From 971a7a21eba54673af285def42bd55b83d92031f Mon Sep 17 00:00:00 2001
From: Bob Halley <halley@dnspython.org>
Date: Tue, 15 Oct 2024 18:04:29 -0700
Subject: [PATCH] pyright lint for dnssecalgs

---
 dns/dnssecalgs/__init__.py     |  3 +++
 dns/dnssecalgs/cryptography.py |  2 +-
 dns/dnssecalgs/dsa.py          |  4 +++-
 dns/dnssecalgs/ecdsa.py        | 11 +++++++----
 dns/dnssecalgs/eddsa.py        |  2 +-
 dns/dnssecalgs/rsa.py          |  4 +++-
 pyproject.toml                 |  1 -
 7 files changed, 18 insertions(+), 9 deletions(-)

diff --git a/dns/dnssecalgs/__init__.py b/dns/dnssecalgs/__init__.py
index 602367e3..780c0fdf 100644
--- a/dns/dnssecalgs/__init__.py
+++ b/dns/dnssecalgs/__init__.py
@@ -1,11 +1,14 @@
 from typing import Dict, Optional, Tuple, Type, Union
 
+import dns._features
 import dns.name
 from dns.dnssecalgs.base import GenericPrivateKey
 from dns.dnssectypes import Algorithm
 from dns.exception import UnsupportedAlgorithm
 from dns.rdtypes.ANY.DNSKEY import DNSKEY
 
+# pyright: reportPossiblyUnboundVariable=false
+
 if dns._features.have("dnssec"):
     from dns.dnssecalgs.dsa import PrivateDSA, PrivateDSANSEC3SHA1
     from dns.dnssecalgs.ecdsa import PrivateECDSAP256SHA256, PrivateECDSAP384SHA384
diff --git a/dns/dnssecalgs/cryptography.py b/dns/dnssecalgs/cryptography.py
index 5a31a812..6fbeb1a4 100644
--- a/dns/dnssecalgs/cryptography.py
+++ b/dns/dnssecalgs/cryptography.py
@@ -34,7 +34,7 @@ class CryptographyPublicKey(GenericPublicKey):
 class CryptographyPrivateKey(GenericPrivateKey):
     key: Any = None
     key_cls: Any = None
-    public_cls: Type[CryptographyPublicKey]
+    public_cls: Type[CryptographyPublicKey]  # pyright: ignore
 
     def __init__(self, key: Any) -> None:  # pylint: disable=super-init-not-called
         if self.key_cls is None:
diff --git a/dns/dnssecalgs/dsa.py b/dns/dnssecalgs/dsa.py
index adca3def..a4eb9879 100644
--- a/dns/dnssecalgs/dsa.py
+++ b/dns/dnssecalgs/dsa.py
@@ -78,7 +78,9 @@ class PrivateDSA(CryptographyPrivateKey):
         public_dsa_key = self.key.public_key()
         if public_dsa_key.key_size > 1024:
             raise ValueError("DSA key size overflow")
-        der_signature = self.key.sign(data, self.public_cls.chosen_hash)
+        der_signature = self.key.sign(
+            data, self.public_cls.chosen_hash  # pyright: ignore
+        )
         dsa_r, dsa_s = utils.decode_dss_signature(der_signature)
         dsa_t = (public_dsa_key.key_size // 8 - 64) // 8
         octets = 20
diff --git a/dns/dnssecalgs/ecdsa.py b/dns/dnssecalgs/ecdsa.py
index 86d5764c..e3f3f061 100644
--- a/dns/dnssecalgs/ecdsa.py
+++ b/dns/dnssecalgs/ecdsa.py
@@ -55,13 +55,16 @@ class PrivateECDSA(CryptographyPrivateKey):
     ) -> bytes:
         """Sign using a private key per RFC 6605, section 4."""
         algorithm = ec.ECDSA(
-            self.public_cls.chosen_hash, deterministic_signing=deterministic
+            self.public_cls.chosen_hash,  # pyright: ignore
+            deterministic_signing=deterministic,
         )
         der_signature = self.key.sign(data, algorithm)
         dsa_r, dsa_s = utils.decode_dss_signature(der_signature)
         signature = int.to_bytes(
-            dsa_r, length=self.public_cls.octets, byteorder="big"
-        ) + int.to_bytes(dsa_s, length=self.public_cls.octets, byteorder="big")
+            dsa_r, length=self.public_cls.octets, byteorder="big"  # pyright: ignore
+        ) + int.to_bytes(
+            dsa_s, length=self.public_cls.octets, byteorder="big"  # pyright: ignore
+        )
         if verify:
             self.public_key().verify(signature, data)
         return signature
@@ -70,7 +73,7 @@ class PrivateECDSA(CryptographyPrivateKey):
     def generate(cls) -> "PrivateECDSA":
         return cls(
             key=ec.generate_private_key(
-                curve=cls.public_cls.curve, backend=default_backend()
+                curve=cls.public_cls.curve, backend=default_backend()  # pyright: ignore
             ),
         )
 
diff --git a/dns/dnssecalgs/eddsa.py b/dns/dnssecalgs/eddsa.py
index 604bcbfe..1cbb4079 100644
--- a/dns/dnssecalgs/eddsa.py
+++ b/dns/dnssecalgs/eddsa.py
@@ -27,7 +27,7 @@ class PublicEDDSA(CryptographyPublicKey):
 
 
 class PrivateEDDSA(CryptographyPrivateKey):
-    public_cls: Type[PublicEDDSA]
+    public_cls: Type[PublicEDDSA]  # pyright: ignore
 
     def sign(
         self,
diff --git a/dns/dnssecalgs/rsa.py b/dns/dnssecalgs/rsa.py
index 27537aad..de9160bb 100644
--- a/dns/dnssecalgs/rsa.py
+++ b/dns/dnssecalgs/rsa.py
@@ -63,7 +63,9 @@ class PrivateRSA(CryptographyPrivateKey):
         deterministic: bool = True,
     ) -> bytes:
         """Sign using a private key per RFC 3110, section 3."""
-        signature = self.key.sign(data, padding.PKCS1v15(), self.public_cls.chosen_hash)
+        signature = self.key.sign(
+            data, padding.PKCS1v15(), self.public_cls.chosen_hash  # pyright: ignore
+        )
         if verify:
             self.public_key().verify(signature, data)
         return signature
diff --git a/pyproject.toml b/pyproject.toml
index 6cf4ecec..2c78aad0 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -121,7 +121,6 @@ ignore_missing_imports = true
 reportUnsupportedDunderAll = false
 exclude = [
     "dns/_*_backend.py",
-    "dns/dnssecalgs/*.py",
     "dns/quic/*.py",
     "examples/*.py",
     "tests/*.py",
-- 
2.47.3