key_unwrap_with_padding(wrapping_key: bytes, wrapped_key: bytes, backend: CipherBackend) -> bytes: ...
+
+class InvalidUnwrap(Exception): ...

third_party/2and3/cryptography/hazmat/primitives/padding.pyi

@@ -0,0 +1,17 @@
+from abc import ABCMeta, abstractmethod
+
+class PaddingContext(metaclass=ABCMeta):
+    @abstractmethod
+    def finalize(self) -> bytes: ...
+    @abstractmethod
+    def update(self, data: bytes) -> bytes: ...
+
+class ANSIX923(object):
+    def __init__(self, block_size: int) -> None: ...
+    def padder(self) -> PaddingContext: ...
+    def unpadder(self) -> PaddingContext: ...
+
+class PKCS7(object):
+    def __init__(self, block_size: int) -> None: ...
+    def padder(self) -> PaddingContext: ...
+    def unpadder(self) -> PaddingContext: ...

third_party/2and3/cryptography/hazmat/primitives/poly1305.pyi

@@ -0,0 +1,12 @@
+from cryptography.hazmat.backends.interfaces import HMACBackend
+from cryptography.hazmat.primitives.hashes import HashAlgorithm
+
+class Poly1305(object):
+    def __init__(self, key: bytes) -> None: ...
+    def finalize(self) -> bytes: ...
+    @classmethod
+    def generate_tag(cls, key: bytes, data: bytes) -> bytes: ...
+    def update(self, data: bytes) -> None: ...
+    def verify(self, tag: bytes) -> None: ...
+    @classmethod
+    def verify_tag(cls, key: bytes, data: bytes, tag: bytes) -> None: ...

third_party/2and3/cryptography/hazmat/primitives/serialization/__init__.pyi

@@ -1,5 +1,6 @@
-from typing import Any, Optional
+from abc import ABCMeta
 from enum import Enum
+from typing import Optional
 
 def load_pem_private_key(data: bytes, password: Optional[bytes], backend): ...
 def load_pem_public_key(data: bytes, backend): ...
@@ -11,23 +12,29 @@ class Encoding(Enum):
     PEM: str
     DER: str
     OpenSSH: str
+    Raw: str
+    X962: str
 
 class PrivateFormat(Enum):
     PKCS8: str
     TraditionalOpenSSL: str
+    Raw: str
 
 class PublicFormat(Enum):
     SubjectPublicKeyInfo: str
     PKCS1: str
     OpenSSH: str
+    Raw: str
+    CompressedPoint: str
+    UncompressedPoint: str
 
 class ParameterFormat(Enum):
     PKCS3: str
 
-class KeySerializationEncryption: ...
+class KeySerializationEncryption(metaclass=ABCMeta): ...
 
 class BestAvailableEncryption(KeySerializationEncryption):
-    password: Any
-    def __init__(self, password) -> None: ...
+    password: bytes
+    def __init__(self, password: bytes) -> None: ...
 
 class NoEncryption(KeySerializationEncryption): ...

third_party/2and3/cryptography/hazmat/primitives/serialization/pkcs12.pyi

@@ -0,0 +1,3 @@
+from typing import Optional
+
+def load_key_and_certificates(data: bytes, password: Optional[bytes], backend): ...

third_party/2and3/cryptography/hazmat/primitives/twofactor/__init__.pyi

@@ -0,0 +1 @@
+class InvalidToken(Exception): ...

third_party/2and3/cryptography/hazmat/primitives/twofactor/hotp.pyi

@@ -0,0 +1,12 @@
+from typing import Optional
+
+from cryptography.hazmat.backends.interfaces import HMACBackend
+from cryptography.hazmat.primitives.hashes import HashAlgorithm
+
+class HOTP(object):
+    def __init__(
+        self, key: bytes, length: int, algorithm: HashAlgorithm, backend: HMACBackend, enforce_key_length: bool = ...
+    ): ...
+    def generate(self, counter: int) -> bytes: ...
+    def get_provisioning_uri(self, account_name: str, counter: int, issuer: Optional[str]) -> str: ...
+    def verify(self, hotp: bytes, counter: int) -> None: ...

third_party/2and3/cryptography/hazmat/primitives/twofactor/totp.pyi

@@ -0,0 +1,18 @@
+from typing import Optional
+
+from cryptography.hazmat.backends.interfaces import HMACBackend
+from cryptography.hazmat.primitives.hashes import HashAlgorithm
+
+class TOTP(object):
+    def __init__(
+        self,
+        key: bytes,
+        length: int,
+        algorithm: HashAlgorithm,
+        time_step: int,
+        backend: HMACBackend,
+        enforce_key_length: bool = ...,
+    ): ...
+    def generate(self, time: int) -> bytes: ...
+    def get_provisioning_uri(self, account_name: str, issuer: Optional[str]) -> str: ...
+    def verify(self, totp: bytes, time: int) -> None: ...

third_party/2and3/cryptography/x509.pyi

@@ -0,0 +1,288 @@
+import datetime
+from abc import ABCMeta, abstractmethod
+from enum import Enum
+from ipaddress import IPv4Address, IPv4Network, IPv6Address, IPv6Network
+from typing import Any, ClassVar, Dict, Generator, List, Optional, Union
+
+from cryptography.hazmat.backends.interfaces import X509Backend
+from cryptography.hazmat.primitives.asymmetric.dsa import DSAPrivateKey, DSAPublicKey
+from cryptography.hazmat.primitives.asymmetric.ec import EllipticCurvePrivateKey, EllipticCurvePublicKey
+from cryptography.hazmat.primitives.asymmetric.ed448 import Ed448PrivateKey, Ed448PublicKey
+from cryptography.hazmat.primitives.asymmetric.ed25519 import Ed25519PrivateKey, Ed25519PublicKey
+from cryptography.hazmat.primitives.asymmetric.rsa import RSAPrivateKey, RSAPublicKey
+from cryptography.hazmat.primitives.hashes import HashAlgorithm
+from cryptography.hazmat.primitives.serialization import Encoding
+
+class ObjectIdentifier(object):
+    def dotted_string(self) -> str: ...
+
+class CRLEntryExtensionOID(object):
+    CERTIFICATE_ISSUER: ClassVar[ObjectIdentifier]
+    CRL_REASON: ClassVar[ObjectIdentifier]
+    INVALIDITY_DATE: ClassVar[ObjectIdentifier]
+
+class ExtensionOID(object):
+    AUTHORITY_INFORMATION_ACCESS: ClassVar[ObjectIdentifier]
+    AUTHORITY_KEY_IDENTIFIER: ClassVar[ObjectIdentifier]
+    BASIC_CONSTRAINTS: ClassVar[ObjectIdentifier]
+    CERTIFICATE_POLICIES: ClassVar[ObjectIdentifier]
+    CRL_DISTRIBUTION_POINTS: ClassVar[ObjectIdentifier]
+    CRL_NUMBER: ClassVar[ObjectIdentifier]
+    DELTA_CRL_INDICATOR: ClassVar[ObjectIdentifier]
+    EXTENDED_KEY_USAGE: ClassVar[ObjectIdentifier]
+    FRESHEST_CRL: ClassVar[ObjectIdentifier]
+    INHIBIT_ANY_POLICY: ClassVar[ObjectIdentifier]
+    ISSUER_ALTERNATIVE_NAME: ClassVar[ObjectIdentifier]
+    ISSUING_DISTRIBUTION_POINT: ClassVar[ObjectIdentifier]
+    KEY_USAGE: ClassVar[ObjectIdentifier]
+    NAME_CONSTRAINTS: ClassVar[ObjectIdentifier]
+    OCSP_NO_CHECK: ClassVar[ObjectIdentifier]
+    POLICY_CONSTRAINTS: ClassVar[ObjectIdentifier]
+    POLICY_MAPPINGS: ClassVar[ObjectIdentifier]
+    PRECERT_POISON: ClassVar[ObjectIdentifier]
+    PRECERT_SIGNED_CERTIFICATE_TIMESTAMPS: ClassVar[ObjectIdentifier]
+    SUBJECT_ALTERNATIVE_NAME: ClassVar[ObjectIdentifier]
+    SUBJECT_DIRECTORY_ATTRIBUTES: ClassVar[ObjectIdentifier]
+    SUBJECT_INFORMATION_ACCESS: ClassVar[ObjectIdentifier]
+    SUBJECT_KEY_IDENTIFIER: ClassVar[ObjectIdentifier]
+    TLS_FEATURE: ClassVar[ObjectIdentifier]
+
+class NameOID(object):
+    BUSINESS_CATEGORY: ClassVar[ObjectIdentifier]
+    COMMON_NAME: ClassVar[ObjectIdentifier]
+    COUNTRY_NAME: ClassVar[ObjectIdentifier]
+    DN_QUALIFIER: ClassVar[ObjectIdentifier]
+    DOMAIN_COMPONENT: ClassVar[ObjectIdentifier]
+    EMAIL_ADDRESS: ClassVar[ObjectIdentifier]
+    GENERATION_QUALIFIER: ClassVar[ObjectIdentifier]
+    GIVEN_NAME: ClassVar[ObjectIdentifier]
+    JURISDICTION_COUNTRY_NAME: ClassVar[ObjectIdentifier]
+    JURISDICTION_LOCALITY_NAME: ClassVar[ObjectIdentifier]
+    JURISDICTION_STATE_OR_PROVINCE_NAME: ClassVar[ObjectIdentifier]
+    LOCALITY_NAME: ClassVar[ObjectIdentifier]
+    ORGANIZATIONAL_UNIT_NAME: ClassVar[ObjectIdentifier]
+    ORGANIZATION_NAME: ClassVar[ObjectIdentifier]
+    POSTAL_ADDRESS: ClassVar[ObjectIdentifier]
+    POSTAL_CODE: ClassVar[ObjectIdentifier]
+    PSEUDONYM: ClassVar[ObjectIdentifier]
+    SERIAL_NUMBER: ClassVar[ObjectIdentifier]
+    STATE_OR_PROVINCE_NAME: ClassVar[ObjectIdentifier]
+    STREET_ADDRESS: ClassVar[ObjectIdentifier]
+    SURNAME: ClassVar[ObjectIdentifier]
+    TITLE: ClassVar[ObjectIdentifier]
+    USER_ID: ClassVar[ObjectIdentifier]
+    X500_UNIQUE_IDENTIFIER: ClassVar[ObjectIdentifier]
+
+class OCSPExtensionOID(object):
+    NONCE: ClassVar[ObjectIdentifier]
+
+class SignatureAlgorithmOID(object):
+    DSA_WITH_SHA1: ClassVar[ObjectIdentifier]
+    DSA_WITH_SHA224: ClassVar[ObjectIdentifier]
+    DSA_WITH_SHA256: ClassVar[ObjectIdentifier]
+    ECDSA_WITH_SHA1: ClassVar[ObjectIdentifier]
+    ECDSA_WITH_SHA224: ClassVar[ObjectIdentifier]
+    ECDSA_WITH_SHA256: ClassVar[ObjectIdentifier]
+    ECDSA_WITH_SHA384: ClassVar[ObjectIdentifier]
+    ECDSA_WITH_SHA512: ClassVar[ObjectIdentifier]
+    ED25519: ClassVar[ObjectIdentifier]
+    ED448: ClassVar[ObjectIdentifier]
+    RSASSA_PSS: ClassVar[ObjectIdentifier]
+    RSA_WITH_MD5: ClassVar[ObjectIdentifier]
+    RSA_WITH_SHA1: ClassVar[ObjectIdentifier]
+    RSA_WITH_SHA224: ClassVar[ObjectIdentifier]
+    RSA_WITH_SHA256: ClassVar[ObjectIdentifier]
+    RSA_WITH_SHA384: ClassVar[ObjectIdentifier]
+    RSA_WITH_SHA512: ClassVar[ObjectIdentifier]
+
+class NameAttribute(object):
+    oid: ObjectIdentifier
+    value: str
+    def __init__(self, oid: ObjectIdentifier, value: str) -> None: ...
+    def rfc4514_string(self) -> str: ...
+
+class RelativeDistinguishedName(object):
+    def __init__(self, attributes: List[NameAttribute]) -> None: ...
+    def __iter__(self) -> Generator[NameAttribute, None, None]: ...
+    def get_attributes_for_oid(self, oid: ObjectIdentifier) -> List[NameAttribute]: ...
+    def rfc4514_string(self) -> str: ...
+
+class Name(object):
+    rdns: List[RelativeDistinguishedName]
+    def __init__(self, attributes: List[Union[NameAttribute, RelativeDistinguishedName]]) -> None: ...
+    def __iter__(self) -> Generator[NameAttribute, None, None]: ...
+    def get_attributes_for_oid(self, oid: ObjectIdentifier) -> List[NameAttribute]: ...
+    def public_bytes(self, backend: X509Backend) -> bytes: ...
+    def rfc4514_string(self) -> str: ...
+
+class Version(Enum):
+    v1: int
+    v3: int
+
+class Certificate(metaclass=ABCMeta):
+    extensions: Extensions
+    issuer: Name
+    not_valid_after: datetime.datetime
+    not_valid_before: datetime.datetime
+    serial_number: int
+    signature: bytes
+    signature_algorithm_oid: ObjectIdentifier
+    signature_hash_algorithm: HashAlgorithm
+    tbs_certificate_bytes: bytes
+    subject: Name
+    version: Version
+    @abstractmethod
+    def fingerprint(self, algorithm: HashAlgorithm) -> bytes: ...
+    @abstractmethod
+    def public_bytes(self, encoding: Encoding) -> bytes: ...
+    @abstractmethod
+    def public_key(self) -> Union[DSAPublicKey, Ed25519PublicKey, Ed448PublicKey, EllipticCurvePublicKey, RSAPublicKey]: ...
+
+class CertificateBuilder(object):
+    def add_extension(self, extension: ExtensionType, critical: bool) -> CertificateBuilder: ...
+    def issuer_name(self, name: Name) -> CertificateBuilder: ...
+    def not_valid_after(self, time: datetime.datetime) -> CertificateBuilder: ...
+    def not_valid_before(self, time: datetime.datetime) -> CertificateBuilder: ...
+    def public_key(
+        self, public_key: Union[DSAPublicKey, Ed25519PublicKey, Ed448PublicKey, EllipticCurvePublicKey, RSAPublicKey]
+    ) -> CertificateBuilder: ...
+    def serial_number(self, serial_number: int) -> CertificateBuilder: ...
+    def sign(
+        self,
+        private_key: Union[DSAPrivateKey, Ed25519PrivateKey, Ed448PrivateKey, EllipticCurvePrivateKey, RSAPrivateKey],
+        algorithm: Optional[HashAlgorithm],
+        backend: X509Backend,
+    ) -> Certificate: ...
+    def subject_name(self, name: Name) -> CertificateBuilder: ...
+
+class CertificateRevocationList(metaclass=ABCMeta):
+    extensions: Extensions
+    issuer: Name
+    last_update: datetime.datetime
+    next_update: datetime.datetime
+    signature: bytes
+    signature_algorithm_oid: ObjectIdentifier
+    signature_hash_algorithm: HashAlgorithm
+    tbs_certlist_bytes: bytes
+    @abstractmethod
+    def fingerprint(self, algorithm: HashAlgorithm) -> bytes: ...
+    @abstractmethod
+    def get_revoked_certificate_by_serial_number(self, serial_number: int) -> RevokedCertificate: ...
+    @abstractmethod
+    def is_signature_valid(
+        self, public_key: Union[DSAPublicKey, Ed25519PublicKey, Ed448PublicKey, EllipticCurvePublicKey, RSAPublicKey]
+    ) -> bool: ...
+    @abstractmethod
+    def public_bytes(self, encoding: Encoding) -> bytes: ...
+
+class CertificateRevocationListBuilder(object):
+    def add_extension(self, extension: ExtensionType, critical: bool) -> CertificateRevocationListBuilder: ...
+    def add_revoked_certificate(self, revoked_certificate: RevokedCertificate) -> CertificateRevocationListBuilder: ...
+    def issuer_name(self, name: Name) -> CertificateRevocationListBuilder: ...
+    def last_update(self, time: datetime.datetime) -> CertificateRevocationListBuilder: ...
+    def next_update(self, time: datetime.datetime) -> CertificateRevocationListBuilder: ...
+    def sign(
+        self,
+        private_key: Union[DSAPrivateKey, Ed25519PrivateKey, Ed448PrivateKey, EllipticCurvePrivateKey, RSAPrivateKey],
+        algorithm: Optional[HashAlgorithm],
+        backend: X509Backend,
+    ) -> CertificateRevocationList: ...
+
+class CertificateSigningRequest(metaclass=ABCMeta):
+    extensions: Extensions
+    is_signature_valid: bool
+    signature: bytes
+    signature_algorithm_oid: ObjectIdentifier
+    signature_hash_algorithm: HashAlgorithm
+    subject: Name
+    tbs_certrequest_bytes: bytes
+    @abstractmethod
+    def public_bytes(self) -> bytes: ...
+    @abstractmethod
+    def public_key(self) -> Union[DSAPublicKey, Ed25519PublicKey, Ed448PublicKey, EllipticCurvePublicKey, RSAPublicKey]: ...
+
+class CertificateSigningRequestBuilder(object):
+    def add_extension(self, extension: ExtensionType, critical: bool) -> CertificateSigningRequestBuilder: ...
+    def subject_name(self, name: Name) -> CertificateSigningRequestBuilder: ...
+    def sign(
+        self,
+        private_key: Union[DSAPrivateKey, Ed25519PrivateKey, Ed448PrivateKey, EllipticCurvePrivateKey, RSAPrivateKey],
+        algorithm: Optional[HashAlgorithm],
+        backend: X509Backend,
+    ) -> CertificateSigningRequest: ...
+
+class RevokedCertificate(metaclass=ABCMeta):
+    extensions: Extensions
+    revocation_date: datetime.datetime
+    serial_number: int
+
+class RevokedCertificateBuilder(object):
+    def add_extension(self, extension: ExtensionType, critical: bool) -> RevokedCertificateBuilder: ...
+    def build(self, backend: X509Backend) -> RevokedCertificate: ...
+    def revocation_date(self, time: datetime.datetime) -> RevokedCertificateBuilder: ...
+    def serial_number(self, serial_number: int) -> RevokedCertificateBuilder: ...
+
+# General Name Classes
+
+class GeneralName(metaclass=ABCMeta): ...
+
+class DirectoryName(GeneralName):
+    value: Name
+    def __init__(self, value: Name) -> None: ...
+
+class DNSName(GeneralName):
+    value: str
+    def __init__(self, value: str) -> None: ...
+
+class IPAddress(GeneralName):
+    value: Union[IPv4Address, IPv6Address, IPv4Network, IPv6Network]
+    def __init__(self, value: Union[IPv4Address, IPv6Address, IPv4Network, IPv6Network]) -> None: ...
+
+class OtherName(GeneralName):
+    type_id: ObjectIdentifier
+    value: bytes
+    def __init__(self, type_id: ObjectIdentifier, value: bytes) -> None: ...
+
+class RegisteredID(GeneralName):
+    value: ObjectIdentifier
+    def __init__(self, value: ObjectIdentifier) -> None: ...
+
+class RFC822Name(GeneralName):
+    value: str
+    def __init__(self, value: str) -> None: ...
+
+class UniformResourceIdentifier(GeneralName):
+    value: str
+    def __init__(self, value: str) -> None: ...
+
+# X.509 Extensions
+
+class Extension(object):
+    critical: bool
+    oid: ExtensionOID
+    value: ExtensionType
+
+class ExtensionType(metaclass=ABCMeta):
+    oid: ExtensionOID
+
+class Extensions(object):
+    def __init__(self, general_names: List[Extension]) -> None: ...
+    def __iter__(self) -> Generator[Extension, None, None]: ...
+    def get_extension_for_oid(self, oid: ObjectIdentifier) -> Extension: ...
+    def get_extension_for_class(self, extclass: ExtensionType) -> Extension: ...
+
+class IssuerAlternativeName(ExtensionType):
+    def __init__(self, general_names: List[GeneralName]) -> None: ...
+    def __iter__(self) -> Generator[GeneralName, None, None]: ...
+
+class SubjectAlternativeName(ExtensionType):
+    def __init__(self, general_names: List[GeneralName]) -> None: ...
+    def __iter__(self) -> Generator[GeneralName, None, None]: ...
+
+def load_der_x509_certificate(data: bytes, backend: X509Backend) -> Certificate: ...
+def load_pem_x509_certificate(data: bytes, backend: X509Backend) -> Certificate: ...
+def load_der_x509_crl(data: bytes, backend: X509Backend) -> CertificateRevocationList: ...
+def load_pem_x509_crl(data: bytes, backend: X509Backend) -> CertificateRevocationList: ...
+def load_der_x509_csr(data: bytes, backend: X509Backend) -> CertificateSigningRequest: ...
+def load_pem_x509_csr(data: bytes, backend: X509Backend) -> CertificateSigningRequest: ...
+def __getattr__(name: str) -> Any: ...  # incomplete