python-trio · pquentin · Jul 7, 2024 · May 24, 2024 · Jul 7, 2024
diff --git a/lint-requirements.txt b/lint-requirements.txt
@@ -4,7 +4,7 @@
 #
 #    pip-compile lint-requirements.in
 #
-black==24.2.0
+black==24.4.2
     # via -r lint-requirements.in
 cffi==1.16.0
     # via cryptography

diff --git a/src/trustme/__init__.py b/src/trustme/__init__.py
@@ -256,38 +256,37 @@ def __init__(
             parent_certificate = parent_cert._certificate
             issuer = parent_certificate.subject
             ski_ext = parent_certificate.extensions.get_extension_for_class(
-                x509.SubjectKeyIdentifier)
-            aki = x509.AuthorityKeyIdentifier.from_issuer_subject_key_identifier(ski_ext.value)
+                x509.SubjectKeyIdentifier
+            )
+            aki = x509.AuthorityKeyIdentifier.from_issuer_subject_key_identifier(
+                ski_ext.value
+            )
         else:
             aki = None
-        cert_builder = (
-            _cert_builder_common(name, issuer, self._private_key.public_key())
-            .add_extension(
-                x509.BasicConstraints(ca=True, path_length=path_length),
-                critical=True,
-            )
+        cert_builder = _cert_builder_common(
+            name, issuer, self._private_key.public_key()
+        ).add_extension(
+            x509.BasicConstraints(ca=True, path_length=path_length),
+            critical=True,
         )
         if aki:
             cert_builder = cert_builder.add_extension(aki, critical=False)
-        self._certificate = (
-            cert_builder.add_extension(
-                x509.KeyUsage(
-                    digital_signature=True,  # OCSP
-                    content_commitment=False,
-                    key_encipherment=False,
-                    data_encipherment=False,
-                    key_agreement=False,
-                    key_cert_sign=True,  # sign certs
-                    crl_sign=True,  # sign revocation lists
-                    encipher_only=False,
-                    decipher_only=False,
-                ),
-                critical=True,
-            )
-            .sign(
-                private_key=sign_key,
-                algorithm=hashes.SHA256(),
-            )
+        self._certificate = cert_builder.add_extension(
+            x509.KeyUsage(
+                digital_signature=True,  # OCSP
+                content_commitment=False,
+                key_encipherment=False,
+                data_encipherment=False,
+                key_agreement=False,
+                key_cert_sign=True,  # sign certs
+                crl_sign=True,  # sign revocation lists
+                encipher_only=False,
+                decipher_only=False,
+            ),
+            critical=True,
+        ).sign(
+            private_key=sign_key,
+            algorithm=hashes.SHA256(),
         )
 
     @property

diff --git a/tests/test_trustme.py b/tests/test_trustme.py
@@ -201,7 +201,8 @@ def test_intermediate() -> None:
     aki = child_ca_cert.extensions.get_extension_for_class(x509.AuthorityKeyIdentifier)
     assert aki.critical is False
     expected_aki_key_id = ca_cert.extensions.get_extension_for_class(
-        x509.SubjectKeyIdentifier).value.digest
+        x509.SubjectKeyIdentifier
+    ).value.digest
     assert aki.value.key_identifier == expected_aki_key_id
 
     child_server = child_ca.issue_cert("test-host.example.org")