diff --git a/gimmecert/crypto.py b/gimmecert/crypto.py index 88862dfb76678da44f42f488fd42904ad2308830..edfb7b09f55e713ea7122c065dafd786966a8d7a 100644 --- a/gimmecert/crypto.py +++ b/gimmecert/crypto.py @@ -75,7 +75,8 @@ class KeyGenerator: instance creation). :returns: Private key. - :rtype: cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKey or cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKey + :rtype: cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKey or + cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKey """ if self._algorithm == "rsa": @@ -166,10 +167,12 @@ def issue_certificate(issuer_dn, subject_dn, signing_key, public_key, not_before :type subject_dn: cryptography.x509.Name :param signing_key: Private key belonging to entity associated with passed-in issuer_dn. Used for signing the certificate data. - :type signing_key: cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKey + :type signing_key: cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKey or + cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKey :param public_key: Public key belonging to entity associated with passed-in subject_dn. Used as part of certificate to denote its owner. - :type public_key: cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicKey + :type public_key: cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicKey or + cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKey :param not_before: Beginning of certifiate validity. :type datetime.datetime.: @@ -216,7 +219,8 @@ def generate_ca_hierarchy(base_name, depth, key_generator): :type base_name: str :param key_generator: Callable for generating private keys. - :type key_generator: callable[[], cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKey] + :type key_generator: callable[[], cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKey or + cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKey] :returns: List of CA private key and certificate pairs, starting with the level 1 (root) CA, and ending with the leaf CA. :rtype: list[(cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKey or @@ -269,10 +273,12 @@ def issue_server_certificate(name, public_key, issuer_private_key, issuer_certif :type name: str :param public_key: Public key of the server end entity. - :type public_key: cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicKey + :type public_key: cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicKey or + cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKey :param issuer_private_key: Private key of the issuer to use for signing the server certificate structure. - :type issuer_private_key: cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKey + :type issuer_private_key: cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKey or + cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKey :param issuer_certificate: Certificate of certificate issuer. Naming and validity constraints will be applied based on its content. :type issuer_certificate: cryptography.x509.Certificate @@ -336,10 +342,12 @@ def issue_client_certificate(name, public_key, issuer_private_key, issuer_certif :type name: str :param public_key: Public key of the server end entity. - :type public_key: cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicKey + :type public_key: cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicKey or + cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKey :param issuer_private_key: Private key of the issuer to use for signing the client certificate structure. - :type issuer_private_key: cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKey + :type issuer_private_key: cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKey or + cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKey :param issuer_certificate: Certificate of certificate issuer. Naming and validity constraints will be applied based on its content. :type issuer_certificate: cryptography.x509.Certificate @@ -388,10 +396,12 @@ def renew_certificate(old_certificate, public_key, issuer_private_key, issuer_ce :type old_certificate: cryptography.x509.Certificate :param public_key: Public key to use in resulting certificate. Allows replacement of public key in new certificate. - :type public_key: cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicKey + :type public_key: cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicKey or + cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKey :param issuer_private_key: Private key of the issuer to use for signing the certificate structure. - :type issuer_private_key: cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKey + :type issuer_private_key: cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKey or + cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKey :param issuer_certificate: Certificate of certificate issuer. Naming and validity constraints will be applied based on its content. :type issuer_certificate: cryptography.x509.Certificate @@ -427,7 +437,8 @@ def generate_csr(name, private_key): :type name: str or cryptography.x509.Name :param private_key: Private key of end entity to use for signing the CSR. - :type private_key: cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKey + :type private_key: cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKey or + cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKey :returns: Certificate signing request with specified naming signed with passed-in private key. :rtype: cryptography.x509.CertificateSigningRequest @@ -456,11 +467,12 @@ def key_specification_from_public_key(public_key): from the passed-in public key. Key specification can be used for generating the private keys via KeyGenerator instances. - :param public_key: Public - :type public_key: cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicKey + :param public_key: Public key from which to derive the key specification. + :type public_key: cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicKey or + cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKey :returns: Key algorithm and parameter(s) for generating same type of keys as the passed-in public key. - :rtype: tuple(str, int or cryptography.hazmat.primitives.asymmetric.ec.EllipticCurve) + :rtype: tuple(str, int) or cryptography.hazmat.primitives.asymmetric.ec.EllipticCurve) :raises ValueError: If algorithm/parameters could not be derived from the passed-in public key. """