test_tls: Add type annotations

Synss · Synss · commit f0e2825d848d · 2022-06-18T22:27:03.000+02:00
The file now passes `mypy --strict`.
diff --git a/src/mbedtls/_tls.pyi b/src/mbedtls/_tls.pyi
@@ -5,17 +5,19 @@ from __future__ import annotations
 
 import enum
 import sys
+from collections import abc
 from pathlib import Path
 from typing import Mapping, Optional, Sequence, Tuple, Union, overload
 
+from mbedtls.pk import ECC, RSA
 from mbedtls.x509 import CRT
 
 if sys.version_info < (3, 8):
     from typing_extensions import Literal
 else:
     from typing import Literal
 
-def ciphers_available() -> Sequence[bytes]: ...
+def ciphers_available() -> Sequence[str]: ...
 @enum.unique
 class NextProtocol(enum.Enum):
     H2: bytes
@@ -77,8 +79,10 @@ class WantReadError(TLSError): ...
 class RaggedEOF(TLSError): ...
 class HelloVerifyRequest(TLSError): ...
 
-class TrustStore:
-    def __init__(self, db: Optional[Sequence[CRT]] = ...) -> None: ...
+class TrustStore(abc.Sequence[CRT]):
+    def __init__(
+        self, db: Optional[Union[Sequence[CRT], TrustStore]] = ...
+    ) -> None: ...
     @classmethod
     def system(cls) -> TrustStore: ...
     @classmethod
@@ -96,10 +100,10 @@ class Purpose(enum.IntEnum):
     SERVER_AUTH: int
     CLIENT_AUTH: int
 
-# TODO: Type these.
-Certificate = object
-PrivateKey = object
-CipherSuite = object
+_Key = Union[RSA, ECC]
+Certificate = CRT
+PrivateKey = _Key
+CipherSuite = str
 ServerNameCallback = object
 
 class TLSConfiguration:
@@ -109,10 +113,25 @@ class TLSConfiguration:
         cls,
         validate_certificates: Optional[bool] = ...,
         certificate_chain: Optional[
-            Tuple[Tuple[Certificate], PrivateKey]
+            Tuple[Tuple[Certificate, ...], PrivateKey]
+        ] = ...,
+        ciphers: Optional[Sequence[Union[CipherSuite, int]]] = ...,
+        inner_protocols: Optional[Sequence[Union[NextProtocol, bytes]]] = ...,
+        lowest_supported_version: Optional[TLSVersion] = ...,
+        highest_supported_version: Optional[TLSVersion] = ...,
+        trust_store: Optional[TrustStore] = ...,
+        sni_callback: Optional[ServerNameCallback] = ...,
+        pre_shared_key: Optional[Tuple[str, bytes]] = ...,
+        pre_shared_key_store: Optional[Mapping[str, bytes]] = ...,
+    ) -> TLSConfiguration: ...
+    def update(
+        self,
+        validate_certificates: Optional[bool] = ...,
+        certificate_chain: Optional[
+            Tuple[Tuple[Certificate, ...], PrivateKey]
         ] = ...,
-        ciphers: Optional[Tuple[Union[CipherSuite, int]]] = ...,
-        inner_protocols: Optional[Tuple[Union[NextProtocol, bytes]]] = ...,
+        ciphers: Optional[Sequence[Union[CipherSuite, int]]] = ...,
+        inner_protocols: Optional[Sequence[Union[NextProtocol, bytes]]] = ...,
         lowest_supported_version: Optional[TLSVersion] = ...,
         highest_supported_version: Optional[TLSVersion] = ...,
         trust_store: Optional[TrustStore] = ...,
@@ -121,26 +140,49 @@ class TLSConfiguration:
         pre_shared_key_store: Optional[Mapping[str, bytes]] = ...,
     ) -> TLSConfiguration: ...
     validate_certificates: Optional[bool]
-    certificate_chain: Optional[Tuple[Tuple[Certificate], PrivateKey]]
+    certificate_chain: Optional[Tuple[Tuple[Certificate, ...], PrivateKey]]
     ciphers: Optional[Tuple[Union[CipherSuite, int]]]
     inner_protocols: Optional[Tuple[Union[NextProtocol, bytes]]]
     lowest_supported_version: Optional[TLSVersion]
     highest_supported_version: Optional[TLSVersion]
     trust_store: Optional[TrustStore]
     sni_callback: Optional[ServerNameCallback]
+    pre_shared_key: Optional[Tuple[str, bytes]]
+    pre_shared_key_store: Optional[Mapping[str, bytes]]
 
 class DTLSConfiguration:
     def __new__(
         cls,
         validate_certificates: Optional[bool] = ...,
         certificate_chain: Optional[
-            Tuple[Tuple[Certificate], PrivateKey]
+            Tuple[Tuple[Certificate, ...], PrivateKey]
         ] = ...,
-        ciphers: Optional[Tuple[Union[CipherSuite, int]]] = ...,
-        inner_protocols: Optional[Tuple[Union[NextProtocol, bytes]]] = ...,
-        lowest_supported_version: Optional[TLSVersion] = ...,
-        highest_supported_version: Optional[TLSVersion] = ...,
+        ciphers: Optional[Sequence[Union[CipherSuite, int]]] = ...,
+        inner_protocols: Optional[Sequence[Union[NextProtocol, bytes]]] = ...,
+        lowest_supported_version: Optional[DTLSVersion] = ...,
+        highest_supported_version: Optional[DTLSVersion] = ...,
         trust_store: Optional[TrustStore] = ...,
+        anti_replay: Optional[bool] = ...,
+        handshake_timeout_min: Optional[int] = ...,
+        handshake_timeout_max: Optional[int] = ...,
+        sni_callback: Optional[ServerNameCallback] = ...,
+        pre_shared_key: Optional[Tuple[str, bytes]] = ...,
+        pre_shared_key_store: Optional[Mapping[str, bytes]] = ...,
+    ) -> DTLSConfiguration: ...
+    def update(
+        self,
+        validate_certificates: Optional[bool] = ...,
+        certificate_chain: Optional[
+            Tuple[Tuple[Certificate, ...], PrivateKey]
+        ] = ...,
+        ciphers: Optional[Sequence[Union[CipherSuite, int]]] = ...,
+        inner_protocols: Optional[Sequence[Union[NextProtocol, bytes]]] = ...,
+        lowest_supported_version: Optional[DTLSVersion] = ...,
+        highest_supported_version: Optional[DTLSVersion] = ...,
+        trust_store: Optional[TrustStore] = ...,
+        anti_replay: Optional[bool] = ...,
+        handshake_timeout_min: Optional[int] = ...,
+        handshake_timeout_max: Optional[int] = ...,
         sni_callback: Optional[ServerNameCallback] = ...,
         pre_shared_key: Optional[Tuple[str, bytes]] = ...,
         pre_shared_key_store: Optional[Mapping[str, bytes]] = ...,
@@ -149,10 +191,15 @@ class DTLSConfiguration:
     certificate_chain: Optional[Tuple[Tuple[Certificate], PrivateKey]]
     ciphers: Optional[Tuple[Union[CipherSuite, int]]]
     inner_protocols: Optional[Tuple[Union[NextProtocol, bytes]]]
-    lowest_supported_version: Optional[TLSVersion]
-    highest_supported_version: Optional[TLSVersion]
+    lowest_supported_version: Optional[DTLSVersion]
+    highest_supported_version: Optional[DTLSVersion]
     trust_store: Optional[TrustStore]
+    anti_replay: Optional[bool]
+    handshake_timeout_min: Optional[int]
+    handshake_timeout_max: Optional[int]
     sni_callback: Optional[ServerNameCallback]
+    pre_shared_key: Optional[Tuple[str, bytes]]
+    pre_shared_key_store: Optional[Mapping[str, bytes]]
 
 class _BaseContext:
     def __init__(
@@ -169,6 +216,10 @@ class MbedTLSBuffer:
         self, context: _BaseContext, server_hostname: Optional[str] = None
     ) -> None: ...
     @property
+    def _input_buffer(self) -> bytes: ...
+    @property
+    def _output_buffer(self) -> bytes: ...
+    @property
     def context(self) -> _BaseContext: ...
     @property
     def _server_hostname(self) -> str: ...
diff --git a/src/mbedtls/_tls.pyx b/src/mbedtls/_tls.pyx
@@ -259,7 +259,7 @@ class HelloVerifyRequest(_exc.TLSError):
     pass
 
 
-class TrustStore:
+class TrustStore(abc.Sequence):
     def __init__(self, db=None):
         if db is None:
             db = []
diff --git a/src/mbedtls/tls.py b/src/mbedtls/tls.py
@@ -9,12 +9,9 @@
 import sys
 from typing import Any, NoReturn, Optional, Tuple, Union, cast
 
-from ._tls import (
-    DTLSConfiguration,
-    DTLSVersion,
-    HandshakeStep,
-    HelloVerifyRequest,
-)
+from ._tls import DTLSConfiguration, DTLSVersion
+from ._tls import HandshakeStep as HandshakeStep
+from ._tls import HelloVerifyRequest
 from ._tls import MbedTLSBuffer as TLSWrappedBuffer
 from ._tls import (
     NextProtocol,
diff --git a/tests/test_tls.py b/tests/test_tls.py
