From 3b2102af549c1095d5478bb1243ee4cf76b9762b Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Sun, 5 Apr 2020 21:00:55 -0400 Subject: Removed deprecated behavior in AKI.from_issuer_subject_key_identifier (#5182) --- CHANGELOG.rst | 5 +++++ docs/x509/reference.rst | 4 ++-- src/cryptography/utils.py | 1 - src/cryptography/x509/extensions.py | 16 +--------------- tests/x509/test_x509_ext.py | 7 ------- 5 files changed, 8 insertions(+), 25 deletions(-) diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 0f31c61c..cb8cd281 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -10,6 +10,11 @@ Changelog .. _v2-9: +* **BACKWARDS INCOMPATIBLE:** Removed support for passing an + :class:`~cryptography.x509.Extension` instance to + :meth:`~cryptography.x509.AuthorityKeyIdentifier.from_issuer_subject_key_identifier`, + as per our deprecation policy. + 2.9 - 2020-04-02 ~~~~~~~~~~~~~~~~ diff --git a/docs/x509/reference.rst b/docs/x509/reference.rst index 0bac61eb..fac2a351 100644 --- a/docs/x509/reference.rst +++ b/docs/x509/reference.rst @@ -1936,8 +1936,8 @@ X.509 Extensions >>> from cryptography import x509 >>> from cryptography.hazmat.backends import default_backend >>> issuer_cert = x509.load_pem_x509_certificate(pem_data, default_backend()) - >>> ski = issuer_cert.extensions.get_extension_for_class(x509.SubjectKeyIdentifier) - >>> x509.AuthorityKeyIdentifier.from_issuer_subject_key_identifier(ski) + >>> ski_ext = issuer_cert.extensions.get_extension_for_class(x509.SubjectKeyIdentifier) + >>> x509.AuthorityKeyIdentifier.from_issuer_subject_key_identifier(ski_ext.value) .. class:: SubjectKeyIdentifier(digest) diff --git a/src/cryptography/utils.py b/src/cryptography/utils.py index 698b492d..ff4f81d2 100644 --- a/src/cryptography/utils.py +++ b/src/cryptography/utils.py @@ -22,7 +22,6 @@ class CryptographyDeprecationWarning(UserWarning): # cycle ends. PersistentlyDeprecated2017 = CryptographyDeprecationWarning PersistentlyDeprecated2019 = CryptographyDeprecationWarning -DeprecatedIn27 = CryptographyDeprecationWarning def _check_bytes(name, value): diff --git a/src/cryptography/x509/extensions.py b/src/cryptography/x509/extensions.py index ad90e9b7..1b96ffd7 100644 --- a/src/cryptography/x509/extensions.py +++ b/src/cryptography/x509/extensions.py @@ -8,7 +8,6 @@ import abc import datetime import hashlib import ipaddress -import warnings from enum import Enum import six @@ -213,21 +212,8 @@ class AuthorityKeyIdentifier(object): @classmethod def from_issuer_subject_key_identifier(cls, ski): - if isinstance(ski, SubjectKeyIdentifier): - digest = ski.digest - else: - digest = ski.value.digest - warnings.warn( - "Extension objects are deprecated as arguments to " - "from_issuer_subject_key_identifier and support will be " - "removed soon. Please migrate to passing a " - "SubjectKeyIdentifier directly.", - utils.DeprecatedIn27, - stacklevel=2, - ) - return cls( - key_identifier=digest, + key_identifier=ski.digest, authority_cert_issuer=None, authority_cert_serial_number=None ) diff --git a/tests/x509/test_x509_ext.py b/tests/x509/test_x509_ext.py index 10d217ab..19ce4363 100644 --- a/tests/x509/test_x509_ext.py +++ b/tests/x509/test_x509_ext.py @@ -3271,13 +3271,6 @@ class TestAuthorityKeyIdentifierExtension(object): ski_ext = issuer_cert.extensions.get_extension_for_class( x509.SubjectKeyIdentifier ) - # This was the incorrect arg we want to deprecate and remove - with pytest.warns(utils.CryptographyDeprecationWarning): - aki = x509.AuthorityKeyIdentifier.\ - from_issuer_subject_key_identifier(ski_ext) - assert ext.value == aki - - # Here's what we actually documented and want to do aki = x509.AuthorityKeyIdentifier.from_issuer_subject_key_identifier( ski_ext.value ) -- cgit v1.2.3