Fixes #4734 -- Deal with deprecated things (#4736)

* Fixes #4734 -- Deal with deprecated things

- Make year based aliases of PersistentlyDeprecated so we can easily assess age
- Removed encode/decode rfc6979 signature
- Removed Certificate.serial

* Unused import

10 files changed, 26 insertions, 79 deletions

diff --git a/CHANGELOG.rst b/CHANGELOG.rst
index cbf032eb..5a6d4b54 100644
--- a/CHANGELOG.rst
+++ b/CHANGELOG.rst
@@ -8,6 +8,18 @@ Changelog
 
 .. note:: This version is not yet released and is under active development.
 
+* **BACKWARDS INCOMPATIBLE:** Removed
+  ``cryptography.hazmat.primitives.asymmetric.utils.encode_rfc6979_signature``
+  and
+  ``cryptography.hazmat.primitives.asymmetric.utils.decode_rfc6979_signature``,
+  which had been deprecated for nearly 4 years. Use
+  :func:`~cryptography.hazmat.primitives.asymmetric.utils.encode_dss_signature`
+  and
+  :func:`~cryptography.hazmat.primitives.asymmetric.utils.decode_dss_signature`
+  instead.
+* **BACKWARDS INCOMPATIBLE**: Removed ``cryptography.x509.Certificate.serial``,
+  which had been deprecated for nearly 3 years. Use
+  :attr:`~cryptography.x509.Certificate.serial_number` instead.
 
 .. _v2-5:
 
diff --git a/src/cryptography/hazmat/backends/openssl/utils.py b/src/cryptography/hazmat/backends/openssl/utils.py
index 363f3d2c..ee472c0e 100644
--- a/src/cryptography/hazmat/backends/openssl/utils.py
+++ b/src/cryptography/hazmat/backends/openssl/utils.py
@@ -64,6 +64,6 @@ def _warn_sign_verify_deprecated():
     warnings.warn(
         "signer and verifier have been deprecated. Please use sign "
         "and verify instead.",
-        utils.PersistentlyDeprecated,
+        utils.PersistentlyDeprecated2017,
         stacklevel=3
     )
diff --git a/src/cryptography/hazmat/backends/openssl/x509.py b/src/cryptography/hazmat/backends/openssl/x509.py
index ac1838c6..b3eb797d 100644
--- a/src/cryptography/hazmat/backends/openssl/x509.py
+++ b/src/cryptography/hazmat/backends/openssl/x509.py
@@ -6,7 +6,6 @@ from __future__ import absolute_import, division, print_function
 
 import datetime
 import operator
-import warnings
 
 from cryptography import utils, x509
 from cryptography.exceptions import UnsupportedAlgorithm
@@ -63,15 +62,6 @@ class _Certificate(object):
             )
 
     @property
-    def serial(self):
-        warnings.warn(
-            "Certificate serial is deprecated, use serial_number instead.",
-            utils.PersistentlyDeprecated,
-            stacklevel=2
-        )
-        return self.serial_number
-
-    @property
     def serial_number(self):
         asn1_int = self._backend._lib.X509_get_serialNumber(self._x509)
         self._backend.openssl_assert(asn1_int != self._backend._ffi.NULL)
diff --git a/src/cryptography/hazmat/primitives/asymmetric/utils.py b/src/cryptography/hazmat/primitives/asymmetric/utils.py
index ef1e7eb9..274c1f41 100644
--- a/src/cryptography/hazmat/primitives/asymmetric/utils.py
+++ b/src/cryptography/hazmat/primitives/asymmetric/utils.py
@@ -4,8 +4,6 @@
 
 from __future__ import absolute_import, division, print_function
 
-import warnings
-
 from asn1crypto.algos import DSASignature
 
 import six
@@ -14,31 +12,11 @@ from cryptography import utils
 from cryptography.hazmat.primitives import hashes
 
 
-def decode_rfc6979_signature(signature):
-    warnings.warn(
-        "decode_rfc6979_signature is deprecated and will "
-        "be removed in a future version, use decode_dss_signature instead.",
-        utils.PersistentlyDeprecated,
-        stacklevel=2
-    )
-    return decode_dss_signature(signature)
-
-
 def decode_dss_signature(signature):
     data = DSASignature.load(signature, strict=True).native
     return data['r'], data['s']
 
 
-def encode_rfc6979_signature(r, s):
-    warnings.warn(
-        "encode_rfc6979_signature is deprecated and will "
-        "be removed in a future version, use encode_dss_signature instead.",
-        utils.PersistentlyDeprecated,
-        stacklevel=2
-    )
-    return encode_dss_signature(r, s)
-
-
 def encode_dss_signature(r, s):
     if (
         not isinstance(r, six.integer_types) or
diff --git a/src/cryptography/hazmat/primitives/constant_time.py b/src/cryptography/hazmat/primitives/constant_time.py
index 0e987ea7..99a114e2 100644
--- a/src/cryptography/hazmat/primitives/constant_time.py
+++ b/src/cryptography/hazmat/primitives/constant_time.py
@@ -23,7 +23,7 @@ else:
         "Support for your Python version is deprecated. The next version of "
         "cryptography will remove support. Please upgrade to a 2.7.x "
         "release that supports hmac.compare_digest as soon as possible.",
-        utils.DeprecatedIn23,
+        utils.PersistentlyDeprecated2018,
     )
 
     def bytes_eq(a, b):
diff --git a/src/cryptography/utils.py b/src/cryptography/utils.py
index cbbae3a7..567600fb 100644
--- a/src/cryptography/utils.py
+++ b/src/cryptography/utils.py
@@ -20,9 +20,8 @@ class CryptographyDeprecationWarning(UserWarning):
 # Several APIs were deprecated with no specific end-of-life date because of the
 # ubiquity of their use. They should not be removed until we agree on when that
 # cycle ends.
-PersistentlyDeprecated = CryptographyDeprecationWarning
-DeprecatedIn21 = CryptographyDeprecationWarning
-DeprecatedIn23 = CryptographyDeprecationWarning
+PersistentlyDeprecated2017 = CryptographyDeprecationWarning
+PersistentlyDeprecated2018 = CryptographyDeprecationWarning
 DeprecatedIn25 = CryptographyDeprecationWarning
 
 
diff --git a/src/cryptography/x509/general_name.py b/src/cryptography/x509/general_name.py
index 1b0f8c8f..fef29c8c 100644
--- a/src/cryptography/x509/general_name.py
+++ b/src/cryptography/x509/general_name.py
@@ -72,7 +72,7 @@ class RFC822Name(object):
                     "This means unicode characters should be encoded via "
                     "idna. Support for passing unicode strings (aka U-label) "
                     "will be removed in a future version.",
-                    utils.DeprecatedIn21,
+                    utils.PersistentlyDeprecated2017,
                     stacklevel=2,
                 )
         else:
@@ -139,7 +139,7 @@ class DNSName(object):
                     "This means unicode characters should be encoded via "
                     "idna. Support for passing unicode strings (aka U-label) "
                     "will be removed in a future version.",
-                    utils.DeprecatedIn21,
+                    utils.PersistentlyDeprecated2017,
                     stacklevel=2,
                 )
         else:
@@ -184,7 +184,7 @@ class UniformResourceIdentifier(object):
                     "This means unicode characters should be encoded via "
                     "idna. Support for passing unicode strings (aka U-label) "
                     " will be removed in a future version.",
-                    utils.DeprecatedIn21,
+                    utils.PersistentlyDeprecated2017,
                     stacklevel=2,
                 )
         else:
diff --git a/tests/hazmat/primitives/test_asym_utils.py b/tests/hazmat/primitives/test_asym_utils.py
index fc9e9fd8..d817c651 100644
--- a/tests/hazmat/primitives/test_asym_utils.py
+++ b/tests/hazmat/primitives/test_asym_utils.py
@@ -7,19 +7,8 @@ from __future__ import absolute_import, division, print_function
 import pytest
 
 from cryptography.hazmat.primitives.asymmetric.utils import (
-    Prehashed, decode_dss_signature, decode_rfc6979_signature,
-    encode_dss_signature, encode_rfc6979_signature,
+    Prehashed, decode_dss_signature, encode_dss_signature
 )
-from cryptography.utils import CryptographyDeprecationWarning
-
-
-def test_deprecated_rfc6979_signature():
-    with pytest.warns(CryptographyDeprecationWarning):
-        sig = encode_rfc6979_signature(1, 1)
-    assert sig == b"0\x06\x02\x01\x01\x02\x01\x01"
-    with pytest.warns(CryptographyDeprecationWarning):
-        decoded = decode_rfc6979_signature(sig)
-    assert decoded == (1, 1)
 
 
 def test_dss_signature():
diff --git a/tests/x509/test_x509.py b/tests/x509/test_x509.py
index c8c863fb..1ead5947 100644
--- a/tests/x509/test_x509.py
+++ b/tests/x509/test_x509.py
@@ -609,27 +609,6 @@ class TestRSACertificate(object):
             SignatureAlgorithmOID._RSA_WITH_SHA1
         )
 
-    def test_cert_serial_number(self, backend):
-        cert = _load_cert(
-            os.path.join("x509", "PKITS_data", "certs", "GoodCACert.crt"),
-            x509.load_der_x509_certificate,
-            backend
-        )
-
-        with pytest.warns(utils.CryptographyDeprecationWarning):
-            assert cert.serial == 2
-            assert cert.serial_number == 2
-
-    def test_cert_serial_warning(self, backend):
-        cert = _load_cert(
-            os.path.join("x509", "PKITS_data", "certs", "GoodCACert.crt"),
-            x509.load_der_x509_certificate,
-            backend
-        )
-
-        with pytest.warns(utils.CryptographyDeprecationWarning):
-            cert.serial
-
     def test_load_der_cert(self, backend):
         cert = _load_cert(
             os.path.join("x509", "PKITS_data", "certs", "GoodCACert.crt"),
diff --git a/tests/x509/test_x509_ext.py b/tests/x509/test_x509_ext.py
index 6de105fa..6cf388da 100644
--- a/tests/x509/test_x509_ext.py
+++ b/tests/x509/test_x509_ext.py
@@ -1673,11 +1673,11 @@ class TestKeyUsageExtension(object):
 class TestDNSName(object):
     def test_init_deprecated(self):
         pytest.importorskip("idna")
-        with pytest.warns(utils.DeprecatedIn21):
+        with pytest.warns(utils.CryptographyDeprecationWarning):
             name = x509.DNSName(u".\xf5\xe4\xf6\xfc.example.com")
         assert name.value == u".xn--4ca7aey.example.com"
 
-        with pytest.warns(utils.DeprecatedIn21):
+        with pytest.warns(utils.CryptographyDeprecationWarning):
             name = x509.DNSName(u"\xf5\xe4\xf6\xfc.example.com")
         assert name.value == u"xn--4ca7aey.example.com"
 
@@ -1792,7 +1792,7 @@ class TestRFC822Name(object):
 
     def test_idna(self):
         pytest.importorskip("idna")
-        with pytest.warns(utils.DeprecatedIn21):
+        with pytest.warns(utils.CryptographyDeprecationWarning):
             gn = x509.RFC822Name(u"email@em\xe5\xefl.com")
 
         assert gn.value == u"email@xn--eml-vla4c.com"
@@ -1832,7 +1832,7 @@ class TestUniformResourceIdentifier(object):
 
     def test_idna_no_port(self):
         pytest.importorskip("idna")
-        with pytest.warns(utils.DeprecatedIn21):
+        with pytest.warns(utils.CryptographyDeprecationWarning):
             gn = x509.UniformResourceIdentifier(
                 u"http://\u043f\u044b\u043a\u0430.cryptography"
             )
@@ -1841,7 +1841,7 @@ class TestUniformResourceIdentifier(object):
 
     def test_idna_with_port(self):
         pytest.importorskip("idna")
-        with pytest.warns(utils.DeprecatedIn21):
+        with pytest.warns(utils.CryptographyDeprecationWarning):
             gn = x509.UniformResourceIdentifier(
                 u"gopher://\u043f\u044b\u043a\u0430.cryptography:70/some/path"
             )
@@ -1856,7 +1856,7 @@ class TestUniformResourceIdentifier(object):
 
     def test_query_and_fragment(self):
         pytest.importorskip("idna")
-        with pytest.warns(utils.DeprecatedIn21):
+        with pytest.warns(utils.CryptographyDeprecationWarning):
             gn = x509.UniformResourceIdentifier(
                 u"ldap://\u043f\u044b\u043a\u0430.cryptography:90/path?query="
                 u"true#somedata"