typehint code (and use absolute imports)

pyauth · Dec 19, 2024 · cb468c8 · cb468c8
1 parent 856b3a8
commit cb468c8
Show file tree

Hide file tree

Showing 30 changed files with 880 additions and 507 deletions.
diff --git a/.github/workflows/quality.yml b/.github/workflows/quality.yml
@@ -26,4 +26,7 @@ jobs:
         run: uv run ruff format --diff .
 
       - name: ruff check
-        run: uv run ruff check --diff .
+        run: uv run ruff check --diff .
+
+      - name: mypy
+        run: uv run mypy .
diff --git a/pkcs11/__init__.py b/pkcs11/__init__.py
@@ -2,17 +2,38 @@
 :mod:`pkcs11` defines a high-level, "Pythonic" interface to PKCS#11.
 """
 
-from .constants import *  # noqa: F403
-from .exceptions import *  # noqa: F403
-from .mechanisms import *  # noqa: F403
-from .types import *  # noqa: F403
-from .util import dh, dsa, ec, rsa, x509  # noqa: F401
+import typing
+
+from pkcs11.constants import (
+    Attribute,
+    CertificateType,
+    MechanismFlag,
+    ObjectClass,
+    SlotFlag,
+    TokenFlag,
+    UserType,
+)
+from pkcs11.exceptions import *  # noqa: F403
+from pkcs11.mechanisms import KDF, MGF, KeyType, Mechanism
+from pkcs11.types import (
+    Certificate,
+    DomainParameters,
+    Library,
+    MechanismInfo,
+    PrivateKey,
+    PublicKey,
+    SecretKey,
+    Session,
+    Slot,
+    Token,
+)
+from pkcs11.util import dh, dsa, ec, rsa, x509
 
 _so = None
 _lib = None
 
 
-def lib(so):
+def lib(so: str) -> Library:
     """
     Wrap the main library call coming from Cython with a preemptive
     dynamic loading.
@@ -22,15 +43,44 @@ def lib(so):
 
     if _lib:
         if _so != so:
-            raise AlreadyInitialized(  # noqa: F405
-                "Already initialized with %s" % so
-            )
+            raise AlreadyInitialized("Already initialized with %s" % so)  # noqa: F405
         else:
             return _lib
 
-    from . import _pkcs11
+    from . import _pkcs11  # type: ignore[attr-defined]
 
-    _lib = _pkcs11.lib(so)
+    _lib = typing.cast(Library, _pkcs11.lib(so))
     _so = so
 
     return _lib
+
+
+__all__ = [
+    "KDF",
+    "MGF",
+    "Attribute",
+    "Certificate",
+    "CertificateType",
+    "DomainParameters",
+    "KeyType",
+    "Library",
+    "Mechanism",
+    "MechanismFlag",
+    "MechanismInfo",
+    "ObjectClass",
+    "PrivateKey",
+    "PublicKey",
+    "SecretKey",
+    "Session",
+    "Slot",
+    "SlotFlag",
+    "Token",
+    "TokenFlag",
+    "UserType",
+    "dh",
+    "dsa",
+    "ec",
+    "lib",
+    "rsa",
+    "x509",
+]
diff --git a/pkcs11/_errors.pyx b/pkcs11/_errors.pyx
@@ -2,7 +2,7 @@
 Map from CKR return codes to Python exceptions.
 """
 
-from .exceptions import *
+from pkcs11.exceptions import *
 
 cdef ERROR_MAP = {
     CKR_ATTRIBUTE_TYPE_INVALID: AttributeTypeInvalid,

diff --git a/pkcs11/_pkcs11.pyx b/pkcs11/_pkcs11.pyx
@@ -8,9 +8,6 @@ for Sphinx/Jedi/etc, as this module is not importable without having the
 library loaded.
 """
 
-from __future__ import (absolute_import, unicode_literals,
-                        print_function, division)
-
 from cython.view cimport array
 from cpython.mem cimport PyMem_Malloc, PyMem_Free
 
@@ -19,16 +16,25 @@ IF UNAME_SYSNAME == "Windows":
 ELSE:
     from posix cimport dlfcn
 
-from ._pkcs11_defn cimport *
+from pkcs11._pkcs11_defn cimport *
 include '_errors.pyx'
 include '_utils.pyx'
 
-from . import types
-from .defaults import *
-from .exceptions import *
-from .constants import *
-from .mechanisms import *
-from .types import (
+from pkcs11 import types
+from pkcs11.defaults import (
+    DEFAULT_DERIVE_MECHANISMS,
+    DEFAULT_ENCRYPT_MECHANISMS,
+    DEFAULT_GENERATE_MECHANISMS,
+    DEFAULT_KEY_CAPABILITIES,
+    DEFAULT_MECHANISM_PARAMS,
+    DEFAULT_PARAM_GENERATE_MECHANISMS,
+    DEFAULT_SIGN_MECHANISMS,
+    DEFAULT_WRAP_MECHANISMS,
+)
+from pkcs11.exceptions import ArgumentsBad
+from pkcs11.constants import DEFAULT, Attribute, MechanismFlag, ObjectClass, UserType,  TokenFlag
+from pkcs11.mechanisms import KeyType, Mechanism
+from pkcs11.types import (
     _CK_UTF8CHAR_to_str,
     _CK_VERSION_to_tuple,
     _CK_MECHANISM_TYPE_to_enum,

diff --git a/pkcs11/_utils.pyx b/pkcs11/_utils.pyx
@@ -2,8 +2,7 @@
 Type wrangling utility functions.
 """
 
-from .constants import *
-from .mechanisms import *
+from pkcs11.defaults import ATTRIBUTE_TYPES
 
 
 cdef CK_BYTE_buffer(length):

diff --git a/pkcs11/constants.py b/pkcs11/constants.py
@@ -5,11 +5,7 @@
 use these classes.
 """
 
-try:
-    from enum import IntEnum, IntFlag, unique
-except ImportError:
-    from aenum import IntEnum, IntFlag, unique
-
+from enum import IntEnum, IntFlag, unique
 
 DEFAULT = object()
 """Sentinel value used in templates.
@@ -58,7 +54,7 @@ class ObjectClass(IntEnum):
 
     _VENDOR_DEFINED = 0x80000000
 
-    def __repr__(self):
+    def __repr__(self) -> str:
         return "<ObjectClass.%s>" % self.name
 
 
@@ -344,7 +340,7 @@ class Attribute(IntEnum):
 
     _VENDOR_DEFINED = 0x80000000
 
-    def __repr__(self):
+    def __repr__(self) -> str:
         return "<Attribute.%s>" % self.name
 
 

diff --git a/pkcs11/defaults.py b/pkcs11/defaults.py
@@ -7,14 +7,15 @@
 
 from datetime import datetime
 from struct import Struct
+from typing import Any, Callable
 
-from .constants import (
+from pkcs11.constants import (
     Attribute,
     CertificateType,
     MechanismFlag,
     ObjectClass,
 )
-from .mechanisms import MGF, KeyType, Mechanism
+from pkcs11.mechanisms import MGF, KeyType, Mechanism
 
 DEFAULT_GENERATE_MECHANISMS = {
     KeyType.AES: Mechanism.AES_KEY_GEN,
@@ -35,17 +36,18 @@
 _SIGNING = MechanismFlag.SIGN | MechanismFlag.VERIFY
 _WRAPPING = MechanismFlag.WRAP | MechanismFlag.UNWRAP
 
-DEFAULT_KEY_CAPABILITIES = {
+DEFAULT_KEY_CAPABILITIES: dict[KeyType, MechanismFlag] = {
     KeyType.AES: _ENCRYPTION | _SIGNING | _WRAPPING,
     KeyType.DES2: _ENCRYPTION | _SIGNING | _WRAPPING,
     KeyType.DES3: _ENCRYPTION | _SIGNING | _WRAPPING,
     KeyType.DH: MechanismFlag.DERIVE,
     KeyType.DSA: _SIGNING,
     KeyType.EC: _SIGNING | MechanismFlag.DERIVE,
     KeyType.RSA: _ENCRYPTION | _SIGNING | _WRAPPING,
-    KeyType.GENERIC_SECRET: 0,
+    KeyType.GENERIC_SECRET: 0,  # type: ignore[dict-item]
     KeyType.EC_EDWARDS: _SIGNING,
 }
+
 """
 Default capabilities for generating keys.
 """
@@ -125,11 +127,11 @@
 _biginteger = _bytes
 
 
-def _enum(type_):
+def _enum(type_: type[Any]) -> tuple[Callable[[Any], bytes], Callable[[Any], Any]]:
     """Factory to pack/unpack intos into IntEnums."""
     pack, unpack = _ulong
 
-    return (lambda v: pack(int(v)), lambda v: type_(unpack(v)))
+    return (lambda v: pack(int(v)), lambda v: type_(unpack(v)))  # type: ignore[no-untyped-call]
 
 
 ATTRIBUTE_TYPES = {

diff --git a/pkcs11/mechanisms.py b/pkcs11/mechanisms.py
@@ -101,7 +101,7 @@ class KeyType(IntEnum):
 
     _VENDOR_DEFINED = 0x80000000
 
-    def __repr__(self):
+    def __repr__(self) -> str:
         return "<KeyType.%s>" % self.name
 
 
@@ -709,7 +709,7 @@ class Mechanism(IntEnum):
 
     _VENDOR_DEFINED = 0x80000000
 
-    def __repr__(self):
+    def __repr__(self) -> str:
         return "<Mechanism.%s>" % self.name
 
 
@@ -729,7 +729,7 @@ class KDF(IntEnum):
     SHA512 = 0x00000008
     CPDIVERSIFY = 0x00000009
 
-    def __repr__(self):
+    def __repr__(self) -> str:
         return "<KDF.%s>" % self.name
 
 
@@ -744,5 +744,5 @@ class MGF(IntEnum):
     SHA512 = 0x00000004
     SHA224 = 0x00000005
 
-    def __repr__(self):
+    def __repr__(self) -> str:
         return "<MGF.%s>" % self.name
diff --git a/pkcs11/py.typed b/pkcs11/py.typed