diff options
| author | Alex Gaynor <alex.gaynor@gmail.com> | 2020-04-05 21:00:55 -0400 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-04-05 20:00:55 -0500 |
| commit | 3b2102af549c1095d5478bb1243ee4cf76b9762b (patch) | |
| tree | 3bfb4c6e1dc5f56566a4428803698923c77bc9bf | |
| parent | e94a9f493b208b83982ff2378272879e74829f4f (diff) | |
| download | cryptography-3b2102af549c1095d5478bb1243ee4cf76b9762b.tar.gz cryptography-3b2102af549c1095d5478bb1243ee4cf76b9762b.tar.bz2 cryptography-3b2102af549c1095d5478bb1243ee4cf76b9762b.zip | |
Removed deprecated behavior in AKI.from_issuer_subject_key_identifier (#5182)
| -rw-r--r-- | CHANGELOG.rst | 5 | ||||
| -rw-r--r-- | docs/x509/reference.rst | 4 | ||||
| -rw-r--r-- | src/cryptography/utils.py | 1 | ||||
| -rw-r--r-- | src/cryptography/x509/extensions.py | 16 | ||||
| -rw-r--r-- | tests/x509/test_x509_ext.py | 7 |
5 files changed, 8 insertions, 25 deletions
diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 0f31c61c..cb8cd281 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -10,6 +10,11 @@ Changelog .. _v2-9: +* **BACKWARDS INCOMPATIBLE:** Removed support for passing an + :class:`~cryptography.x509.Extension` instance to + :meth:`~cryptography.x509.AuthorityKeyIdentifier.from_issuer_subject_key_identifier`, + as per our deprecation policy. + 2.9 - 2020-04-02 ~~~~~~~~~~~~~~~~ diff --git a/docs/x509/reference.rst b/docs/x509/reference.rst index 0bac61eb..fac2a351 100644 --- a/docs/x509/reference.rst +++ b/docs/x509/reference.rst @@ -1936,8 +1936,8 @@ X.509 Extensions >>> from cryptography import x509 >>> from cryptography.hazmat.backends import default_backend >>> issuer_cert = x509.load_pem_x509_certificate(pem_data, default_backend()) - >>> ski = issuer_cert.extensions.get_extension_for_class(x509.SubjectKeyIdentifier) - >>> x509.AuthorityKeyIdentifier.from_issuer_subject_key_identifier(ski) + >>> ski_ext = issuer_cert.extensions.get_extension_for_class(x509.SubjectKeyIdentifier) + >>> x509.AuthorityKeyIdentifier.from_issuer_subject_key_identifier(ski_ext.value) <AuthorityKeyIdentifier(key_identifier=b'X\x01\x84$\x1b\xbc+R\x94J=\xa5\x10r\x14Q\xf5\xaf:\xc9', authority_cert_issuer=None, authority_cert_serial_number=None)> .. class:: SubjectKeyIdentifier(digest) diff --git a/src/cryptography/utils.py b/src/cryptography/utils.py index 698b492d..ff4f81d2 100644 --- a/src/cryptography/utils.py +++ b/src/cryptography/utils.py @@ -22,7 +22,6 @@ class CryptographyDeprecationWarning(UserWarning): # cycle ends. PersistentlyDeprecated2017 = CryptographyDeprecationWarning PersistentlyDeprecated2019 = CryptographyDeprecationWarning -DeprecatedIn27 = CryptographyDeprecationWarning def _check_bytes(name, value): diff --git a/src/cryptography/x509/extensions.py b/src/cryptography/x509/extensions.py index ad90e9b7..1b96ffd7 100644 --- a/src/cryptography/x509/extensions.py +++ b/src/cryptography/x509/extensions.py @@ -8,7 +8,6 @@ import abc import datetime import hashlib import ipaddress -import warnings from enum import Enum import six @@ -213,21 +212,8 @@ class AuthorityKeyIdentifier(object): @classmethod def from_issuer_subject_key_identifier(cls, ski): - if isinstance(ski, SubjectKeyIdentifier): - digest = ski.digest - else: - digest = ski.value.digest - warnings.warn( - "Extension objects are deprecated as arguments to " - "from_issuer_subject_key_identifier and support will be " - "removed soon. Please migrate to passing a " - "SubjectKeyIdentifier directly.", - utils.DeprecatedIn27, - stacklevel=2, - ) - return cls( - key_identifier=digest, + key_identifier=ski.digest, authority_cert_issuer=None, authority_cert_serial_number=None ) diff --git a/tests/x509/test_x509_ext.py b/tests/x509/test_x509_ext.py index 10d217ab..19ce4363 100644 --- a/tests/x509/test_x509_ext.py +++ b/tests/x509/test_x509_ext.py @@ -3271,13 +3271,6 @@ class TestAuthorityKeyIdentifierExtension(object): ski_ext = issuer_cert.extensions.get_extension_for_class( x509.SubjectKeyIdentifier ) - # This was the incorrect arg we want to deprecate and remove - with pytest.warns(utils.CryptographyDeprecationWarning): - aki = x509.AuthorityKeyIdentifier.\ - from_issuer_subject_key_identifier(ski_ext) - assert ext.value == aki - - # Here's what we actually documented and want to do aki = x509.AuthorityKeyIdentifier.from_issuer_subject_key_identifier( ski_ext.value ) |