Implement Brad's suggestions

acme/acme/challenges.py

@@ -147,9 +147,9 @@ class KeyAuthorizationChallenge(_TokenChallenge):
 
     :param response_cls: Subclass of `KeyAuthorizationChallengeResponse`
         that will be used to generate `response`.
-    :param typ: type of the challenge
+    :param str typ: type of the challenge
     """
-    type = NotImplemented
+    typ = NotImplemented
     response_cls = NotImplemented
     thumbprint_hash_function = (
         KeyAuthorizationChallengeResponse.thumbprint_hash_function)

acme/acme/crypto_util.py

@@ -13,6 +13,7 @@ import josepy as jose
 from acme import errors
 # pylint: disable=unused-import, no-name-in-module
 from acme.magic_typing import Callable, Union, Tuple, Optional
+# pylint: enable=unused-import, no-name-in-module
 
 
 logger = logging.getLogger(__name__)

acme/acme/magic_typing.py

@@ -8,7 +8,9 @@ class TypingClass(object):
 
 try:
     # mypy doesn't respect modifying sys.modules
-    from typing import * # pylint: disable=wildcard-import, unused-wildcard-import
-    from typing import IO  # pylint: disable=unused-import
+    from typing import *  # pylint: disable=wildcard-import, unused-wildcard-import
+    # pylint: disable=unused-import
+    from typing import Collection, IO  # type: ignore
+    # pylint: enable=unused-import
 except ImportError:
     sys.modules[__name__] = TypingClass()

certbot/auth_handler.py

@@ -8,7 +8,8 @@ import zope.component
 
 from acme import challenges
 from acme import messages
-from acme.magic_typing import DefaultDict, Dict, List, Set  # pylint: disable=unused-import, no-name-in-module
+# pylint: disable=unused-import, no-name-in-module
+from acme.magic_typing import DefaultDict, Dict, List, Set, Collection
 from certbot import achallenges
 from certbot import errors
 from certbot import error_handler
@@ -117,7 +118,7 @@ class AuthHandler(object):
 
     def _solve_challenges(self, aauthzrs):
         """Get Responses for challenges from authenticators."""
-        resp = []  # type: List[str]
+        resp = []  # type: Collection[acme.challenges.ChallengeResponse]
         all_achalls = self._get_all_achalls(aauthzrs)
         try:
             if all_achalls:
@@ -133,7 +134,7 @@ class AuthHandler(object):
 
     def _get_all_achalls(self, aauthzrs):
         """Return all active challenges."""
-        all_achalls = []  # type: List[achallenges.KeyAuthorizationAnnotatedChallenge]
+        all_achalls = []  # type: Collection[challenges.ChallengeResponse]
         for aauthzr in aauthzrs:
             all_achalls.extend(aauthzr.achalls)
         return all_achalls

certbot/cli.py

@@ -19,6 +19,7 @@ from zope.interface import interfaces as zope_interfaces
 from acme import challenges
 # pylint: disable=unused-import, no-name-in-module
 from acme.magic_typing import Any, Dict, Optional
+# pylint: enable=unused-import, no-name-in-module
 
 import certbot
 

certbot/client.py

@@ -5,6 +5,8 @@ import os
 import platform
 
 from cryptography.hazmat.backends import default_backend
+# https://github.com/python/typeshed/blob/master/third_party/
+# 2/cryptography/hazmat/primitives/asymmetric/rsa.pyi
 from cryptography.hazmat.primitives.asymmetric.rsa import generate_private_key  # type: ignore
 import josepy as jose
 import OpenSSL
@@ -605,7 +607,7 @@ def validate_key_csr(privkey, csr=None):
         if csr.form == "der":
             csr_obj = OpenSSL.crypto.load_certificate_request(
                 OpenSSL.crypto.FILETYPE_ASN1, csr.data)
-            cert_buffer = OpenSSL.crypto.dump_certificate(  # type: ignore
+            cert_buffer = OpenSSL.crypto.dump_certificate_request(
                 OpenSSL.crypto.FILETYPE_PEM, csr_obj
             )
             csr = util.CSR(csr.file, cert_buffer, "pem")

certbot/crypto_util.py

@@ -15,6 +15,7 @@ import zope.component
 from OpenSSL import crypto
 from OpenSSL import SSL  # type: ignore
 from cryptography.hazmat.backends import default_backend
+# https://github.com/python/typeshed/tree/master/third_party/2/cryptography
 from cryptography import x509  # type: ignore
 
 from acme import crypto_util as acme_crypto_util

certbot/error_handler.py

@@ -7,6 +7,7 @@ import traceback
 
 # pylint: disable=unused-import, no-name-in-module
 from acme.magic_typing import Any, Callable, Dict, List, Union
+# pylint: enable=unused-import, no-name-in-module
 
 from certbot import errors
 
@@ -59,8 +60,8 @@ class ErrorHandler(object):
     def __init__(self, func=None, *args, **kwargs):
         self.call_on_regular_exit = False
         self.body_executed = False
-        self.funcs = []  # type: List[Callable[[], None]]
-        self.prev_handlers = {}  # type: Dict[int, Union[int, None, Callable[[], None]]]
+        self.funcs = []  # type: List[Callable[[], Any]]
+        self.prev_handlers = {}  # type: Dict[int, Union[int, None, Callable]]
         self.received_signals = []  # type: List[int]
         if func is not None:
             self.register(func, *args, **kwargs)

certbot/plugins/standalone.py

@@ -3,6 +3,7 @@ import argparse
 import collections
 import logging
 import socket
+# https://github.com/python/typeshed/blob/master/stdlib/2and3/socket.pyi
 from socket import errno as socket_errors  # type: ignore
 
 import OpenSSL
@@ -196,8 +197,9 @@ class Authenticator(common.Plugin):
         # values, main thread writes). Due to the nature of CPython's
         # GIL, the operations are safe, c.f.
         # https://docs.python.org/2/faq/library.html#what-kinds-of-global-value-mutation-are-thread-safe
-        self.certs = {}  # type: Dict[bytes, Tuple[OpenSSL.crypto.PKey, OpenSSL.crypto.PKey]]
-        self.http_01_resources = set()  # type: Set[challenges.HTTP01Response]
+        self.certs = {}  # type: Dict[bytes, Tuple[OpenSSL.crypto.PKey, OpenSSL.crypto.X509]]
+        self.http_01_resources = set() \
+        # type: Set[acme_standalone.HTTP01RequestHandler.HTTP01Resource]
 
         self.servers = ServerManager(self.certs, self.http_01_resources)
 

certbot/plugins/standalone_test.py

@@ -2,6 +2,7 @@
 import argparse
 import socket
 import unittest
+# https://github.com/python/typeshed/blob/master/stdlib/2and3/socket.pyi
 from socket import errno as socket_errors  # type: ignore
 
 import josepy as jose
@@ -11,6 +12,7 @@ import six
 import OpenSSL.crypto  # pylint: disable=unused-import
 
 from acme import challenges
+from acme import standalone as acme_standalone  # pylint: disable=unused-import
 from acme.magic_typing import Dict, Tuple, Set  # pylint: disable=unused-import, no-name-in-module
 
 from certbot import achallenges
@@ -25,8 +27,9 @@ class ServerManagerTest(unittest.TestCase):
 
     def setUp(self):
         from certbot.plugins.standalone import ServerManager
-        self.certs = {}  # type: Dict[bytes, Tuple[OpenSSL.crypto.PKey, OpenSSL.crypto.PKey]]
-        self.http_01_resources = {}  # type: Set[challenges.HTTP01Response]
+        self.certs = {}  # type: Dict[bytes, Tuple[OpenSSL.crypto.PKey, OpenSSL.crypto.X509]]
+        self.http_01_resources = {} \
+        # type: Set[acme_standalone.HTTP01RequestHandler.HTTP01Resource]
         self.mgr = ServerManager(self.certs, self.http_01_resources)
 
     def test_init(self):

certbot/plugins/webroot.py

@@ -10,11 +10,12 @@ import six
 import zope.component
 import zope.interface
 
-from acme import challenges  # pylint: disable=unused-import,
+from acme import challenges  # pylint: disable=unused-import
 # pylint: disable=unused-import, no-name-in-module
 from acme.magic_typing import Dict, Set, DefaultDict, List
+# pylint: enable=unused-import, no-name-in-module
 
-from certbot import achallenges
+from certbot import achallenges  # pylint: disable=unused-import
 from certbot import cli
 from certbot import errors
 from certbot import interfaces

certbot/tests/error_handler_test.py

@@ -8,6 +8,7 @@ import unittest
 import mock
 # pylint: disable=unused-import, no-name-in-module
 from acme.magic_typing import Callable, Dict, Union
+# pylint: enable=unused-import, no-name-in-module
 
 
 def get_signals(signums):
@@ -25,8 +26,7 @@ def set_signals(sig_handler_dict):
 def signal_receiver(signums):
     """Context manager to catch signals"""
     signals = []
-    prev_handlers = {}  # type: Dict[int, Union[int, None, Callable[[], None]]]
-    prev_handlers = get_signals(signums)
+    prev_handlers = get_signals(signums)  # type: Dict[int, Union[int, None, Callable]]
     set_signals(dict((s, lambda s, _: signals.append(s)) for s in signums))
     yield signals
     set_signals(prev_handlers)

mypy.ini

@@ -37,6 +37,3 @@ check_untyped_defs = True
 
 [mypy-certbot_dns_digitalocean.*]
 check_untyped_defs = True
-
-[mypy-certbot_nginx.*]
-check_untyped_defs = True