From dcf6ac240de1d9c465868964c972a632ebbf0170 Mon Sep 17 00:00:00 2001
From: Alex Gaynor <alex.gaynor@gmail.com>
Date: Thu, 7 Mar 2024 13:57:37 -0500
Subject: [PATCH] Updates for ruff 0.3.1 (#10548)

---
 .../custom-vectors/arc4/generate_arc4.py      |  5 ++---
 .../rsa-oaep-sha2/generate_rsa_oaep_sha2.py   |  5 ++---
 .../hazmat/backends/openssl/backend.py        |  8 +++----
 .../hazmat/bindings/openssl/binding.py        |  5 ++---
 .../hazmat/primitives/ciphers/modes.py        | 19 ++++++----------
 .../hazmat/primitives/kdf/pbkdf2.py           |  4 +---
 src/cryptography/x509/extensions.py           | 21 +++++++++---------
 tests/hazmat/primitives/test_dsa.py           |  5 ++---
 tests/hazmat/primitives/test_ec.py            |  5 ++---
 tests/hazmat/primitives/test_pkcs12.py        | 22 ++++++++-----------
 tests/wycheproof/test_rsa.py                  |  5 ++---
 11 files changed, 44 insertions(+), 60 deletions(-)

diff --git a/docs/development/custom-vectors/arc4/generate_arc4.py b/docs/development/custom-vectors/arc4/generate_arc4.py
index 208d18585ac6..3f81691e817a 100644
--- a/docs/development/custom-vectors/arc4/generate_arc4.py
+++ b/docs/development/custom-vectors/arc4/generate_arc4.py
@@ -80,9 +80,8 @@ def _build_vectors():
                 output.append(f"OFFSET = {offset}")
                 output.append(f"PLAINTEXT = {binascii.hexlify(plaintext)}")
                 output.append(
-                    "CIPHERTEXT = {}".format(
-                        binascii.hexlify(encryptor.update(plaintext))
-                    )
+                    f"CIPHERTEXT = "
+                    f"{binascii.hexlify(encryptor.update(plaintext))}"
                 )
                 current_offset += len(plaintext)
             assert not encryptor.finalize()
diff --git a/docs/development/custom-vectors/rsa-oaep-sha2/generate_rsa_oaep_sha2.py b/docs/development/custom-vectors/rsa-oaep-sha2/generate_rsa_oaep_sha2.py
index f9e79122686e..42975ff1a07a 100644
--- a/docs/development/custom-vectors/rsa-oaep-sha2/generate_rsa_oaep_sha2.py
+++ b/docs/development/custom-vectors/rsa-oaep-sha2/generate_rsa_oaep_sha2.py
@@ -82,9 +82,8 @@ def build_vectors(mgf1alg, hashalg, filename):
                 ),
             )
             output.append(
-                "# OAEP Example {} alg={} mgf1={}".format(
-                    count, hashalg.name, mgf1alg.name
-                )
+                f"# OAEP Example {count} alg={hashalg.name} "
+                f"mgf1={mgf1alg.name}"
             )
             count += 1
             output.append("# Message:")
diff --git a/src/cryptography/hazmat/backends/openssl/backend.py b/src/cryptography/hazmat/backends/openssl/backend.py
index eaaaf783f1c5..99442cf8aa03 100644
--- a/src/cryptography/hazmat/backends/openssl/backend.py
+++ b/src/cryptography/hazmat/backends/openssl/backend.py
@@ -87,10 +87,10 @@ def __init__(self) -> None:
         self._fips_enabled = rust_openssl.is_fips_enabled()
 
     def __repr__(self) -> str:
-        return "<OpenSSLBackend(version: {}, FIPS: {}, Legacy: {})>".format(
-            self.openssl_version_text(),
-            self._fips_enabled,
-            rust_openssl._legacy_provider_loaded,
+        return (
+            f"<OpenSSLBackend(version: {self.openssl_version_text()}, "
+            f"FIPS: {self._fips_enabled}, "
+            f"Legacy: {rust_openssl._legacy_provider_loaded})>"
         )
 
     def openssl_assert(self, ok: bool) -> None:
diff --git a/src/cryptography/hazmat/bindings/openssl/binding.py b/src/cryptography/hazmat/bindings/openssl/binding.py
index f5d8cb0b7d9f..d4dfeef485d1 100644
--- a/src/cryptography/hazmat/bindings/openssl/binding.py
+++ b/src/cryptography/hazmat/bindings/openssl/binding.py
@@ -95,9 +95,8 @@ def _verify_package_version(version: str) -> None:
             "shared object. This can happen if you have multiple copies of "
             "cryptography installed in your Python path. Please try creating "
             "a new virtual environment to resolve this issue. "
-            "Loaded python version: {}, shared object version: {}".format(
-                version, so_package_version
-            )
+            f"Loaded python version: {version}, "
+            f"shared object version: {so_package_version}"
         )
 
     _openssl_assert(
diff --git a/src/cryptography/hazmat/primitives/ciphers/modes.py b/src/cryptography/hazmat/primitives/ciphers/modes.py
index 712ccd3f7945..1dd2cc1e80c3 100644
--- a/src/cryptography/hazmat/primitives/ciphers/modes.py
+++ b/src/cryptography/hazmat/primitives/ciphers/modes.py
@@ -77,12 +77,9 @@ def _check_aes_key_length(self: Mode, algorithm: CipherAlgorithm) -> None:
 def _check_iv_length(
     self: ModeWithInitializationVector, algorithm: BlockCipherAlgorithm
 ) -> None:
-    if len(self.initialization_vector) * 8 != algorithm.block_size:
-        raise ValueError(
-            "Invalid IV size ({}) for {}.".format(
-                len(self.initialization_vector), self.name
-            )
-        )
+    iv_len = len(self.initialization_vector)
+    if iv_len * 8 != algorithm.block_size:
+        raise ValueError(f"Invalid IV size ({iv_len}) for {self.name}.")
 
 
 def _check_nonce_length(
@@ -242,9 +239,8 @@ def __init__(
                 raise ValueError("min_tag_length must be >= 4")
             if len(tag) < min_tag_length:
                 raise ValueError(
-                    "Authentication tag must be {} bytes or longer.".format(
-                        min_tag_length
-                    )
+                    f"Authentication tag must be {min_tag_length} bytes or "
+                    "longer."
                 )
         self._tag = tag
         self._min_tag_length = min_tag_length
@@ -267,7 +263,6 @@ def validate_for_algorithm(self, algorithm: CipherAlgorithm) -> None:
         block_size_bytes = algorithm.block_size // 8
         if self._tag is not None and len(self._tag) > block_size_bytes:
             raise ValueError(
-                "Authentication tag cannot be more than {} bytes.".format(
-                    block_size_bytes
-                )
+                f"Authentication tag cannot be more than {block_size_bytes} "
+                "bytes."
             )
diff --git a/src/cryptography/hazmat/primitives/kdf/pbkdf2.py b/src/cryptography/hazmat/primitives/kdf/pbkdf2.py
index 623e1ca7f9eb..82689ebca4ae 100644
--- a/src/cryptography/hazmat/primitives/kdf/pbkdf2.py
+++ b/src/cryptography/hazmat/primitives/kdf/pbkdf2.py
@@ -33,9 +33,7 @@ def __init__(
 
         if not ossl.pbkdf2_hmac_supported(algorithm):
             raise UnsupportedAlgorithm(
-                "{} is not supported for PBKDF2 by this backend.".format(
-                    algorithm.name
-                ),
+                f"{algorithm.name} is not supported for PBKDF2.",
                 _Reasons.UNSUPPORTED_HASH,
             )
         self._used = False
diff --git a/src/cryptography/x509/extensions.py b/src/cryptography/x509/extensions.py
index 7dd38700e537..1842a9e2b0c6 100644
--- a/src/cryptography/x509/extensions.py
+++ b/src/cryptography/x509/extensions.py
@@ -401,8 +401,8 @@ def __init__(
 
     def __repr__(self) -> str:
         return (
-            "<AccessDescription(access_method={0.access_method}, access_locati"
-            "on={0.access_location})>".format(self)
+            f"<AccessDescription(access_method={self.access_method}, "
+            f"access_location={self.access_location})>"
         )
 
     def __eq__(self, other: object) -> bool:
@@ -456,8 +456,9 @@ def path_length(self) -> int | None:
 
     def __repr__(self) -> str:
         return (
-            "<BasicConstraints(ca={0.ca}, " "path_length={0.path_length})>"
-        ).format(self)
+            f"<BasicConstraints(ca={self.ca}, "
+            f"path_length={self.path_length})>"
+        )
 
     def __eq__(self, other: object) -> bool:
         if not isinstance(other, BasicConstraints):
@@ -876,8 +877,8 @@ def __init__(
 
     def __repr__(self) -> str:
         return (
-            "<PolicyInformation(policy_identifier={0.policy_identifier}, polic"
-            "y_qualifiers={0.policy_qualifiers})>".format(self)
+            f"<PolicyInformation(policy_identifier={self.policy_identifier}, "
+            f"policy_qualifiers={self.policy_qualifiers})>"
         )
 
     def __eq__(self, other: object) -> bool:
@@ -928,8 +929,8 @@ def __init__(
 
     def __repr__(self) -> str:
         return (
-            "<UserNotice(notice_reference={0.notice_reference}, explicit_text="
-            "{0.explicit_text!r})>".format(self)
+            f"<UserNotice(notice_reference={self.notice_reference}, "
+            f"explicit_text={self.explicit_text!r})>"
         )
 
     def __eq__(self, other: object) -> bool:
@@ -968,8 +969,8 @@ def __init__(
 
     def __repr__(self) -> str:
         return (
-            "<NoticeReference(organization={0.organization!r}, notice_numbers="
-            "{0.notice_numbers})>".format(self)
+            f"<NoticeReference(organization={self.organization!r}, "
+            f"notice_numbers={self.notice_numbers})>"
         )
 
     def __eq__(self, other: object) -> bool:
diff --git a/tests/hazmat/primitives/test_dsa.py b/tests/hazmat/primitives/test_dsa.py
index 2928a1eb9d8c..35b7f56f69e0 100644
--- a/tests/hazmat/primitives/test_dsa.py
+++ b/tests/hazmat/primitives/test_dsa.py
@@ -46,9 +46,8 @@ def _skip_if_dsa_not_supported(
 ) -> None:
     if not backend.dsa_hash_supported(algorithm):
         pytest.skip(
-            "{} does not support the provided args. p: {}, hash: {}".format(
-                backend, p.bit_length(), algorithm.name
-            )
+            f"{backend} does not support the provided args. "
+            f"p: {p.bit_length()}, hash: {algorithm.name}"
         )
 
 
diff --git a/tests/hazmat/primitives/test_ec.py b/tests/hazmat/primitives/test_ec.py
index 33b4c6d065f3..b0e29b3803e6 100644
--- a/tests/hazmat/primitives/test_ec.py
+++ b/tests/hazmat/primitives/test_ec.py
@@ -52,9 +52,8 @@ def _skip_ecdsa_vector(backend, curve: ec.EllipticCurve, hash_type):
         ec.ECDSA(hash_type()), curve
     ):
         pytest.skip(
-            "ECDSA not supported with this hash {} and curve {}.".format(
-                hash_type().name, curve.name
-            )
+            f"ECDSA not supported with this hash {hash_type().name} and "
+            f"curve {curve.name}."
         )
 
 
diff --git a/tests/hazmat/primitives/test_pkcs12.py b/tests/hazmat/primitives/test_pkcs12.py
index 2f702aaf9626..9ee3cc3fc769 100644
--- a/tests/hazmat/primitives/test_pkcs12.py
+++ b/tests/hazmat/primitives/test_pkcs12.py
@@ -954,19 +954,15 @@ def test_key_and_certificates_repr(self, backend):
         cert2 = _load_cert(
             backend, os.path.join("x509", "cryptography.io.pem")
         )
-        assert (
-            repr(
-                PKCS12KeyAndCertificates(
-                    key,
-                    PKCS12Certificate(cert, None),
-                    [PKCS12Certificate(cert2, b"name2")],
-                )
-            )
-            == "<PKCS12KeyAndCertificates(key={}, cert=<PKCS12Certificate("
-            "{}, friendly_name=None)>, additional_certs=[<PKCS12Certificate"
-            "({}, friendly_name=b'name2')>])>".format(
+        assert repr(
+            PKCS12KeyAndCertificates(
                 key,
-                cert,
-                cert2,
+                PKCS12Certificate(cert, None),
+                [PKCS12Certificate(cert2, b"name2")],
             )
+        ) == (
+            f"<PKCS12KeyAndCertificates(key={key}, "
+            f"cert=<PKCS12Certificate({cert}, friendly_name=None)>, "
+            f"additional_certs=["
+            f"<PKCS12Certificate({cert2}, friendly_name=b'name2')>])>"
         )
diff --git a/tests/wycheproof/test_rsa.py b/tests/wycheproof/test_rsa.py
index c85eb6e7a669..d3b26a2ab3ba 100644
--- a/tests/wycheproof/test_rsa.py
+++ b/tests/wycheproof/test_rsa.py
@@ -113,9 +113,8 @@ def test_rsa_pkcs1v15_signature_generation(backend, wycheproof):
             digest, hashes.SHA1
         ):
             pytest.skip(
-                "Invalid params for FIPS. key: {} bits, digest: {}".format(
-                    key.key_size, digest.name
-                )
+                f"Invalid params for FIPS. key: {key.key_size} bits, "
+                f"digest: {digest.name}"
             )
 
     sig = key.sign(