Complete and validate redis.ocsp (use requests, cryptography and pyopenssl) (#9528)

Avasam · web-flow · commit 5b0488928d5b · 2023-01-17T15:47:26.000Z
diff --git a/stubs/redis/@tests/stubtest_allowlist.txt b/stubs/redis/@tests/stubtest_allowlist.txt
@@ -1,5 +1,4 @@
 redis.client.Pipeline.transaction  # instance attribute has same name as superclass method
-redis.ocsp  # requires cryptography to be installed
 
 # async def mismatch problems
 redis.asyncio.client.Pipeline.command_info
diff --git a/stubs/redis/METADATA.toml b/stubs/redis/METADATA.toml
@@ -1 +1,6 @@
 version = "4.4.0"
+# Requires a version of cryptography with a `py.typed` file
+requires = ["types-pyOpenSSL", "cryptography>=35.0.0"]
+
+[tool.stubtest]
+extras = ["ocsp"]
diff --git a/stubs/redis/redis/ocsp.pyi b/stubs/redis/redis/ocsp.pyi
@@ -1,13 +1,21 @@
-from typing import Any
+from _typeshed import Incomplete
+from ssl import SSLObject, SSLSocket
+from typing_extensions import Literal
+
+from cryptography.x509.base import Certificate
+from OpenSSL.SSL import Connection
+
+def ocsp_staple_verifier(con: Connection, ocsp_bytes: bytes, expected: bytes | None = ...) -> Literal[True]: ...
 
 class OCSPVerifier:
-    SOCK: Any
-    HOST: Any
-    PORT: Any
-    CA_CERTS: Any
-    def __init__(self, sock, host, port, ca_certs: Any | None = ...) -> None: ...
-    def components_from_socket(self): ...
-    def components_from_direct_connection(self): ...
-    def build_certificate_url(self, server, cert, issuer_cert): ...
-    def check_certificate(self, server, cert, issuer_url): ...
-    def is_valid(self): ...
+    SOCK: SSLObject | SSLSocket
+    HOST: str
+    PORT: int
+    CA_CERTS: str | None
+    def __init__(self, sock: SSLObject | SSLSocket, host: str, port: int, ca_certs: str | None = ...) -> None: ...
+    # cryptography.x509.general_name.GeneralName.value is typed as Any
+    def components_from_socket(self) -> tuple[Certificate, Incomplete | None, Incomplete]: ...
+    def components_from_direct_connection(self) -> tuple[Certificate, Incomplete | None, Incomplete]: ...
+    def build_certificate_url(self, server: str, cert: Certificate, issuer_cert: Certificate) -> str: ...
+    def check_certificate(self, server: str, cert: Certificate, issuer_url: str | bytes) -> Literal[True]: ...
+    def is_valid(self) -> Literal[True]: ...

Original file line number	Diff line number	Diff line change
`@@ -1,5 +1,4 @@`
`1`	`1`	`redis.client.Pipeline.transaction # instance attribute has same name as superclass method`
`2`		`-redis.ocsp # requires cryptography to be installed`
`3`	`2`
`4`	`3`	`# async def mismatch problems`
`5`	`4`	`redis.asyncio.client.Pipeline.command_info`