derivepassphrase.git

@@ -152,9 +152,10 @@ parametrize-names-type = 'list'

 [tool.ruff.lint.extend-per-file-ignores]

 "**/tests/**/*" = [

-  'SLF001',

   'A002',

   'FBT001',

+  'PLC2701',

+  'SLF001',

 ]

 [tool.hatch.envs.hatch-static-analysis]

@@ -6,7 +6,8 @@

 from __future__ import annotations

-from typing import TypeGuard

+import enum

+from typing import NamedTuple, TypeGuard

 from typing_extensions import (

     Any,

@@ -15,10 +16,13 @@ from typing_extensions import (

     TypedDict,

 )

-import derivepassphrase

-

-__author__ = derivepassphrase.__author__

-__version__ = derivepassphrase.__version__

+__all__ = (

+    'SSH_AGENT',

+    'SSH_AGENTC',

+    'KeyCommentPair',

+    'VaultConfig',

+    'is_vault_config',

+)

 class VaultConfigGlobalSettings(TypedDict, total=False):

@@ -145,3 +149,46 @@ def is_vault_config(obj: Any) -> TypeGuard[VaultConfig]:

         if 'key' in service and 'phrase' in service:

             return False

     return True

+

+

+class KeyCommentPair(NamedTuple):

+    """SSH key plus comment pair.  For typing purposes.

+

+    Attributes:

+        key: SSH key.

+        comment: SSH key comment.

+

+    """

+

+    key: bytes | bytearray

+    comment: bytes | bytearray

+

+

+class SSH_AGENTC(enum.Enum):  # noqa: N801

+    """SSH agent protocol numbers: client requests.

+

+    Attributes:

+        REQUEST_IDENTITIES:

+            List identities.  Expecting `SSH_AGENT.IDENTITIES_ANSWER`.

+        SIGN_REQUEST:

+            Sign data.  Expecting `SSH_AGENT.SIGN_RESPONSE`.

+

+    """

+

+    REQUEST_IDENTITIES: int = 11

+    SIGN_REQUEST: int = 13

+

+

+class SSH_AGENT(enum.Enum):  # noqa: N801

+    """SSH agent protocol numbers: server replies.

+

+    Attributes:

+        IDENTITIES_ANSWER:

+            Successful answer to `SSH_AGENTC.REQUEST_IDENTITIES`.

+        SIGN_RESPONSE:

+            Successful answer to `SSH_AGENTC.SIGN_REQUEST`.

+

+    """

+

+    IDENTITIES_ANSWER: int = 12

+    SIGN_RESPONSE: int = 14

@@ -27,8 +27,7 @@ from typing_extensions import (

 )

 import derivepassphrase as dpp

-from derivepassphrase import ssh_agent, vault

-from derivepassphrase import types as dpp_types

+from derivepassphrase import _types, ssh_agent, vault

 if TYPE_CHECKING:

     import pathlib

@@ -68,7 +67,7 @@ def _config_filename() -> str | bytes | pathlib.Path:

     return os.path.join(path, 'settings.json')

-def _load_config() -> dpp_types.VaultConfig:

+def _load_config() -> _types.VaultConfig:

     """Load a vault(1)-compatible config from the application directory.

     The filename is obtained via

@@ -90,12 +89,12 @@ def _load_config() -> dpp_types.VaultConfig:

     filename = _config_filename()

     with open(filename, 'rb') as fileobj:

         data = json.load(fileobj)

-    if not dpp_types.is_vault_config(data):

+    if not _types.is_vault_config(data):

         raise ValueError(_INVALID_VAULT_CONFIG)

     return data

-def _save_config(config: dpp_types.VaultConfig, /) -> None:

+def _save_config(config: _types.VaultConfig, /) -> None:

     """Save a vault(1)-compatible config to the application directory.

     The filename is obtained via

@@ -113,7 +112,7 @@ def _save_config(config: dpp_types.VaultConfig, /) -> None:

             The data cannot be stored as a vault(1)-compatible config.

     """

-    if not dpp_types.is_vault_config(config):

+    if not _types.is_vault_config(config):

         raise ValueError(_INVALID_VAULT_CONFIG)

     filename = _config_filename()

     filedir = os.path.dirname(os.path.abspath(filename))

@@ -128,7 +127,7 @@ def _save_config(config: dpp_types.VaultConfig, /) -> None:

 def _get_suitable_ssh_keys(

     conn: ssh_agent.SSHAgentClient | socket.socket | None = None, /

-) -> Iterator[ssh_agent.types.KeyCommentPair]:

+) -> Iterator[_types.KeyCommentPair]:

     """Yield all SSH keys suitable for passphrase derivation.

     Suitable SSH keys are queried from the running SSH agent (see

@@ -845,7 +844,7 @@ def derivepassphrase(

                     opt_str, f'mutually exclusive with {other_str}', ctx=ctx

                 )

-    def get_config() -> dpp_types.VaultConfig:

+    def get_config() -> _types.VaultConfig:

         try:

             return _load_config()

         except FileNotFoundError:

@@ -853,7 +852,7 @@ def derivepassphrase(

         except Exception as e:  # noqa: BLE001

             ctx.fail(f'cannot load config: {e}')

-    configuration: dpp_types.VaultConfig

+    configuration: _types.VaultConfig

     check_incompatible_options('--phrase', '--key')

     for group in (ConfigurationOption, StorageManagementOption):

@@ -903,7 +902,7 @@ def derivepassphrase(

         assert service is not None

         configuration = get_config()

         text = DEFAULT_NOTES_TEMPLATE + configuration['services'].get(

-            service, cast(dpp_types.VaultConfigServicesSettings, {})

+            service, cast(_types.VaultConfigServicesSettings, {})

         ).get('notes', '')

         notes_value = click.edit(text=text)

         if notes_value is not None:

@@ -947,7 +946,7 @@ def derivepassphrase(

             ctx.fail(f'Cannot load config: cannot decode JSON: {e}')

         except OSError as e:

             ctx.fail(f'Cannot load config: {e.strerror}')

-        if dpp_types.is_vault_config(maybe_config):

+        if _types.is_vault_config(maybe_config):

             _save_config(maybe_config)

         else:

             ctx.fail('not a valid config')

@@ -1037,7 +1036,7 @@ def derivepassphrase(

                 configuration['services'].setdefault(service, {}).update(view)  # type: ignore[typeddict-item]

             else:

                 configuration.setdefault('global', {}).update(view)  # type: ignore[typeddict-item]

-            assert dpp_types.is_vault_config(

+            assert _types.is_vault_config(

                 configuration

             ), f'invalid vault configuration: {configuration!r}'

             _save_config(configuration)

@@ -14,7 +14,7 @@ from typing import TYPE_CHECKING

 from typing_extensions import Self

-from derivepassphrase.ssh_agent import types

+from derivepassphrase import _types

 if TYPE_CHECKING:

     from collections.abc import Sequence

@@ -273,7 +273,7 @@ class SSHAgentClient:

             raise EOFError(msg)

         return response[0], response[1:]

-    def list_keys(self) -> Sequence[types.KeyCommentPair]:

+    def list_keys(self) -> Sequence[_types.KeyCommentPair]:

         """Request a list of keys known to the SSH agent.

         Returns:

@@ -289,9 +289,9 @@ class SSHAgentClient:

         """

         response_code, response = self.request(

-            types.SSH_AGENTC.REQUEST_IDENTITIES.value, b''

+            _types.SSH_AGENTC.REQUEST_IDENTITIES.value, b''

         )

-        if response_code != types.SSH_AGENT.IDENTITIES_ANSWER.value:

+        if response_code != _types.SSH_AGENT.IDENTITIES_ANSWER.value:

             msg = (

                 f'error return from SSH agent: '

                 f'{response_code = }, {response = }'

@@ -312,7 +312,7 @@ class SSHAgentClient:

             return bytes(buf)

         key_count = int.from_bytes(shift(4), 'big')

-        keys: collections.deque[types.KeyCommentPair]

+        keys: collections.deque[_types.KeyCommentPair]

         keys = collections.deque()

         for _ in range(key_count):

             key_size = int.from_bytes(shift(4), 'big')

@@ -320,7 +320,7 @@ class SSHAgentClient:

             comment_size = int.from_bytes(shift(4), 'big')

             comment = shift(comment_size)

             # Both `key` and `comment` are not wrapped as SSH strings.

-            keys.append(types.KeyCommentPair(key, comment))

+            keys.append(_types.KeyCommentPair(key, comment))

         if response_stream:

             raise TrailingDataError

         return keys

@@ -378,9 +378,9 @@ class SSHAgentClient:

         request_data.extend(self.string(payload))

         request_data.extend(self.uint32(flags))

         response_code, response = self.request(

-            types.SSH_AGENTC.SIGN_REQUEST.value, request_data

+            _types.SSH_AGENTC.SIGN_REQUEST.value, request_data

         )

-        if response_code != types.SSH_AGENT.SIGN_RESPONSE.value:

+        if response_code != _types.SSH_AGENT.SIGN_RESPONSE.value:

             msg = f'signing data failed: {response_code = }, {response = }'

             raise RuntimeError(msg)

         return self.unstring(response)

@@ -1,55 +0,0 @@

-# SPDX-FileCopyrightText: 2024 Marco Ricci <m@the13thletter.info>

-#

-# SPDX-License-Identifier: MIT

-

-"""Common typing declarations for the parent module."""

-

-from __future__ import annotations

-

-import enum

-from typing import NamedTuple

-

-__all__ = ('SSH_AGENT', 'SSH_AGENTC', 'KeyCommentPair')

-

-

-class KeyCommentPair(NamedTuple):

-    """SSH key plus comment pair.  For typing purposes.

-

-    Attributes:

-        key: SSH key.

-        comment: SSH key comment.

-

-    """

-

-    key: bytes | bytearray

-    comment: bytes | bytearray

-

-

-class SSH_AGENTC(enum.Enum):  # noqa: N801

-    """SSH agent protocol numbers: client requests.

-

-    Attributes:

-        REQUEST_IDENTITIES:

-            List identities.  Expecting `SSH_AGENT.IDENTITIES_ANSWER`.

-        SIGN_REQUEST:

-            Sign data.  Expecting `SSH_AGENT.SIGN_RESPONSE`.

-

-    """

-

-    REQUEST_IDENTITIES: int = 11

-    SIGN_REQUEST: int = 13

-

-

-class SSH_AGENT(enum.Enum):  # noqa: N801

-    """SSH agent protocol numbers: server replies.

-

-    Attributes:

-        IDENTITIES_ANSWER:

-            Successful answer to `SSH_AGENTC.REQUEST_IDENTITIES`.

-        SIGN_RESPONSE:

-            Successful answer to `SSH_AGENTC.SIGN_REQUEST`.

-

-    """

-

-    IDENTITIES_ANSWER: int = 12

-    SIGN_RESPONSE: int = 14

@@ -12,11 +12,7 @@ from typing import TYPE_CHECKING

 import pytest

-import derivepassphrase

-import derivepassphrase.cli

-import derivepassphrase.ssh_agent

-import derivepassphrase.ssh_agent.types

-import derivepassphrase.types

+from derivepassphrase import _types, cli

 __all__ = ()

@@ -355,11 +351,9 @@ skip_if_no_agent = pytest.mark.skipif(

 )

-def list_keys(

-    self: Any = None,

-) -> list[derivepassphrase.ssh_agent.types.KeyCommentPair]:

+def list_keys(self: Any = None) -> list[_types.KeyCommentPair]:

     del self  # Unused.

-    Pair = derivepassphrase.ssh_agent.types.KeyCommentPair  # noqa: N806

+    Pair = _types.KeyCommentPair  # noqa: N806

     list1 = [

         Pair(value['public_key_data'], f'{key} test key'.encode('ASCII'))

         for key, value in SUPPORTED_KEYS.items()

@@ -371,11 +365,9 @@ def list_keys(

     return list1 + list2

-def list_keys_singleton(

-    self: Any = None,

-) -> list[derivepassphrase.ssh_agent.types.KeyCommentPair]:

+def list_keys_singleton(self: Any = None) -> list[_types.KeyCommentPair]:

     del self  # Unused.

-    Pair = derivepassphrase.ssh_agent.types.KeyCommentPair  # noqa: N806

+    Pair = _types.KeyCommentPair  # noqa: N806

     list1 = [

         Pair(value['public_key_data'], f'{key} test key'.encode('ASCII'))

         for key, value in SUPPORTED_KEYS.items()

@@ -383,11 +375,9 @@ def list_keys_singleton(

     return list1[:1]

-def suitable_ssh_keys(

-    conn: Any,

-) -> Iterator[derivepassphrase.ssh_agent.types.KeyCommentPair]:

+def suitable_ssh_keys(conn: Any) -> Iterator[_types.KeyCommentPair]:

     del conn  # Unused.

-    Pair = derivepassphrase.ssh_agent.types.KeyCommentPair  # noqa: N806

+    Pair = _types.KeyCommentPair  # noqa: N806

     yield from [

         Pair(DUMMY_KEY1, b'no comment'),

         Pair(DUMMY_KEY2, b'a comment'),

@@ -406,21 +396,14 @@ def isolated_config(

     runner: click.testing.CliRunner,

     config: Any,

 ) -> Iterator[None]:

-    prog_name = derivepassphrase.cli.PROG_NAME

+    prog_name = cli.PROG_NAME

     env_name = prog_name.replace(' ', '_').upper() + '_PATH'

     with runner.isolated_filesystem():

         monkeypatch.setenv('HOME', os.getcwd())

         monkeypatch.setenv('USERPROFILE', os.getcwd())

         monkeypatch.delenv(env_name, raising=False)

-        os.makedirs(

-            os.path.dirname(derivepassphrase.cli._config_filename()),

-            exist_ok=True,

-        )

-        with open(

-            derivepassphrase.cli._config_filename(),

-            'w',

-            encoding='UTF-8',

-        ) as outfile:

+        os.makedirs(os.path.dirname(cli._config_filename()), exist_ok=True)

+        with open(cli._config_filename(), 'w', encoding='UTF-8') as outfile:

             json.dump(config, outfile)

         yield

@@ -17,7 +17,7 @@ from typing_extensions import NamedTuple

 import derivepassphrase as dpp

 import tests

-from derivepassphrase import cli, ssh_agent

+from derivepassphrase import _types, cli, ssh_agent

 if TYPE_CHECKING:

     from collections.abc import Callable

@@ -308,7 +308,7 @@ class TestCLI:

     def test_204a_key_from_config(

         self,

         monkeypatch: Any,

-        config: dpp.types.VaultConfig,

+        config: _types.VaultConfig,

     ) -> None:

         runner = click.testing.CliRunner(mix_stderr=False)

         with tests.isolated_config(

@@ -1282,8 +1282,8 @@ Boo.

         self,

         monkeypatch: Any,

         command_line: list[str],

-        config: dpp.types.VaultConfig,

-        result_config: dpp.types.VaultConfig,

+        config: _types.VaultConfig,

+        result_config: _types.VaultConfig,

     ) -> None:

         runner = click.testing.CliRunner(mix_stderr=False)

         for start_config in [config, result_config]:

@@ -19,7 +19,7 @@ import pytest

 from typing_extensions import Any

 import tests

-from derivepassphrase import cli, ssh_agent, vault

+from derivepassphrase import _types, cli, ssh_agent, vault

 if TYPE_CHECKING:

     from collections.abc import Iterator

@@ -418,7 +418,7 @@ class TestAgentInteraction:

     ) -> None:

         client = ssh_agent.SSHAgentClient()

         monkeypatch.setattr(client, 'request', lambda a, b: response)  # noqa: ARG005

-        KeyCommentPair = ssh_agent.types.KeyCommentPair  # noqa: N806

+        KeyCommentPair = _types.KeyCommentPair  # noqa: N806

         loaded_keys = [

             KeyCommentPair(v['public_key_data'], b'no comment')

             for v in tests.SUPPORTED_KEYS.values()

@@ -7,7 +7,7 @@ from __future__ import annotations

 import pytest

 from typing_extensions import Any

-import derivepassphrase.types

+from derivepassphrase import _types

 @pytest.mark.parametrize(

@@ -89,7 +89,7 @@ import derivepassphrase.types

     ],

 )

 def test_200_is_vault_config(obj: Any, comment: str) -> None:

-    is_vault_config = derivepassphrase.types.is_vault_config

+    is_vault_config = _types.is_vault_config

     assert is_vault_config(obj) == (not comment), (

         'failed to complain about: ' + comment

         if comment

@@ -0,0 +1 @@

+Combine and consolidate `derivepassphrase.types` and `derivepassphrase.ssh_agent.types` into a new submodule `derivepassphrase._types`.  Despite the name, the module is public.