From 5c07d7a87c54a8532b49ba41febe8d526e5734d8 Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Wed, 23 Jan 2019 22:00:14 -0500 Subject: Fixes #4734 -- Deal with deprecated things (#4736) * Fixes #4734 -- Deal with deprecated things - Make year based aliases of PersistentlyDeprecated so we can easily assess age - Removed encode/decode rfc6979 signature - Removed Certificate.serial * Unused import --- CHANGELOG.rst | 12 ++++++++++++ src/cryptography/hazmat/backends/openssl/utils.py | 2 +- src/cryptography/hazmat/backends/openssl/x509.py | 10 ---------- .../hazmat/primitives/asymmetric/utils.py | 22 ---------------------- .../hazmat/primitives/constant_time.py | 2 +- src/cryptography/utils.py | 5 ++--- src/cryptography/x509/general_name.py | 6 +++--- tests/hazmat/primitives/test_asym_utils.py | 13 +------------ tests/x509/test_x509.py | 21 --------------------- tests/x509/test_x509_ext.py | 12 ++++++------ 10 files changed, 26 insertions(+), 79 deletions(-) diff --git a/CHANGELOG.rst b/CHANGELOG.rst index cbf032eb..5a6d4b54 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -8,6 +8,18 @@ Changelog .. note:: This version is not yet released and is under active development. +* **BACKWARDS INCOMPATIBLE:** Removed + ``cryptography.hazmat.primitives.asymmetric.utils.encode_rfc6979_signature`` + and + ``cryptography.hazmat.primitives.asymmetric.utils.decode_rfc6979_signature``, + which had been deprecated for nearly 4 years. Use + :func:`~cryptography.hazmat.primitives.asymmetric.utils.encode_dss_signature` + and + :func:`~cryptography.hazmat.primitives.asymmetric.utils.decode_dss_signature` + instead. +* **BACKWARDS INCOMPATIBLE**: Removed ``cryptography.x509.Certificate.serial``, + which had been deprecated for nearly 3 years. Use + :attr:`~cryptography.x509.Certificate.serial_number` instead. .. _v2-5: diff --git a/src/cryptography/hazmat/backends/openssl/utils.py b/src/cryptography/hazmat/backends/openssl/utils.py index 363f3d2c..ee472c0e 100644 --- a/src/cryptography/hazmat/backends/openssl/utils.py +++ b/src/cryptography/hazmat/backends/openssl/utils.py @@ -64,6 +64,6 @@ def _warn_sign_verify_deprecated(): warnings.warn( "signer and verifier have been deprecated. Please use sign " "and verify instead.", - utils.PersistentlyDeprecated, + utils.PersistentlyDeprecated2017, stacklevel=3 ) diff --git a/src/cryptography/hazmat/backends/openssl/x509.py b/src/cryptography/hazmat/backends/openssl/x509.py index ac1838c6..b3eb797d 100644 --- a/src/cryptography/hazmat/backends/openssl/x509.py +++ b/src/cryptography/hazmat/backends/openssl/x509.py @@ -6,7 +6,6 @@ from __future__ import absolute_import, division, print_function import datetime import operator -import warnings from cryptography import utils, x509 from cryptography.exceptions import UnsupportedAlgorithm @@ -62,15 +61,6 @@ class _Certificate(object): "{0} is not a valid X509 version".format(version), version ) - @property - def serial(self): - warnings.warn( - "Certificate serial is deprecated, use serial_number instead.", - utils.PersistentlyDeprecated, - stacklevel=2 - ) - return self.serial_number - @property def serial_number(self): asn1_int = self._backend._lib.X509_get_serialNumber(self._x509) diff --git a/src/cryptography/hazmat/primitives/asymmetric/utils.py b/src/cryptography/hazmat/primitives/asymmetric/utils.py index ef1e7eb9..274c1f41 100644 --- a/src/cryptography/hazmat/primitives/asymmetric/utils.py +++ b/src/cryptography/hazmat/primitives/asymmetric/utils.py @@ -4,8 +4,6 @@ from __future__ import absolute_import, division, print_function -import warnings - from asn1crypto.algos import DSASignature import six @@ -14,31 +12,11 @@ from cryptography import utils from cryptography.hazmat.primitives import hashes -def decode_rfc6979_signature(signature): - warnings.warn( - "decode_rfc6979_signature is deprecated and will " - "be removed in a future version, use decode_dss_signature instead.", - utils.PersistentlyDeprecated, - stacklevel=2 - ) - return decode_dss_signature(signature) - - def decode_dss_signature(signature): data = DSASignature.load(signature, strict=True).native return data['r'], data['s'] -def encode_rfc6979_signature(r, s): - warnings.warn( - "encode_rfc6979_signature is deprecated and will " - "be removed in a future version, use encode_dss_signature instead.", - utils.PersistentlyDeprecated, - stacklevel=2 - ) - return encode_dss_signature(r, s) - - def encode_dss_signature(r, s): if ( not isinstance(r, six.integer_types) or diff --git a/src/cryptography/hazmat/primitives/constant_time.py b/src/cryptography/hazmat/primitives/constant_time.py index 0e987ea7..99a114e2 100644 --- a/src/cryptography/hazmat/primitives/constant_time.py +++ b/src/cryptography/hazmat/primitives/constant_time.py @@ -23,7 +23,7 @@ else: "Support for your Python version is deprecated. The next version of " "cryptography will remove support. Please upgrade to a 2.7.x " "release that supports hmac.compare_digest as soon as possible.", - utils.DeprecatedIn23, + utils.PersistentlyDeprecated2018, ) def bytes_eq(a, b): diff --git a/src/cryptography/utils.py b/src/cryptography/utils.py index cbbae3a7..567600fb 100644 --- a/src/cryptography/utils.py +++ b/src/cryptography/utils.py @@ -20,9 +20,8 @@ class CryptographyDeprecationWarning(UserWarning): # Several APIs were deprecated with no specific end-of-life date because of the # ubiquity of their use. They should not be removed until we agree on when that # cycle ends. -PersistentlyDeprecated = CryptographyDeprecationWarning -DeprecatedIn21 = CryptographyDeprecationWarning -DeprecatedIn23 = CryptographyDeprecationWarning +PersistentlyDeprecated2017 = CryptographyDeprecationWarning +PersistentlyDeprecated2018 = CryptographyDeprecationWarning DeprecatedIn25 = CryptographyDeprecationWarning diff --git a/src/cryptography/x509/general_name.py b/src/cryptography/x509/general_name.py index 1b0f8c8f..fef29c8c 100644 --- a/src/cryptography/x509/general_name.py +++ b/src/cryptography/x509/general_name.py @@ -72,7 +72,7 @@ class RFC822Name(object): "This means unicode characters should be encoded via " "idna. Support for passing unicode strings (aka U-label) " "will be removed in a future version.", - utils.DeprecatedIn21, + utils.PersistentlyDeprecated2017, stacklevel=2, ) else: @@ -139,7 +139,7 @@ class DNSName(object): "This means unicode characters should be encoded via " "idna. Support for passing unicode strings (aka U-label) " "will be removed in a future version.", - utils.DeprecatedIn21, + utils.PersistentlyDeprecated2017, stacklevel=2, ) else: @@ -184,7 +184,7 @@ class UniformResourceIdentifier(object): "This means unicode characters should be encoded via " "idna. Support for passing unicode strings (aka U-label) " " will be removed in a future version.", - utils.DeprecatedIn21, + utils.PersistentlyDeprecated2017, stacklevel=2, ) else: diff --git a/tests/hazmat/primitives/test_asym_utils.py b/tests/hazmat/primitives/test_asym_utils.py index fc9e9fd8..d817c651 100644 --- a/tests/hazmat/primitives/test_asym_utils.py +++ b/tests/hazmat/primitives/test_asym_utils.py @@ -7,19 +7,8 @@ from __future__ import absolute_import, division, print_function import pytest from cryptography.hazmat.primitives.asymmetric.utils import ( - Prehashed, decode_dss_signature, decode_rfc6979_signature, - encode_dss_signature, encode_rfc6979_signature, + Prehashed, decode_dss_signature, encode_dss_signature ) -from cryptography.utils import CryptographyDeprecationWarning - - -def test_deprecated_rfc6979_signature(): - with pytest.warns(CryptographyDeprecationWarning): - sig = encode_rfc6979_signature(1, 1) - assert sig == b"0\x06\x02\x01\x01\x02\x01\x01" - with pytest.warns(CryptographyDeprecationWarning): - decoded = decode_rfc6979_signature(sig) - assert decoded == (1, 1) def test_dss_signature(): diff --git a/tests/x509/test_x509.py b/tests/x509/test_x509.py index c8c863fb..1ead5947 100644 --- a/tests/x509/test_x509.py +++ b/tests/x509/test_x509.py @@ -609,27 +609,6 @@ class TestRSACertificate(object): SignatureAlgorithmOID._RSA_WITH_SHA1 ) - def test_cert_serial_number(self, backend): - cert = _load_cert( - os.path.join("x509", "PKITS_data", "certs", "GoodCACert.crt"), - x509.load_der_x509_certificate, - backend - ) - - with pytest.warns(utils.CryptographyDeprecationWarning): - assert cert.serial == 2 - assert cert.serial_number == 2 - - def test_cert_serial_warning(self, backend): - cert = _load_cert( - os.path.join("x509", "PKITS_data", "certs", "GoodCACert.crt"), - x509.load_der_x509_certificate, - backend - ) - - with pytest.warns(utils.CryptographyDeprecationWarning): - cert.serial - def test_load_der_cert(self, backend): cert = _load_cert( os.path.join("x509", "PKITS_data", "certs", "GoodCACert.crt"), diff --git a/tests/x509/test_x509_ext.py b/tests/x509/test_x509_ext.py index 6de105fa..6cf388da 100644 --- a/tests/x509/test_x509_ext.py +++ b/tests/x509/test_x509_ext.py @@ -1673,11 +1673,11 @@ class TestKeyUsageExtension(object): class TestDNSName(object): def test_init_deprecated(self): pytest.importorskip("idna") - with pytest.warns(utils.DeprecatedIn21): + with pytest.warns(utils.CryptographyDeprecationWarning): name = x509.DNSName(u".\xf5\xe4\xf6\xfc.example.com") assert name.value == u".xn--4ca7aey.example.com" - with pytest.warns(utils.DeprecatedIn21): + with pytest.warns(utils.CryptographyDeprecationWarning): name = x509.DNSName(u"\xf5\xe4\xf6\xfc.example.com") assert name.value == u"xn--4ca7aey.example.com" @@ -1792,7 +1792,7 @@ class TestRFC822Name(object): def test_idna(self): pytest.importorskip("idna") - with pytest.warns(utils.DeprecatedIn21): + with pytest.warns(utils.CryptographyDeprecationWarning): gn = x509.RFC822Name(u"email@em\xe5\xefl.com") assert gn.value == u"email@xn--eml-vla4c.com" @@ -1832,7 +1832,7 @@ class TestUniformResourceIdentifier(object): def test_idna_no_port(self): pytest.importorskip("idna") - with pytest.warns(utils.DeprecatedIn21): + with pytest.warns(utils.CryptographyDeprecationWarning): gn = x509.UniformResourceIdentifier( u"http://\u043f\u044b\u043a\u0430.cryptography" ) @@ -1841,7 +1841,7 @@ class TestUniformResourceIdentifier(object): def test_idna_with_port(self): pytest.importorskip("idna") - with pytest.warns(utils.DeprecatedIn21): + with pytest.warns(utils.CryptographyDeprecationWarning): gn = x509.UniformResourceIdentifier( u"gopher://\u043f\u044b\u043a\u0430.cryptography:70/some/path" ) @@ -1856,7 +1856,7 @@ class TestUniformResourceIdentifier(object): def test_query_and_fragment(self): pytest.importorskip("idna") - with pytest.warns(utils.DeprecatedIn21): + with pytest.warns(utils.CryptographyDeprecationWarning): gn = x509.UniformResourceIdentifier( u"ldap://\u043f\u044b\u043a\u0430.cryptography:90/path?query=" u"true#somedata" -- cgit v1.2.3