From d252e4aae932ed0c37aa72ee7c752038d0d2b476 Mon Sep 17 00:00:00 2001
From: Vasily Zakharov <vmzakhar@gmail.com>
Date: Mon, 30 Nov 2020 14:43:59 +0300
Subject: [PATCH] Some missing stubs for cryptography.x509 (#4761)

---
 .../hazmat/primitives/ciphers/__init__.pyi    |   2 +-
 .../primitives/serialization/__init__.pyi     |  35 ++++--
 .../primitives/serialization/pkcs12.pyi       |   8 +-
 .../{x509.pyi => x509/__init__.pyi}           |  14 ++-
 .../2and3/cryptography/x509/extensions.pyi    |  22 ++++
 third_party/2and3/cryptography/x509/oid.pyi   | 106 ++++++++++++++++++
 6 files changed, 174 insertions(+), 13 deletions(-)
 rename third_party/2and3/cryptography/{x509.pyi => x509/__init__.pyi} (97%)
 create mode 100644 third_party/2and3/cryptography/x509/extensions.pyi
 create mode 100644 third_party/2and3/cryptography/x509/oid.pyi

diff --git a/third_party/2and3/cryptography/hazmat/primitives/ciphers/__init__.pyi b/third_party/2and3/cryptography/hazmat/primitives/ciphers/__init__.pyi
index 9eadced95..08f4c7467 100644
--- a/third_party/2and3/cryptography/hazmat/primitives/ciphers/__init__.pyi
+++ b/third_party/2and3/cryptography/hazmat/primitives/ciphers/__init__.pyi
@@ -41,4 +41,4 @@ class CipherContext(metaclass=ABCMeta):
     @abstractmethod
     def update(self, data: bytes) -> bytes: ...
     @abstractmethod
-    def update_into(self, data: bytes, buf) -> int: ...
+    def update_into(self, data: bytes, buf: bytearray) -> int: ...
diff --git a/third_party/2and3/cryptography/hazmat/primitives/serialization/__init__.pyi b/third_party/2and3/cryptography/hazmat/primitives/serialization/__init__.pyi
index 4a8062167..bb4973f96 100644
--- a/third_party/2and3/cryptography/hazmat/primitives/serialization/__init__.pyi
+++ b/third_party/2and3/cryptography/hazmat/primitives/serialization/__init__.pyi
@@ -1,14 +1,35 @@
 from abc import ABCMeta
 from enum import Enum
-from typing import Optional
+from typing import Optional, Union
 
-from cryptography.hazmat.backends.interfaces import DERSerializationBackend, PEMSerializationBackend
+from cryptography.hazmat.backends.interfaces import (
+    DERSerializationBackend,
+    DSABackend,
+    EllipticCurveBackend,
+    PEMSerializationBackend,
+    RSABackend,
+)
+from cryptography.hazmat.primitives.asymmetric.dh import DHPrivateKey, DHPublicKey
+from cryptography.hazmat.primitives.asymmetric.dsa import DSAPrivateKey, DSAPublicKey
+from cryptography.hazmat.primitives.asymmetric.ec import EllipticCurvePrivateKey, EllipticCurvePublicKey
+from cryptography.hazmat.primitives.asymmetric.ed25519 import Ed25519PublicKey
+from cryptography.hazmat.primitives.asymmetric.rsa import RSAPrivateKey, RSAPublicKey
 
-def load_pem_private_key(data: bytes, password: Optional[bytes], backend: Optional[PEMSerializationBackend] = ...): ...
-def load_pem_public_key(data: bytes, backend: Optional[PEMSerializationBackend] = ...): ...
-def load_der_private_key(data: bytes, password: Optional[bytes], backend: Optional[DERSerializationBackend] = ...): ...
-def load_der_public_key(data: bytes, backend: Optional[DERSerializationBackend] = ...): ...
-def load_ssh_public_key(data: bytes, backend): ...
+def load_pem_private_key(
+    data: bytes, password: Optional[bytes], backend: Optional[PEMSerializationBackend] = ...
+) -> Union[RSAPrivateKey, DSAPrivateKey, DHPrivateKey, EllipticCurvePrivateKey]: ...
+def load_pem_public_key(
+    data: bytes, backend: Optional[PEMSerializationBackend] = ...
+) -> Union[RSAPublicKey, DSAPublicKey, DHPublicKey, EllipticCurvePublicKey]: ...
+def load_der_private_key(
+    data: bytes, password: Optional[bytes], backend: Optional[DERSerializationBackend] = ...
+) -> Union[RSAPrivateKey, DSAPrivateKey, DHPrivateKey, EllipticCurvePrivateKey]: ...
+def load_der_public_key(
+    data: bytes, backend: Optional[DERSerializationBackend] = ...
+) -> Union[RSAPublicKey, DSAPublicKey, DHPublicKey, EllipticCurvePublicKey]: ...
+def load_ssh_public_key(
+    data: bytes, backend: Union[RSABackend, DSABackend, EllipticCurveBackend, None]
+) -> Union[RSAPublicKey, DSAPublicKey, DHPublicKey, EllipticCurvePublicKey, Ed25519PublicKey]: ...
 
 class Encoding(Enum):
     PEM: str
diff --git a/third_party/2and3/cryptography/hazmat/primitives/serialization/pkcs12.pyi b/third_party/2and3/cryptography/hazmat/primitives/serialization/pkcs12.pyi
index 107d06210..745f05251 100644
--- a/third_party/2and3/cryptography/hazmat/primitives/serialization/pkcs12.pyi
+++ b/third_party/2and3/cryptography/hazmat/primitives/serialization/pkcs12.pyi
@@ -1,3 +1,7 @@
-from typing import Any, Optional
+from typing import Any, List, Optional, Tuple
 
-def load_key_and_certificates(data: bytes, password: Optional[bytes], backend: Optional[Any] = ...): ...
+from cryptography.x509 import Certificate
+
+def load_key_and_certificates(
+    data: bytes, password: Optional[bytes], backend: Optional[Any] = ...
+) -> Tuple[Optional[Any], Optional[Certificate], List[Certificate]]: ...
diff --git a/third_party/2and3/cryptography/x509.pyi b/third_party/2and3/cryptography/x509/__init__.pyi
similarity index 97%
rename from third_party/2and3/cryptography/x509.pyi
rename to third_party/2and3/cryptography/x509/__init__.pyi
index 355072482..316e0ecc7 100644
--- a/third_party/2and3/cryptography/x509.pyi
+++ b/third_party/2and3/cryptography/x509/__init__.pyi
@@ -290,11 +290,19 @@ class Extension(Generic[_T]):
     value: _T
 
 class Extensions(object):
-    def __init__(self, general_names: List[Extension]) -> None: ...
-    def __iter__(self) -> Generator[Extension, None, None]: ...
-    def get_extension_for_oid(self, oid: ObjectIdentifier) -> Extension: ...
+    def __init__(self, general_names: List[Extension[Any]]) -> None: ...
+    def __iter__(self) -> Generator[Extension[Any], None, None]: ...
+    def get_extension_for_oid(self, oid: ObjectIdentifier) -> Extension[Any]: ...
     def get_extension_for_class(self, extclass: Type[_T]) -> Extension[_T]: ...
 
+class DuplicateExtension(Exception):
+    oid: ObjectIdentifier
+    def __init__(self, msg: str, oid: ObjectIdentifier) -> None: ...
+
+class ExtensionNotFound(Exception):
+    oid: ObjectIdentifier
+    def __init__(self, msg: str, oid: ObjectIdentifier) -> None: ...
+
 class IssuerAlternativeName(ExtensionType):
     def __init__(self, general_names: List[GeneralName]) -> None: ...
     def __iter__(self) -> Generator[GeneralName, None, None]: ...
diff --git a/third_party/2and3/cryptography/x509/extensions.pyi b/third_party/2and3/cryptography/x509/extensions.pyi
new file mode 100644
index 000000000..a9b2ad08b
--- /dev/null
+++ b/third_party/2and3/cryptography/x509/extensions.pyi
@@ -0,0 +1,22 @@
+from typing import Any, Iterator
+
+from cryptography.x509 import GeneralName, ObjectIdentifier
+
+class Extension:
+    value: Any = ...
+
+class GeneralNames:
+    def __iter__(self) -> Iterator[GeneralName]: ...
+
+class DistributionPoint:
+    full_name: GeneralNames = ...
+
+class CRLDistributionPoints:
+    def __iter__(self) -> Iterator[DistributionPoint]: ...
+
+class AccessDescription:
+    access_method: ObjectIdentifier = ...
+    access_location: GeneralName = ...
+
+class AuthorityInformationAccess:
+    def __iter__(self) -> Iterator[AccessDescription]: ...
diff --git a/third_party/2and3/cryptography/x509/oid.pyi b/third_party/2and3/cryptography/x509/oid.pyi
new file mode 100644
index 000000000..5168feedd
--- /dev/null
+++ b/third_party/2and3/cryptography/x509/oid.pyi
@@ -0,0 +1,106 @@
+from typing import Dict, Optional
+
+from cryptography.hazmat.primitives.hashes import HashAlgorithm
+from cryptography.x509 import ObjectIdentifier
+
+class ExtensionOID:
+    SUBJECT_DIRECTORY_ATTRIBUTES: ObjectIdentifier = ...
+    SUBJECT_KEY_IDENTIFIER: ObjectIdentifier = ...
+    KEY_USAGE: ObjectIdentifier = ...
+    SUBJECT_ALTERNATIVE_NAME: ObjectIdentifier = ...
+    ISSUER_ALTERNATIVE_NAME: ObjectIdentifier = ...
+    BASIC_CONSTRAINTS: ObjectIdentifier = ...
+    NAME_CONSTRAINTS: ObjectIdentifier = ...
+    CRL_DISTRIBUTION_POINTS: ObjectIdentifier = ...
+    CERTIFICATE_POLICIES: ObjectIdentifier = ...
+    POLICY_MAPPINGS: ObjectIdentifier = ...
+    AUTHORITY_KEY_IDENTIFIER: ObjectIdentifier = ...
+    POLICY_CONSTRAINTS: ObjectIdentifier = ...
+    EXTENDED_KEY_USAGE: ObjectIdentifier = ...
+    FRESHEST_CRL: ObjectIdentifier = ...
+    INHIBIT_ANY_POLICY: ObjectIdentifier = ...
+    ISSUING_DISTRIBUTION_POINT: ObjectIdentifier = ...
+    AUTHORITY_INFORMATION_ACCESS: ObjectIdentifier = ...
+    SUBJECT_INFORMATION_ACCESS: ObjectIdentifier = ...
+    OCSP_NO_CHECK: ObjectIdentifier = ...
+    TLS_FEATURE: ObjectIdentifier = ...
+    CRL_NUMBER: ObjectIdentifier = ...
+    DELTA_CRL_INDICATOR: ObjectIdentifier = ...
+    PRECERT_SIGNED_CERTIFICATE_TIMESTAMPS: ObjectIdentifier = ...
+    PRECERT_POISON: ObjectIdentifier = ...
+
+class OCSPExtensionOID:
+    NONCE: ObjectIdentifier = ...
+
+class CRLEntryExtensionOID:
+    CERTIFICATE_ISSUER: ObjectIdentifier = ...
+    CRL_REASON: ObjectIdentifier = ...
+    INVALIDITY_DATE: ObjectIdentifier = ...
+
+class NameOID:
+    COMMON_NAME: ObjectIdentifier = ...
+    COUNTRY_NAME: ObjectIdentifier = ...
+    LOCALITY_NAME: ObjectIdentifier = ...
+    STATE_OR_PROVINCE_NAME: ObjectIdentifier = ...
+    STREET_ADDRESS: ObjectIdentifier = ...
+    ORGANIZATION_NAME: ObjectIdentifier = ...
+    ORGANIZATIONAL_UNIT_NAME: ObjectIdentifier = ...
+    SERIAL_NUMBER: ObjectIdentifier = ...
+    SURNAME: ObjectIdentifier = ...
+    GIVEN_NAME: ObjectIdentifier = ...
+    TITLE: ObjectIdentifier = ...
+    GENERATION_QUALIFIER: ObjectIdentifier = ...
+    X500_UNIQUE_IDENTIFIER: ObjectIdentifier = ...
+    DN_QUALIFIER: ObjectIdentifier = ...
+    PSEUDONYM: ObjectIdentifier = ...
+    USER_ID: ObjectIdentifier = ...
+    DOMAIN_COMPONENT: ObjectIdentifier = ...
+    EMAIL_ADDRESS: ObjectIdentifier = ...
+    JURISDICTION_COUNTRY_NAME: ObjectIdentifier = ...
+    JURISDICTION_LOCALITY_NAME: ObjectIdentifier = ...
+    JURISDICTION_STATE_OR_PROVINCE_NAME: ObjectIdentifier = ...
+    BUSINESS_CATEGORY: ObjectIdentifier = ...
+    POSTAL_ADDRESS: ObjectIdentifier = ...
+    POSTAL_CODE: ObjectIdentifier = ...
+
+class SignatureAlgorithmOID:
+    RSA_WITH_MD5: ObjectIdentifier = ...
+    RSA_WITH_SHA1: ObjectIdentifier = ...
+    _RSA_WITH_SHA1: ObjectIdentifier = ...
+    RSA_WITH_SHA224: ObjectIdentifier = ...
+    RSA_WITH_SHA256: ObjectIdentifier = ...
+    RSA_WITH_SHA384: ObjectIdentifier = ...
+    RSA_WITH_SHA512: ObjectIdentifier = ...
+    RSASSA_PSS: ObjectIdentifier = ...
+    ECDSA_WITH_SHA1: ObjectIdentifier = ...
+    ECDSA_WITH_SHA224: ObjectIdentifier = ...
+    ECDSA_WITH_SHA256: ObjectIdentifier = ...
+    ECDSA_WITH_SHA384: ObjectIdentifier = ...
+    ECDSA_WITH_SHA512: ObjectIdentifier = ...
+    DSA_WITH_SHA1: ObjectIdentifier = ...
+    DSA_WITH_SHA224: ObjectIdentifier = ...
+    DSA_WITH_SHA256: ObjectIdentifier = ...
+    ED25519: ObjectIdentifier = ...
+    ED448: ObjectIdentifier = ...
+
+class ExtendedKeyUsageOID:
+    SERVER_AUTH: ObjectIdentifier = ...
+    CLIENT_AUTH: ObjectIdentifier = ...
+    CODE_SIGNING: ObjectIdentifier = ...
+    EMAIL_PROTECTION: ObjectIdentifier = ...
+    TIME_STAMPING: ObjectIdentifier = ...
+    OCSP_SIGNING: ObjectIdentifier = ...
+    ANY_EXTENDED_KEY_USAGE: ObjectIdentifier = ...
+
+class AuthorityInformationAccessOID:
+    CA_ISSUERS: ObjectIdentifier = ...
+    OCSP: ObjectIdentifier = ...
+
+class CertificatePoliciesOID:
+    CPS_QUALIFIER: ObjectIdentifier = ...
+    CPS_USER_NOTICE: ObjectIdentifier = ...
+    ANY_POLICY: ObjectIdentifier = ...
+
+_OID_NAMES: Dict[ObjectIdentifier, str] = ...
+
+_SIG_OIDS_TO_HASH: Dict[ObjectIdentifier, Optional[HashAlgorithm]] = ...