switch to cryptography: add missing part of the commit and remove unn…

…eccessary name parts

src/werkzeug/serving.py

@@ -40,7 +40,8 @@
 import signal
 import socket
 import sys
-from datetime import timedelta, datetime as dt
+from datetime import datetime as dt
+from datetime import timedelta
 
 import werkzeug
 from ._compat import PY2
@@ -483,38 +484,32 @@ def generate_adhoc_ssl_pair(cn=None):
         from cryptography.hazmat.primitives import hashes
         from cryptography.hazmat.primitives.asymmetric import rsa
     except ImportError:
-        raise TypeError(
-            "Using ad-hoc certificates requires the cryptography library."
-        )
+        raise TypeError("Using ad-hoc certificates requires the cryptography library.")
     pkey = rsa.generate_private_key(
-        public_exponent=65537,
-        key_size=2048,
-        backend=default_backend()
+        public_exponent=65537, key_size=2048, backend=default_backend()
     )
 
     # pretty damn sure that this is not actually accepted by anyone
     if cn is None:
         cn = u"*"
 
-    subject = x509.Name([
-        x509.NameAttribute(NameOID.COUNTRY_NAME, u"US"),
-        x509.NameAttribute(NameOID.STATE_OR_PROVINCE_NAME, u"California"),
-        x509.NameAttribute(NameOID.LOCALITY_NAME, u"San Francisco"),
-        x509.NameAttribute(NameOID.ORGANIZATION_NAME, u"Dummy Certificate"),
-        x509.NameAttribute(NameOID.COMMON_NAME, cn),
-    ])
-
-    cert = x509.CertificateBuilder().subject_name(
-        subject
-    ).issuer_name(
-        subject
-    ).public_key(
-        pkey.public_key()
-    ).serial_number(
-        x509.random_serial_number()
-    ).not_valid_before(dt.utcnow()).not_valid_after(
-        dt.utcnow() + timedelta(days=365)
-    ).sign(pkey, hashes.SHA256(), default_backend())
+    subject = x509.Name(
+        [
+            x509.NameAttribute(NameOID.ORGANIZATION_NAME, u"Dummy Certificate"),
+            x509.NameAttribute(NameOID.COMMON_NAME, cn),
+        ]
+    )
+
+    cert = (
+        x509.CertificateBuilder()
+        .subject_name(subject)
+        .issuer_name(subject)
+        .public_key(pkey.public_key())
+        .serial_number(x509.random_serial_number())
+        .not_valid_before(dt.utcnow())
+        .not_valid_after(dt.utcnow() + timedelta(days=365))
+        .sign(pkey, hashes.SHA256(), default_backend())
+    )
     return cert, pkey
 
 
@@ -549,11 +544,13 @@ def make_ssl_devcert(base_path, host=None, cn=None):
     with open(cert_file, "wb") as f:
         f.write(cert.public_bytes(serialization.Encoding.PEM))
     with open(pkey_file, "wb") as f:
-        f.write(pkey.private_bytes(
-            encoding=serialization.Encoding.PEM,
-            format=serialization.PrivateFormat.TraditionalOpenSSL,
-            encryption_algorithm=serialization.NoEncryption(),
-        ))
+        f.write(
+            pkey.private_bytes(
+                encoding=serialization.Encoding.PEM,
+                format=serialization.PrivateFormat.TraditionalOpenSSL,
+                encryption_algorithm=serialization.NoEncryption(),
+            )
+        )
 
     return cert_file, pkey_file
 
@@ -579,7 +576,7 @@ def generate_adhoc_ssl_context():
             encoding=serialization.Encoding.PEM,
             format=serialization.PrivateFormat.TraditionalOpenSSL,
             encryption_algorithm=serialization.NoEncryption(),
-        )
+        ),
     )
 
     os.close(cert_handle)

tests/test_serving.py

@@ -101,7 +101,9 @@ def app(environ, start_response):
     not hasattr(ssl, "SSLContext"),
     reason="Missing PEP 466 (Python 2.7.9+) or Python 3.",
 )
-@pytest.mark.skipif(cryptography is None, reason="cryptography is required for cert generation.")
+@pytest.mark.skipif(
+    cryptography is None, reason="cryptography is required for cert generation."
+)
 def test_stdlib_ssl_contexts(dev_server, tmpdir):
     certificate, private_key = serving.make_ssl_devcert(str(tmpdir.mkdir("certs")))