99import os
1010import sys
1111from dataclasses import dataclass , field
12- from typing import Mapping , Optional , Tuple , TypeVar , Union
12+ from typing import Callable , Mapping , Optional , Tuple , TypeVar , Union
1313
1414if sys .version_info < (3 , 8 ):
1515 from typing_extensions import Literal , Protocol
1616else :
1717 from typing import Literal , Protocol
1818
19+ if sys .version_info < (3 , 9 ):
20+ _PathLike = os .PathLike
21+ else :
22+ _PathLike = os .PathLike [str ]
23+
1924__all__ = ["NextProtocol" , "TLSVersion" , "DTLSVersion" ]
2025
26+ _Path = Union [_PathLike , str ]
27+
2128
2229@enum .unique
2330class NextProtocol (enum .Enum ):
@@ -59,7 +66,7 @@ def system(cls) -> TrustStore:
5966 """
6067
6168 @classmethod
62- def from_pem_file (cls , path : Union [ str , os . PathLike [ str ]] ) -> TrustStore :
69+ def from_pem_file (cls , path : _Path ) -> TrustStore :
6370 """Initializes a trust store from a single file full of PEMs."""
6471
6572
@@ -78,7 +85,7 @@ def from_buffer(cls, buffer: bytes) -> Certificate:
7885 """
7986
8087 @classmethod
81- def from_file (cls , path : Union [ str , os . PathLike [ str ]] ) -> Certificate :
88+ def from_file (cls , path : _Path ) -> Certificate :
8289 """Creates a Certificate object from a file on disk.
8390
8491 This method may be a convenience method that wraps ``open`` and
@@ -89,7 +96,55 @@ def from_file(cls, path: Union[str, os.PathLike[str]]) -> Certificate:
8996 """
9097
9198
92- PrivateKey = object
99+ class PrivateKey (Protocol ):
100+ @classmethod
101+ def from_buffer (
102+ cls ,
103+ buffer : bytes ,
104+ password : Optional [
105+ Union [Callable [[], Union [bytes , bytearray ]], bytes , bytearray ]
106+ ] = None ,
107+ ) -> PrivateKey :
108+ """Creates a PrivateKey object from a byte buffer.
109+
110+ This byte buffer may be either PEM-encoded or DER-encoded. If the
111+ buffer is PEM encoded it *must* begin with the standard PEM
112+ preamble (a series of dashes followed by the ASCII bytes "BEGIN",
113+ the key type, and another series of dashes). In the absence of
114+ that preamble, the implementation may assume that the certificate
115+ is DER-encoded instead.
116+
117+ The key may additionally be encrypted. If it is, the ``password``
118+ argument can be used to decrypt the key. The ``password`` argument
119+ may be a function to call to get the password for decrypting the
120+ private key. It will only be called if the private key is encrypted
121+ and a password is necessary. It will be called with no arguments,
122+ and it should return either bytes or bytearray containing the
123+ password. Alternatively a bytes, or bytearray value may be supplied
124+ directly as the password argument. It will be ignored if the
125+ private key is not encrypted and no password is needed.
126+ """
127+
128+ @classmethod
129+ def from_file (
130+ cls ,
131+ path : _Path ,
132+ password : Optional [
133+ Union [Callable [[], Union [bytes , bytearray ]], bytes , bytearray ]
134+ ] = None ,
135+ ) -> PrivateKey :
136+ """Creates a PrivateKey object from a file on disk.
137+
138+ This method may be a convenience method that wraps ``open`` and
139+ ``from_buffer``, but some TLS implementations may be able to
140+ provide more-secure or faster methods of loading certificates that
141+ do not involve Python code.
142+
143+ The ``password`` parameter behaves exactly as the equivalent
144+ parameter on ``from_buffer``.
145+ """
146+
147+
93148CipherSuite = object
94149DEFAULT_CIPHER_LIST = ()
95150
0 commit comments