mollify the type checker

2025-04-07 10:56:49 +00:00 · 2023-01-12 16:32:32 -05:00 · 2023-01-12 16:32:32 -05:00 · 1a807a0232
commit 1a807a0232
parent d5628f9c84
3 changed files with 11 additions and 3 deletions
--- a/src/allmydata/crypto/rsa.py
+++ b/src/allmydata/crypto/rsa.py
@ -79,10 +79,14 @@ def create_signing_keypair_from_string(private_key_der: bytes) -> tuple[PrivateK
    )

    def load_with_validation() -> PrivateKey:
-        return _load()
+        k = _load()
+        assert isinstance(k, PrivateKey)
+        return k

    def load_without_validation() -> PrivateKey:
-        return _load(unsafe_skip_rsa_key_validation=True)
+        k = _load(unsafe_skip_rsa_key_validation=True)
+        assert isinstance(k, PrivateKey)
+        return k

    # Load it once without the potentially expensive OpenSSL validation
    # checks.  These have superlinear complexity.  We *will* run them just
@ -159,6 +163,7 @@ def create_verifying_key_from_string(public_key_der: bytes) -> PublicKey:
        public_key_der,
        backend=default_backend(),
    )
+    assert isinstance(pub_key, PublicKey)
    return pub_key


--- a/src/allmydata/scripts/tahoe_put.py
+++ b/src/allmydata/scripts/tahoe_put.py
@ -11,7 +11,7 @@ from cryptography.hazmat.primitives.serialization import load_pem_private_key

 from twisted.python.filepath import FilePath

-from allmydata.crypto.rsa import der_string_from_signing_key
+from allmydata.crypto.rsa import PrivateKey, der_string_from_signing_key
 from allmydata.scripts.common_http import do_http, format_http_success, format_http_error
 from allmydata.scripts.common import get_alias, DEFAULT_ALIAS, escape_path, \
                                     UnknownAliasError
@ -23,6 +23,7 @@ def load_private_key(path: str) -> str:
    to include in the HTTP request.
    """
    privkey = load_pem_private_key(FilePath(path).getContent(), password=None)
+    assert isinstance(privkey, PrivateKey)
    derbytes = der_string_from_signing_key(privkey)
    return urlsafe_b64encode(derbytes).decode("ascii")

--- a/src/allmydata/test/cli/test_put.py
+++ b/src/allmydata/test/cli/test_put.py
@ -11,6 +11,7 @@ from twisted.python.filepath import FilePath

 from cryptography.hazmat.primitives.serialization import load_pem_private_key

+from allmydata.crypto.rsa import PrivateKey
 from allmydata.uri import from_string
 from allmydata.util import fileutil
 from allmydata.scripts.common import get_aliases
@ -262,6 +263,7 @@ class Put(GridTestMixin, CLITestMixin, unittest.TestCase):
        cap = from_string(out.strip())
        # The capability is derived from the key we specified.
        privkey = load_pem_private_key(pempath.getContent(), password=None)
+        assert isinstance(privkey, PrivateKey)
        pubkey = privkey.public_key()
        writekey, _, fingerprint = derive_mutable_keys((pubkey, privkey))
        self.assertEqual(