4 files changed, 176 insertions, 120 deletions

diff --git a/CHANGELOG.rst b/CHANGELOG.rst
index a880c7ea..e057b636 100644
--- a/CHANGELOG.rst
+++ b/CHANGELOG.rst
@@ -28,6 +28,15 @@ Changelog
 * Deprecated :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicKey`
   in favor of backend specific providers of the
   :class:`~cryptography.hazmat.primitives.interfaces.RSAPublicKey` interface.
+* Deprecated :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPrivateKey`
+  in favor of backend specific providers of the
+  :class:`~cryptography.hazmat.primitives.interfaces.DSAPrivateKey` interface.
+* Deprecated :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPublicKey`
+  in favor of backend specific providers of the
+  :class:`~cryptography.hazmat.primitives.interfaces.DSAPublicKey` interface.
+* Deprecated :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAParameters`
+  in favor of backend specific providers of the
+  :class:`~cryptography.hazmat.primitives.interfaces.DSAParameters` interface.
 * Deprecated ``encrypt_rsa``, ``decrypt_rsa``, ``create_rsa_signature_ctx`` and
   ``create_rsa_verification_ctx`` on
   :class:`~cryptography.hazmat.backends.interfaces.RSABackend`.
diff --git a/cryptography/hazmat/primitives/asymmetric/dsa.py b/cryptography/hazmat/primitives/asymmetric/dsa.py
index 7a8a61c1..04b22720 100644
--- a/cryptography/hazmat/primitives/asymmetric/dsa.py
+++ b/cryptography/hazmat/primitives/asymmetric/dsa.py
@@ -13,6 +13,8 @@
 
 from __future__ import absolute_import, division, print_function
 
+import warnings
+
 import six
 
 from cryptography import utils
@@ -56,6 +58,12 @@ def _check_dsa_private_numbers(numbers):
 @utils.register_interface(interfaces.DSAParameters)
 class DSAParameters(object):
     def __init__(self, modulus, subgroup_order, generator):
+        warnings.warn(
+            "The DSAParameters class is deprecated and will be removed in a "
+            "future version.",
+            utils.DeprecatedIn05,
+            stacklevel=2
+        )
         _check_dsa_parameters(
             DSAParameterNumbers(
                 p=modulus,
@@ -70,6 +78,11 @@ class DSAParameters(object):
 
     @classmethod
     def generate(cls, key_size, backend):
+        warnings.warn(
+            "generate is deprecated and will be removed in a future version.",
+            utils.DeprecatedIn05,
+            stacklevel=2
+        )
         if not isinstance(backend, DSABackend):
             raise UnsupportedAlgorithm(
                 "Backend object does not implement DSABackend.",
@@ -112,6 +125,12 @@ class DSAParameters(object):
 @utils.register_interface(interfaces.DSAPrivateKey)
 class DSAPrivateKey(object):
     def __init__(self, modulus, subgroup_order, generator, x, y):
+        warnings.warn(
+            "The DSAPrivateKey class is deprecated and will be removed in a "
+            "future version.",
+            utils.DeprecatedIn05,
+            stacklevel=2
+        )
         if (
             not isinstance(x, six.integer_types) or
             not isinstance(y, six.integer_types)
@@ -140,6 +159,11 @@ class DSAPrivateKey(object):
 
     @classmethod
     def generate(cls, parameters, backend):
+        warnings.warn(
+            "generate is deprecated and will be removed in a future version.",
+            utils.DeprecatedIn05,
+            stacklevel=2
+        )
         if not isinstance(backend, DSABackend):
             raise UnsupportedAlgorithm(
                 "Backend object does not implement DSABackend.",
@@ -189,6 +213,12 @@ class DSAPrivateKey(object):
 @utils.register_interface(interfaces.DSAPublicKey)
 class DSAPublicKey(object):
     def __init__(self, modulus, subgroup_order, generator, y):
+        warnings.warn(
+            "The DSAPublicKey class is deprecated and will be removed in a "
+            "future version.",
+            utils.DeprecatedIn05,
+            stacklevel=2
+        )
         _check_dsa_parameters(
             DSAParameterNumbers(
                 p=modulus,
diff --git a/docs/hazmat/primitives/asymmetric/dsa.rst b/docs/hazmat/primitives/asymmetric/dsa.rst
index 095c49b9..6cb624dd 100644
--- a/docs/hazmat/primitives/asymmetric/dsa.rst
+++ b/docs/hazmat/primitives/asymmetric/dsa.rst
@@ -7,6 +7,9 @@ DSA
 
 `DSA`_ is a `public-key`_ algorithm for signing messages.
 
+Generation
+~~~~~~~~~~
+
 .. function:: generate_private_key(key_size, backend)
 
     .. versionadded:: 0.5
@@ -28,6 +31,10 @@ DSA
     :return: A :class:`~cryptography.hazmat.primitives.interfaces.DSAPrivateKey`
         provider.
 
+    :raises cryptography.exceptions.UnsupportedAlgorithm: This is raised if
+        the provided ``backend`` does not implement
+        :class:`~cryptography.hazmat.backends.interfaces.DSABackend`
+
 .. function:: generate_parameters(key_size, backend)
 
     .. versionadded:: 0.5
@@ -52,10 +59,125 @@ DSA
         the provided ``backend`` does not implement
         :class:`~cryptography.hazmat.backends.interfaces.DSABackend`
 
+Signing
+~~~~~~~
+
+Using a :class:`~cryptography.hazmat.primitives.interfaces.DSAPrivateKey`
+provider.
+
+.. doctest::
+
+    >>> from cryptography.hazmat.backends import default_backend
+    >>> from cryptography.hazmat.primitives import hashes
+    >>> from cryptography.hazmat.primitives.asymmetric import dsa
+    >>> private_key = dsa.generate_private_key(
+    ...     key_size=1024,
+    ...     backend=default_backend()
+    ... )
+    >>> signer = private_key.signer(hashes.SHA256())
+    >>> data = b"this is some data I'd like to sign"
+    >>> signer.update(data)
+    >>> signature = signer.finalize()
+
+Verification
+~~~~~~~~~~~~
+
+Using a :class:`~cryptography.hazmat.primitives.interfaces.DSAPublicKey`
+provider.
+
+.. doctest::
+
+    >>> public_key = private_key.public_key()
+    >>> verifier = public_key.verifier(signature, hashes.SHA256())
+    >>> verifier.update(data)
+    >>> verifier.verify()
+
+Numbers
+~~~~~~~
+
+.. class:: DSAParameterNumbers(p, q, g)
+
+    .. versionadded:: 0.5
+
+    The collection of integers that make up a set of DSA parameters.
+
+    .. attribute:: p
+
+        :type: int
+
+        The public modulus.
+
+    .. attribute:: q
+
+        :type: int
+
+        The sub-group order.
+
+    .. attribute:: g
+
+        :type: int
+
+        The generator.
+
+.. class:: DSAPublicNumbers(y, parameter_numbers)
+
+    .. versionadded:: 0.5
+
+    The collection of integers that make up a DSA public key.
+
+    .. attribute:: y
+
+        :type: int
+
+        The public value ``y``.
+
+    .. attribute:: parameter_numbers
+
+        :type: :class:`~cryptography.hazmat.primitives.dsa.DSAParameterNumbers`
+
+        The :class:`~cryptography.hazmat.primitives.dsa.DSAParameterNumbers`
+        associated with the public key.
+
+.. class:: DSAPrivateNumbers(x, public_numbers)
+
+    .. versionadded:: 0.5
+
+    The collection of integers that make up a DSA private key.
+
+    .. warning::
+
+        Revealing the value of ``x`` will compromise the security of any
+        cryptographic operations performed.
+
+    .. attribute:: x
+
+        :type: int
+
+        The private value ``x``.
+
+    .. attribute:: public_numbers
+
+        :type: :class:`~cryptography.hazmat.primitives.dsa.DSAPublicNumbers`
+
+        The :class:`~cryptography.hazmat.primitives.dsa.DSAPublicNumbers`
+        associated with the private key.
+
+Deprecated Concrete Classes
+~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+These classes were deprecated in version 0.5 in favor of backend specific
+providers of the
+:class:`~cryptography.hazmat.primitives.interfaces.DSAParameters`,
+:class:`~cryptography.hazmat.primitives.interfaces.DSAPrivateKey`, and
+:class:`~cryptography.hazmat.primitives.interfaces.DSAPublicKey` interfaces.
+>>>>>>> deprecate concrete DSA classes and update DSA docs
+
 .. class:: DSAParameters(modulus, subgroup_order, generator)
 
     .. versionadded:: 0.4
 
+    .. deprecated:: 0.5
+
     DSA Parameters are required for generating a DSA private key.
 
     You should use :meth:`~generate` to generate new parameters.
@@ -100,6 +222,8 @@ DSA
 
     .. versionadded:: 0.4
 
+    .. deprecated:: 0.5
+
     A DSA private key is required for signing messages.
 
     You should use :meth:`~generate` to generate new keys.
@@ -148,27 +272,6 @@ DSA
 
         Sign data which can be verified later by others using the public key.
 
-        .. doctest::
-
-            >>> from cryptography.hazmat.backends import default_backend
-            >>> from cryptography.hazmat.primitives import hashes
-            >>> from cryptography.hazmat.primitives.asymmetric import dsa
-            >>> parameters = dsa.DSAParameters.generate(
-            ...     key_size=1024,
-            ...     backend=default_backend()
-            ... )
-            >>> private_key = dsa.DSAPrivateKey.generate(
-            ...     parameters=parameters,
-            ...     backend=default_backend()
-            ... )
-            >>> signer = private_key.signer(
-            ...     hashes.SHA256(),
-            ...     default_backend()
-            ... )
-            >>> data = b"this is some data I'd like to sign"
-            >>> signer.update(data)
-            >>> signature = signer.finalize()
-
         :param algorithm: An instance of a
             :class:`~cryptography.hazmat.primitives.interfaces.HashAlgorithm`
             provider.
@@ -189,6 +292,8 @@ DSA
 
     .. versionadded:: 0.4
 
+    .. deprecated:: 0.5
+
     A DSA public key is required for verifying messages.
 
     Normally you do not need to directly construct public keys because you'll
@@ -212,35 +317,6 @@ DSA
         Verify data was signed by the private key associated with this public
         key.
 
-        .. doctest::
-
-            >>> from cryptography.hazmat.backends import default_backend
-            >>> from cryptography.hazmat.primitives import hashes
-            >>> from cryptography.hazmat.primitives.asymmetric import dsa
-            >>> parameters = dsa.DSAParameters.generate(
-            ...     key_size=1024,
-            ...     backend=default_backend()
-            ... )
-            >>> private_key = dsa.DSAPrivateKey.generate(
-            ...     parameters=parameters,
-            ...     backend=default_backend()
-            ... )
-            >>> signer = private_key.signer(
-            ...     hashes.SHA256(),
-            ...     default_backend()
-            ... )
-            >>> data = b"this is some data I'd like to sign"
-            >>> signer.update(data)
-            >>> signature = signer.finalize()
-            >>> public_key = private_key.public_key()
-            >>> verifier = public_key.verifier(
-            ...     signature,
-            ...     hashes.SHA256(),
-            ...     default_backend()
-            ... )
-            >>> verifier.update(data)
-            >>> verifier.verify()
-
         :param bytes signature: The signature to verify. DER encoded as
             specified in :rfc:`6979`.
 
@@ -255,73 +331,6 @@ DSA
         :returns:
             :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricVerificationContext`
 
-.. class:: DSAParameterNumbers(p, q, g)
-
-    .. versionadded:: 0.5
-
-    The collection of integers that make up a set of DSA parameters.
-
-    .. attribute:: p
-
-        :type: int
-
-        The public modulus.
-
-    .. attribute:: q
-
-        :type: int
-
-        The sub-group order.
-
-    .. attribute:: g
-
-        :type: int
-
-        The generator.
-
-.. class:: DSAPublicNumbers(y, parameter_numbers)
-
-    .. versionadded:: 0.5
-
-    The collection of integers that make up a DSA public key.
-
-    .. attribute:: y
-
-        :type: int
-
-        The public value ``y``.
-
-    .. attribute:: parameter_numbers
-
-        :type: :class:`~cryptography.hazmat.primitives.dsa.DSAParameterNumbers`
-
-        The :class:`~cryptography.hazmat.primitives.dsa.DSAParameterNumbers`
-        associated with the public key.
-
-.. class:: DSAPrivateNumbers(x, public_numbers)
-
-    .. versionadded:: 0.5
-
-    The collection of integers that make up a DSA private key.
-
-    .. warning::
-
-        Revealing the value of ``x`` will compromise the security of any
-        cryptographic operations performed.
-
-    .. attribute:: x
-
-        :type: int
-
-        The private value ``x``.
-
-    .. attribute:: public_numbers
-
-        :type: :class:`~cryptography.hazmat.primitives.dsa.DSAPublicNumbers`
-
-        The :class:`~cryptography.hazmat.primitives.dsa.DSAPublicNumbers`
-        associated with the private key.
-
 .. _`DSA`: https://en.wikipedia.org/wiki/Digital_Signature_Algorithm
 .. _`public-key`: https://en.wikipedia.org/wiki/Public-key_cryptography
 .. _`FIPS 186-4`: http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf
diff --git a/tests/hazmat/primitives/test_dsa.py b/tests/hazmat/primitives/test_dsa.py
index 531b448f..8c87cfdf 100644
--- a/tests/hazmat/primitives/test_dsa.py
+++ b/tests/hazmat/primitives/test_dsa.py
@@ -698,9 +698,17 @@ class TestDSAVerification(object):
             verifier.verify()
 
     def test_dsa_verify_invalid_asn1(self, backend):
-        parameters = dsa.DSAParameters.generate(1024, backend)
-        private_key = dsa.DSAPrivateKey.generate(parameters, backend)
-        public_key = private_key.public_key()
+        parameters = pytest.deprecated_call(
+            dsa.DSAParameters.generate,
+            1024,
+            backend
+        )
+        private_key = pytest.deprecated_call(
+            dsa.DSAPrivateKey.generate,
+            parameters,
+            backend
+        )
+        public_key = pytest.deprecated_call(private_key.public_key)
         verifier = public_key.verifier(b'fakesig', hashes.SHA1(), backend)
         verifier.update(b'fakesig')
         with pytest.raises(InvalidSignature):