Change to Github Actions

.github/workflows/python-package.yml

@@ -0,0 +1,43 @@
+---
+name: CI
+
+on:
+  push:
+    branches: ["main"]
+  pull_request:
+    branches: ["main"]
+  workflow_dispatch:
+
+jobs:
+  tests:
+    name: "Python ${{ matrix.python-version }}"
+    runs-on: "ubuntu-latest"
+
+    strategy:
+      matrix:
+        python-version: ["3.8", "3.9", "3.10", "3.11", "3.12"]
+
+    steps:
+      - uses: "actions/checkout@v3"
+      - uses: "actions/setup-python@v4"
+        with:
+          python-version: "${{ matrix.python-version }}"
+          allow-prereleases: true
+          cache: pip
+
+      - name: "Install dependencies"
+        run: |
+          set -xe
+          python -VV
+          python -m site
+          python -m pip install --upgrade pip setuptools wheel
+          python -m pip install --upgrade coverage[toml] virtualenv tox tox-gh-actions
+
+      - name: "Run tox targets for ${{ matrix.python-version }}"
+        run: "python -m tox"
+      - name: "Convert coverage"
+        run: "python -m coverage xml"
+      - name: "Upload coverage to Codecov"
+        uses: "codecov/codecov-action@v1"
+        with:
+          fail_ci_if_error: true

README.rst

@@ -1,8 +1,8 @@
 pkcs7csr
 ========
 
-.. image:: https://travis-ci.org/magnuswatn/pkcs7csr.svg?branch=main
-    :target: https://travis-ci.org/magnuswatn/pkcs7csr
+.. image:: https://github.com/magnuswatn/pkcs7csr/workflows/CI/badge.svg?branch=main
+     :target: https://github.com/magnuswatn/pkcs7csr/actions?workflow=CI
 
 .. image:: https://codecov.io/gh/magnuswatn/pkcs7csr/branch/main/graph/badge.svg
     :target: https://codecov.io/gh/magnuswatn/pkcs7csr

pkcs7csr.py

@@ -9,14 +9,17 @@
 """
 
 import base64
-import binascii
+from typing import Optional, Tuple, Union
 
 from cryptography.hazmat.primitives import hashes, serialization
 from cryptography.hazmat.primitives.asymmetric import ec, padding, rsa
+from cryptography.x509 import Certificate
 from pyasn1.codec.der import decoder, encoder
 from pyasn1_modules import rfc2314, rfc2315
 
-__version__ = "1.0.2"
+__version__ = "1.0.3dev"
+
+Key = Union[ec.EllipticCurvePrivateKey, rsa.RSAPrivateKey]
 
 
 class UnsupportedKeyTypeError(Exception):
@@ -25,7 +28,7 @@ class UnsupportedKeyTypeError(Exception):
     pass
 
 
-def _create_csr(cert, private_key):
+def _create_csr(cert: tuple, private_key: Key) -> bytes:
     """Creates a CSR with the RENEWAL_CERTIFICATE extension"""
 
     subject_public_key_info = decoder.decode(
@@ -65,9 +68,7 @@ def _create_csr(cert, private_key):
         private_key, encoder.encode(certification_request_info)
     )
 
-    signature = rfc2314.univ.BitString(
-        hexValue=binascii.hexlify(raw_signature).decode("ascii")
-    )
+    signature = rfc2314.univ.BitString(hexValue=raw_signature.hex())
 
     certification_request = rfc2314.CertificationRequest()
     certification_request.setComponentByName(
@@ -79,7 +80,7 @@ def _create_csr(cert, private_key):
     return encoder.encode(certification_request)
 
 
-def _sign(key, payload):
+def _sign(key: Key, payload: bytes) -> Tuple[bytes, rfc2314.AlgorithmIdentifier]:
     """Signs the payload with the specified key"""
 
     signature_algorithm = rfc2314.AlgorithmIdentifier()
@@ -101,7 +102,7 @@ def _sign(key, payload):
     return signature, signature_algorithm
 
 
-def _create_pkcs7(cert, csr, private_key):
+def _create_pkcs7(cert: tuple, csr: bytes, private_key: Key) -> bytes:
     """Creates the PKCS7 structure and signs it"""
 
     content_info = rfc2315.ContentInfo()
@@ -115,9 +116,7 @@ def _create_pkcs7(cert, csr, private_key):
     )
 
     raw_signature, _ = _sign(private_key, csr)
-    signature = rfc2314.univ.OctetString(
-        hexValue=binascii.hexlify(raw_signature).decode("ascii")
-    )
+    signature = rfc2314.univ.OctetString(value=raw_signature)
 
     # Microsoft adds parameters with ASN.1 NULL encoding here,
     # but according to rfc5754 they should be absent:
@@ -169,7 +168,7 @@ def _create_pkcs7(cert, csr, private_key):
     return encoder.encode(outer_content_info)
 
 
-def _pem_encode_csr(csr):
+def _pem_encode_csr(csr: bytes) -> str:
     """Encodes the CSR in PEM format"""
     b64_csr = base64.b64encode(csr).decode("ascii")
     b64rn_csr = "\r\n".join(
@@ -181,7 +180,11 @@ def _pem_encode_csr(csr):
     return pem_csr
 
 
-def create_pkcs7csr(cert, key, new_key=None):
+def create_pkcs7csr(
+    cert: Certificate,
+    key: Key,
+    new_key: Optional[Key] = None,
+) -> str:
     """
     Creates a Microsoft style "PKCS #7 renewal request"
 

pyproject.toml

@@ -0,0 +1,59 @@
+[build-system]
+requires = ["hatchling"]
+build-backend = "hatchling.build"
+
+[project]
+name = "pkcs7csr"
+dynamic = ["version"]
+description = "A Python module for creating Microsoft style \"PKCS #7 renewal requests\""
+readme = "README.rst"
+license = "MIT"
+authors = [
+    { name = "Magnus Watn" },
+]
+keywords = [
+    "ad",
+    "adcs",
+    "certificate",
+    "certsrv",
+    "csr",
+    "iis",
+    "pki",
+    "renewal",
+]
+classifiers = [
+    "Development Status :: 4 - Beta",
+    "Intended Audience :: Developers",
+    "Intended Audience :: System Administrators",
+    "License :: OSI Approved :: MIT License",
+    "Operating System :: POSIX :: Linux",
+    "Programming Language :: Python :: 3",
+    "Programming Language :: Python :: 3.8",
+    "Programming Language :: Python :: 3.9",
+    "Programming Language :: Python :: 3.10",
+    "Programming Language :: Python :: 3.11",
+    "Programming Language :: Python :: 3.12",
+    "Topic :: Internet :: WWW/HTTP",
+    "Topic :: Security",
+    "Topic :: Software Development :: Libraries",
+    "Topic :: System :: Systems Administration",
+]
+dependencies = [
+    "cryptography",
+    "pyasn1",
+    "pyasn1-modules",
+]
+
+[project.urls]
+Homepage = "https://github.com/magnuswatn/pkcs7csr"
+
+[tool.hatch.version]
+path = "pkcs7csr.py"
+
+[tool.hatch.build.targets.sdist]
+include = [
+    "/pkcs7csr.py",
+]
+
+[tool.hatch.envs.default]
+dependencies = ["pytest"]