diff options
-rw-r--r-- | docs/x509/reference.rst | 12 | ||||
-rw-r--r-- | src/cryptography/x509.py | 2 | ||||
-rw-r--r-- | tests/test_x509.py | 14 |
3 files changed, 14 insertions, 14 deletions
diff --git a/docs/x509/reference.rst b/docs/x509/reference.rst index 799126b9..61971fed 100644 --- a/docs/x509/reference.rst +++ b/docs/x509/reference.rst @@ -502,15 +502,10 @@ X.509 Certificate Builder :param critical: Set to ``True`` if the extension must be understood and handled by whoever reads the certificate. - .. method:: sign(backend, private_key, algorithm) + .. method:: sign(private_key, algorithm, backend) Sign the certificate using the CA's private key. - :param backend: Backend that will be used to build the certificate. - Must support the - :class:`~cryptography.hazmat.backends.interfaces.X509Backend` - interface. - :param private_key: The :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKey`, :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPrivateKey` or @@ -521,6 +516,11 @@ X.509 Certificate Builder :class:`~cryptography.hazmat.primitives.hashes.HashAlgorithm` that will be used to generate the signature. + :param backend: Backend that will be used to build the certificate. + Must support the + :class:`~cryptography.hazmat.backends.interfaces.X509Backend` + interface. + X.509 CSR (Certificate Signing Request) Object ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ diff --git a/src/cryptography/x509.py b/src/cryptography/x509.py index a831506e..f35582b0 100644 --- a/src/cryptography/x509.py +++ b/src/cryptography/x509.py @@ -1740,7 +1740,7 @@ class CertificateBuilder(object): self._not_valid_after, self._extensions + [extension] ) - def sign(self, backend, private_key, algorithm): + def sign(self, private_key, algorithm, backend): """ Signs the certificate using the CA's private key. """ diff --git a/tests/test_x509.py b/tests/test_x509.py index ac20f649..ba35f64d 100644 --- a/tests/test_x509.py +++ b/tests/test_x509.py @@ -809,7 +809,7 @@ class TestRSACertificateRequest(object): not_valid_after ) - cert = builder.sign(backend, issuer_private_key, hashes.SHA1()) + cert = builder.sign(issuer_private_key, hashes.SHA1(), backend) assert cert.version is x509.Version.v3 assert cert.not_valid_before == not_valid_before @@ -969,7 +969,7 @@ class TestCertificateBuilder(object): builder = x509.CertificateBuilder() with pytest.raises(TypeError): - builder.sign(backend, private_key, object()) + builder.sign(private_key, object(), backend) @pytest.mark.requires_backend_interface(interface=DSABackend) @pytest.mark.requires_backend_interface(interface=X509Backend) @@ -981,7 +981,7 @@ class TestCertificateBuilder(object): builder = x509.CertificateBuilder() with pytest.raises(NotImplementedError): - builder.sign(backend, private_key, hashes.SHA512()) + builder.sign(private_key, hashes.SHA512(), backend) @pytest.mark.requires_backend_interface(interface=EllipticCurveBackend) @pytest.mark.requires_backend_interface(interface=X509Backend) @@ -994,7 +994,7 @@ class TestCertificateBuilder(object): builder = x509.CertificateBuilder() with pytest.raises(NotImplementedError): - builder.sign(backend, private_key, hashes.SHA512()) + builder.sign(private_key, hashes.SHA512(), backend) @pytest.mark.requires_backend_interface(interface=DSABackend) @pytest.mark.requires_backend_interface(interface=X509Backend) @@ -1027,7 +1027,7 @@ class TestCertificateBuilder(object): not_valid_after ) - cert = builder.sign(backend, issuer_private_key, hashes.SHA1()) + cert = builder.sign(issuer_private_key, hashes.SHA1(), backend) assert cert.version is x509.Version.v3 assert cert.not_valid_before == not_valid_before @@ -1076,7 +1076,7 @@ class TestCertificateBuilder(object): not_valid_after ) - cert = builder.sign(backend, issuer_private_key, hashes.SHA1()) + cert = builder.sign(issuer_private_key, hashes.SHA1(), backend) assert cert.version is x509.Version.v3 assert cert.not_valid_before == not_valid_before @@ -1117,7 +1117,7 @@ class TestCertificateBuilder(object): ) with pytest.raises(ValueError): - builder.sign(backend, issuer_private_key, hashes.SHA512()) + builder.sign(issuer_private_key, hashes.SHA512(), backend) @pytest.mark.requires_backend_interface(interface=X509Backend) |