diff --git a/cfssl/__init__.py b/cfssl/__init__.py
index ba8d6a5..d4b0bfa 100644
--- a/cfssl/__init__.py
+++ b/cfssl/__init__.py
@@ -2,6 +2,18 @@
# Copyright 2016 LasLabs Inc.
# License MIT (https://opensource.org/licenses/MIT).
+""" This library allows you to interact with a remote CFSSL server using Python.
+
+CFSSL is CloudFlare's open source toolkit for everything TLS/SSL. CFSSL is used by
+CloudFlare for their internal Certificate Authority infrastructure and for all of
+their TLS certificates.
+
+* `Read more on the CloudFlare blog
+ `_.
+* `View the CFSSL source
+ `_.
+"""
+
# API
from .cfssl import CFSSL
diff --git a/cfssl/cfssl.py b/cfssl/cfssl.py
index 7f6c09f..d98a761 100644
--- a/cfssl/cfssl.py
+++ b/cfssl/cfssl.py
@@ -24,12 +24,12 @@ def auth_sign(self, token, request, datetime=None, remote_address=None):
""" It provides returns a signed certificate.
Args:
- token (:obj:`str`): The authentication token.
- request (:obj:`cfssl.CertificateRequest`): Signing request document.
- datetime (:obj:`datetime.datetime`): Authentication timestamp.
- remote_address (:obj:`str`): An address used in making the request.
+ token (str): The authentication token.
+ request (CertificateRequest): Signing request document.
+ datetime (datetime.datetime): Authentication timestamp.
+ remote_address (str): An address used in making the request.
Returns:
- (:obj:`str`) A PEM-encoded certificate that has been signed by the
+ str: A PEM-encoded certificate that has been signed by the
server.
"""
data = self._clean_mapping({
@@ -45,89 +45,89 @@ def bundle(self, certificate, private_key=None,
""" It builds and returns certificate bundles.
Args:
- certificate (:obj:`str`): The PEM-encoded certificate to be bundled.
+ certificate (str): The PEM-encoded certificate to be bundled.
If the ``certificate`` parameter is present, the following four
arguments are valid:
- private_key (:obj:`str`): The PEM-encoded private key to be included with
+ private_key (str): The PEM-encoded private key to be included with
the bundle. This is valid only if the server is not running in
``keyless`` mode.
- flavor (:obj:`str`): One of ``ubiquitous``, ``force``, or ``optimal``,
+ flavor (str): One of ``ubiquitous``, ``force``, or ``optimal``,
with a default value of ``ubiquitous``. A ubiquitous bundle is
one that has a higher probability of being verified everywhere,
even by clients using outdated or unusual trust stores. Force will
cause the endpoint to use the bundle provided in the
``certificate`` parameter, and will only verify that the bundle
is a valid (verifiable) chain.
- domain (:obj:`str`): The domain name to verify as the hostname of the
+ domain (str): The domain name to verify as the hostname of the
certificate.
- ip (:obj:`str`): The IP address to verify against the certificate IP
+ ip (str): The IP address to verify against the certificate IP
SANs.
If only the ``domain`` parameter is present, the following
parameter is valid:
- ip (:obj:`str`): The IP address of the remote host; this will fetch the
+ ip (str): The IP address of the remote host; this will fetch the
certificate from the IP, and verify that it is valid for the
domain name.
Returns:
- (:obj:`dict`) Object repesenting the bundle, with the following keys:
- * bundle contains the concatenated list of PEM certificates
- forming the certificate chain; this forms the actual
- bundle. The remaining parameters are additional metadata
- supporting the bundle.
- * crl_support is true if CRL information is contained in the
- certificate.
- * crt contains the original certificate the bundle is built
- from.
- * expires contains the expiration date of the certificate.
- * hostnames contains the SAN hostnames for the certificate.
- * issuer contains the X.509 issuer information for the
- certificate.
- * key contains the private key for the certificate, if one
- was presented.
- * key_size contains the size of the key in bits for the
- certificate. It will be present even if the private key wasn't
- provided because this can be determined from the public key.
- * key_type contains a textual description of the key type,
- e.g. '2048-bit RSA'.
- * ocsp contains the OCSP URLs for the certificate, if present.
- * ocsp_support will be true if the certificate supports OCSP
- revocation checking.
- * signature contains the signature type used in the
- certificate, e.g. 'SHA1WithRSA'.
- * status contains a number of elements:
- * code is bit-encoded error code. 1st bit indicates whether
- there is a expiring certificate in the bundle. 2nd bit indicates
- whether there is a ubiquity issue with the bundle.
- * expiring_SKIs contains the SKIs (subject key identifiers)
- for any certificates that might expire soon (within 30
- days).
- * messages is a list of human-readable warnings on bundle
- ubiquity and certificate expiration. For example, an expiration
- warning can be "The expiring cert is #1 in the chain",
- indicating the leaf certificate is expiring. Ubiquity warnings
- include SHA-1 deprecation warning (if the bundle triggers
- any major browser's SHA-1 deprecation policy), SHA-2
- compatibility warning (if the bundle contains signatures using
- ECDSA SHA-2 hash algorithms, it will be rejected by Windows XP
- SP2), compatibility warning (if the bundle contains ECDSA
- certificates, it will be rejected by Windows XP, Android 2.2 and
- Android 2.3 etc) and root trust warning (if the bundle cannot be
- trusted by some major OSes or browsers).
- * rebundled indicates whether the server had to rebundle the
- certificate. The server will rebundle the uploaded
- certificate as needed; for example, if the certificate
- contains none of the required intermediates or a better set
- of intermediates was found. In this case, the server will
- mark rebundled as true.
- * untrusted_root_stores contains the names of any major
- OSes and browsers that doesn't trust the bundle. The names
- are used to construct the root trust warnings in the messages
- list
- * subject contains the X.509 subject identifier from the
- certificate.
+ dict: Object repesenting the bundle, with the following keys:
+ * bundle contains the concatenated list of PEM certificates
+ forming the certificate chain; this forms the actual
+ bundle. The remaining parameters are additional metadata
+ supporting the bundle.
+ * crl_support is true if CRL information is contained in the
+ certificate.
+ * crt contains the original certificate the bundle is built
+ from.
+ * expires contains the expiration date of the certificate.
+ * hostnames contains the SAN hostnames for the certificate.
+ * issuer contains the X.509 issuer information for the
+ certificate.
+ * key contains the private key for the certificate, if one
+ was presented.
+ * key_size contains the size of the key in bits for the
+ certificate. It will be present even if the private key wasn't
+ provided because this can be determined from the public key.
+ * key_type contains a textual description of the key type,
+ e.g. '2048-bit RSA'.
+ * ocsp contains the OCSP URLs for the certificate, if present.
+ * ocsp_support will be true if the certificate supports OCSP
+ revocation checking.
+ * signature contains the signature type used in the
+ certificate, e.g. ``SHA1WithRSA``.
+ * status contains a :type:`dict` of elements:
+ * code is bit-encoded error code. 1st bit indicates whether
+ there is a expiring certificate in the bundle. 2nd bit indicates
+ whether there is a ubiquity issue with the bundle.
+ * expiring_SKIs contains the SKIs (subject key identifiers)
+ for any certificates that might expire soon (within 30
+ days).
+ * messages is a list of human-readable warnings on bundle
+ ubiquity and certificate expiration. For example, an expiration
+ warning can be "The expiring cert is #1 in the chain",
+ indicating the leaf certificate is expiring. Ubiquity warnings
+ include SHA-1 deprecation warning (if the bundle triggers
+ any major browser's SHA-1 deprecation policy), SHA-2
+ compatibility warning (if the bundle contains signatures using
+ ECDSA SHA-2 hash algorithms, it will be rejected by Windows XP
+ SP2), compatibility warning (if the bundle contains ECDSA
+ certificates, it will be rejected by Windows XP, Android 2.2 and
+ Android 2.3 etc) and root trust warning (if the bundle cannot be
+ trusted by some major OSes or browsers).
+ * rebundled indicates whether the server had to rebundle the
+ certificate. The server will rebundle the uploaded
+ certificate as needed; for example, if the certificate
+ contains none of the required intermediates or a better set
+ of intermediates was found. In this case, the server will
+ mark rebundled as true.
+ * untrusted_root_stores contains the names of any major
+ OSes and browsers that doesn't trust the bundle. The names
+ are used to construct the root trust warnings in the messages
+ list
+ * subject contains the X.509 subject identifier from the
+ certificate.
"""
data = self._clean_mapping({
'certificate': certificate,
@@ -142,16 +142,16 @@ def info(self, label, profile=None):
""" It returns information about the CA, including the cert.
Args:
- label (:obj:`str`): A string specifying the signer.
- profile (:obj:`str`): a string specifying the signing profile for the
+ label (str): A string specifying the signer.
+ profile (str): a string specifying the signing profile for the
signer. Signing profile specifies what key usages should be
used and how long the expiry should be set.
Returns:
- (:obj:`dict`) Mapping with three keys:
- * certificate (:obj:`str`): a PEM-encoded certificate of the signer.
- * usage (:obj:`list` of :obj:`str`): Key usages from the signing
+ dict: Mapping with three keys:
+ * certificate (str): a PEM-encoded certificate of the signer.
+ * usage (list of str): Key usages from the signing
profile.
- * expiry (:obj:`str`): the expiry string from the signing profile.
+ * expiry (str): the expiry string from the signing profile.
"""
data = self._clean_mapping({
'label': label,
@@ -163,14 +163,14 @@ def init_ca(self, certificate_request, ca=None):
""" It initializes a new certificate authority.
Args:
- certificate_request (:obj:`cfssl.CertificateRequest`): The certificate
+ certificate_request (CertificateRequest): The certificate
request to use when creating the CA.
- ca (:obj:`cfssl.ConfigServer`, optional): The configuration of the
+ ca (ConfigServer, optional): The configuration of the
requested Certificate Authority.
Returns:
- (:obj:`dict`) Mapping with two keys:
- * private key (:obj:`str`): a PEM-encoded CA private key.
- * certificate (:obj:`str`): a PEM-encoded self-signed CA certificate.
+ dict: Mapping with two keys:
+ * private key (str): a PEM-encoded CA private key.
+ * certificate (str): a PEM-encoded self-signed CA certificate.
"""
csr_api = certificate_request.to_api()
data = self._clean_mapping({
@@ -186,20 +186,20 @@ def new_key(self, hosts, names, common_name=None, key=None, ca=None):
""" It generates and returns a new private key + CSR.
Args:
- hosts (:obj:`iter` of :obj:`cfssl.Host`): Subject Alternative Name(s) for the
+ hosts (tuple of Host): Subject Alternative Name(s) for the
requested certificate.
- names (:obj:`iter` of :obj:`cfssl.SubjectInfo`): The Subject Info(s) for the
+ names (tuple of SubjectInfo): The Subject Info(s) for the
requested certificate.
- CN (:obj:`str`): the common name for the certificate subject in the
+ CN (str): the common name for the certificate subject in the
requestedrequested CA certificate.
- key (:obj:`cfssl.ConfigKey`): Cipher and strength to use for certificate.
- ca (:obj:`cfssl.ConfigServer`): the CA configuration of the requested CA.
+ key (ConfigKey): Cipher and strength to use for certificate.
+ ca (ConfigServer): the CA configuration of the requested CA.
Returns:
- (:obj:`dict`) Mapping with three keys:
- * private key (:obj:`str`): a PEM-encoded CA private key.
- * certificate (:obj:`str`): a PEM-encoded self-signed CA certificate.
- * sums: (:obj:`dict`) Mapping holding both MD5 and SHA1 digests for the
- certificate request
+ dict: Mapping with three keys:
+ * private key (str): a PEM-encoded CA private key.
+ * certificate (str): a PEM-encoded self-signed CA certificate.
+ * sums (dict): Mapping holding both MD5 and SHA1 digests for
+ the certificate request
"""
data = self._clean_mapping({
'hosts': [
@@ -218,22 +218,22 @@ def new_cert(self, request, label=None, profile=None, bundle=None):
""" It generates and returns a new private key and certificate.
Args:
- request (:obj:`cfssl.CertificateRequest`): CSR to be used for
+ request (CertificateRequest): CSR to be used for
certificate creation.
- label (:obj:`str`): Specifying which signer to be appointed to sign
+ label (str): Specifying which signer to be appointed to sign
the CSR, useful when interacting with cfssl server that stands
in front of a remote multi-root CA signer.
- profile (:obj:`str`): Specifying the signing profile for the signer.
- bundle (:obj:`bool`): Specifying whether to include an "optimal"
+ profile (str): Specifying the signing profile for the signer.
+ bundle (bool): Specifying whether to include an "optimal"
certificate bundle along with the certificate.
Returns:
- (:obj:`dict`) mapping with these keys:
- * private key: a PEM-encoded private key.
- * certificate_request: a PEM-encoded certificate request.
- * certificate: a PEM-encoded certificate, signed by the server.
- * sums: a JSON object holding both MD5 and SHA1 digests for the
+ dict: mapping with these keys:
+ * private key (str): a PEM-encoded private key.
+ * certificate_request (str): a PEM-encoded certificate request.
+ * certificate (str): a PEM-encoded certificate, signed by the server.
+ * sums (dict): Holding both MD5 and SHA1 digests for the
certificate request and the certificate.
- * bundle: See the result of endpoint_bundle.txt (only included
+ * bundle (str): See the result of endpoint_bundle.txt (only included
if the bundle parameter was set).
"""
data = self._clean_mapping({
@@ -248,11 +248,11 @@ def revoke(self, serial, authority_key_id, reason):
""" It provides certificate revocation.
Args:
- serial (:obj:`str`): Specifying the serial number of a certificate.
- authority_key_id (:obj:`str`): Specifying the authority key identifier
+ serial (str): Specifying the serial number of a certificate.
+ authority_key_id (str): Specifying the authority key identifier
of the certificate to be revoked; this is used to distinguish
which private key was used to sign the certificate.
- reason (:obj:`str`): Identifying why the certificate was revoked; see,
+ reason (str): Identifying why the certificate was revoked; see,
for example, ReasonStringToCode in the ocsp package or section
4.2.1.13 of RFC 5280. The "reasons" used here are the ReasonFlag
names in said RFC.
@@ -268,25 +268,25 @@ def scan(self, host, ip=None, timeout=None, family=None, scanner=None):
""" It scans servers to determine the quality of their TLS setup.
Args:
- host (:obj:`cfssl.Host`): The host to scan.
- ip (:obj:`str`): IP Address to override DNS lookup of host.
- timeout (:obj:`str`): The amount of time allotted for the scan to complete
+ host (Host): The host to scan.
+ ip (str): IP Address to override DNS lookup of host.
+ timeout (str): The amount of time allotted for the scan to complete
(default: 1 minute).
- family (:obj:`str`): regular expression specifying scan famil(ies) to run.
- scanner (:obj:`str`): regular expression specifying scanner(s) to run.
+ family (str): regular expression specifying scan famil(ies) to run.
+ scanner (str): regular expression specifying scanner(s) to run.
Returns:
- (:obj:`dict`) Mapping with keys for each scan family. Each of these
+ dict: Mapping with keys for each scan family. Each of these
objects contains keys for each scanner run in that family
pointing to objects possibly containing the following keys:
- * grade (:obj:`str`): Describing the exit status of the scan. Can be:
+ * grade (str): Describing the exit status of the scan. Can be:
* "Good": host performing the expected state-of-the-art.
* "Warning": host with non-ideal configuration,
possibly maintaining support for legacy clients.
* "Bad": host with serious misconfiguration or vulnerability
* "Skipped": indicates that the scan was not performed for some
reason.
- * error (:obj:`str`): Any error encountered during the scan process.
- * output: (:obj:`dict`) Arbitrary data retrieved during the scan.
+ * error (str): Any error encountered during the scan process.
+ * output: (dict) Arbitrary data retrieved during the scan.
"""
data = self._clean_mapping({
'host': host.to_api(),
@@ -301,10 +301,10 @@ def scan_info(self):
""" It lists options available for scanning.
Returns:
- (:obj:`dict`) Mapping with keys for each scan family. For each family,
- there exists a `description` containing a string describing
- the family and a `scanners` object mapping each of the family's
- scanners to an object containing a `description` string.
+ dict: Mapping with keys for each scan family. For each family,
+ there exists a `description` containing a string describing
+ the family and a `scanners` object mapping each of the family's
+ scanners to an object containing a `description` string.
"""
return self.call('scaninfo')
@@ -313,22 +313,22 @@ def sign(self, certificate_request, hosts=None, subject=None,
""" It signs and returns a certificate.
Args:
- certificate_request (:obj:`str`): the CSR bytes to be signed (in PEM).
- hosts (:obj:`iter` of :obj:`cfssl.Host`): of SAN (subject alternative .names)
+ certificate_request (str): the CSR bytes to be signed (in PEM).
+ hosts (tuple of Host): of SAN (subject alternative .names)
which overrides the ones in the CSR
- subject (:obj:`str`): The certificate subject which overrides
+ subject (str): The certificate subject which overrides
the ones in the CSR.
- serial_sequence (:obj:`str`): Specify the prefix which the generated
+ serial_sequence (str): Specify the prefix which the generated
certificate serial should have.
- label (:obj:`str`): Specifying which signer to be appointed to sign
+ label (str): Specifying which signer to be appointed to sign
the CSR, useful when interacting with a remote multi-root CA
signer.
- profile (:obj:`cfssl.ConfigServer`): Specifying the signing profile for
+ profile (ConfigServer): Specifying the signing profile for
the signer, useful when interacting with a remote multi-root
CA signer.
Returns:
- (:obj:`str`) A PEM-encoded certificate that has been signed by the
- server.
+ str: A PEM-encoded certificate that has been signed by the
+ server.
"""
data = self._clean_mapping({
'certificate_request': certificate_request.to_api(),
@@ -347,16 +347,16 @@ def call(self, endpoint, method='GET', params=None, data=None):
""" It calls the remote endpoint and returns the result, if success.
Args:
- endpoint (:obj:`str`): CFSSL endpoint to call (e.g. ``newcert``).
- method (:obj:`str`): HTTP method to utilize for the Request.
+ endpoint (str): CFSSL endpoint to call (e.g. ``newcert``).
+ method (str): HTTP method to utilize for the Request.
params: (dict|bytes) Data to be sent in the query string
for the Request.
- data: (:obj:`dict`|:obj:`bytes`|:obj:`file`) Data to send in the body
+ data: (dict or bytes or file) Data to send in the body
of the Request.
Returns:
(mixed) Data contained in ``result`` key of the API response.
Raises:
- :obj:`CFSSLRemoteException`: In the event of a ``False`` in the
+ CFSSLRemoteException: In the event of a ``False`` in the
``success`` key of the API response.
"""
endpoint = '%s/api/v1/cfssl/%s' % (self.uri_base, endpoint)
diff --git a/cfssl/models/certificate_request.py b/cfssl/models/certificate_request.py
index a5f611a..caef770 100644
--- a/cfssl/models/certificate_request.py
+++ b/cfssl/models/certificate_request.py
@@ -14,13 +14,13 @@ def __init__(self, common_name, names=None, hosts=None, key=None):
""" Initialize a new CertificateRequest.
Args:
- common_name (:obj:`str`): The fully qualified domain name for the
+ common_name (str): The fully qualified domain name for the
server. This must be an exact match.
- names (:type:`iter` of :obj:`cfssl.SubjectInfo`, optional):
+ names (tuple of SubjectInfo, optional):
Subject Information to be added to the request.
- hosts (:type:`iter` of :obj:`cfssl.Host`, optional): Hosts
+ hosts (tuple of Host, optional): Hosts
to be added to the request.
- key (:obj:`cfssl.ConfigKey`, optional): Key configuration
+ key (ConfigKey, optional): Key configuration
for the request.
"""
self.common_name = common_name
diff --git a/cfssl/models/config_client.py b/cfssl/models/config_client.py
index 6a64b8f..8cd4cb4 100644
--- a/cfssl/models/config_client.py
+++ b/cfssl/models/config_client.py
@@ -13,13 +13,13 @@ def __init__(self, sign_policy_default,
""" Initialize a new Client Configuration.
Args:
- sign_policy_default (:obj:`cfssl.PolicySign`): Default signing
+ sign_policy_default (PolicySign): Default signing
policy for client to use.
- sign_policies_add (:type:`iter` of :obj:`cfssl.PolicySign`):
+ sign_policies_add (tuple of PolicySign):
Additional signing policies to use for the client.
- auth_policies (:type:`iter` of :obj:`cfssl.PolicyAuth`): Auth
+ auth_policies (tuple of PolicyAuth): Auth
policies for the client.
- remotes (:type:`iter` of :obj:`cfssl.Host`): Remote hosts that
+ remotes (tuple of Host): Remote hosts that
client trusts.
"""
super(ConfigClient, self).__init__(
diff --git a/cfssl/models/config_key.py b/cfssl/models/config_key.py
index de5ca98..469e8dd 100644
--- a/cfssl/models/config_key.py
+++ b/cfssl/models/config_key.py
@@ -13,9 +13,9 @@ def __init__(self, algorithm=DEFAULT_ALGORITHM,
""" Initialize a new Client Configuration.
Args:
- algorithm (:obj:`str`, optional): Algorithm to use for key, one of
+ algorithm (str, optional): Algorithm to use for key, one of
``rsa`` or ``ecdsa``. Defaults to ``rsa``.
- strength (:obj:`int`, optional): Key bit strength. Defaults to
+ strength (int, optional): Key bit strength. Defaults to
``4096``.
"""
self.algorithm = algorithm
diff --git a/cfssl/models/config_mixer.py b/cfssl/models/config_mixer.py
index ffff153..175e9fd 100644
--- a/cfssl/models/config_mixer.py
+++ b/cfssl/models/config_mixer.py
@@ -10,11 +10,11 @@ def __init__(self, sign_policy_default, sign_policies_add, auth_policies):
""" Initialize a new General Configuration for Server or Client.
Args:
- sign_policy_default (:obj:`cfssl.PolicySign`): Default signing
+ sign_policy_default (PolicySign): Default signing
policy for entity to use.
- sign_policies_add (:type:`iter` of :obj:`cfssl.PolicySign`):
+ sign_policies_add (tuple of PolicySign):
Additional signing policies to use for the entity.
- auth_policies (:type:`iter` of :obj:`cfssl.PolicyAuth`): Auth
+ auth_policies (tuple of PolicyAuth): Auth
policies for the entity.
"""
self.sign_policy = sign_policy_default
diff --git a/cfssl/models/host.py b/cfssl/models/host.py
index 17eabd7..42018cc 100644
--- a/cfssl/models/host.py
+++ b/cfssl/models/host.py
@@ -10,9 +10,9 @@ def __init__(self, name, host, port=None):
""" Initialize a new Client Configuration.
Args:
- name (:obj:`str`): Canonical name of host/remote.
- host (:obj:`str`): Advertised host name or IP for host.
- port (:obj:`int`, optional): Port number advertised by host, if
+ name (str): Canonical name of host/remote.
+ host (str): Advertised host name or IP for host.
+ port (int, optional): Port number advertised by host, if
any.
"""
self.name = name
diff --git a/cfssl/models/policy_auth.py b/cfssl/models/policy_auth.py
index 169fa2b..a37762d 100644
--- a/cfssl/models/policy_auth.py
+++ b/cfssl/models/policy_auth.py
@@ -10,9 +10,9 @@ def __init__(self, name, key, key_type='standard'):
""" Initialize a new Authentication Policy.
Args:
- name (:obj:`str`): Canonical name for policy.
- key (:obj:`str`): Key/password data.
- key_type (:obj:`str`): Type of key. Currently only ``standard`` is
+ name (str): Canonical name for policy.
+ key (str): Key/password data.
+ key_type (str): Type of key. Currently only ``standard`` is
supported.
"""
self.name = name
diff --git a/cfssl/models/policy_sign.py b/cfssl/models/policy_sign.py
index 119cf62..6f21808 100644
--- a/cfssl/models/policy_sign.py
+++ b/cfssl/models/policy_sign.py
@@ -13,12 +13,12 @@ def __init__(self, name, usage_policies, auth_policy,
""" Initialize a new Signing Policy.
Args:
- name (:obj:`str`): Canonical name for policy.
- usage_policies (:type:`iter` of :obj:`cfssl.PolicyUse`): Usage
+ name (str): Canonical name for policy.
+ usage_policies (tuple of PolicyUser): Usage
policies that should apply to this signing policy.
- auth_policy (:obj:`obj.PolicyAuth`): Authentication policy that
+ auth_policy (PolicyAuth): Authentication policy that
should apply to this signing policy.
- expire_delta (:obj:`datetime.timedelta`): Delta representing when
+ expire_delta (timedelta): Delta representing when
the signature should expire.
"""
self.name = name
diff --git a/cfssl/models/policy_use.py b/cfssl/models/policy_use.py
index 34cfb21..b4950b1 100644
--- a/cfssl/models/policy_use.py
+++ b/cfssl/models/policy_use.py
@@ -10,8 +10,8 @@ def __init__(self, name, code):
""" Initialize a new Use Policy.
Args:
- name (:obj:`str`): Canonical name for policy.
- code (:obj:`str`): CFSSL use code that policy applies to.
+ name (str): Canonical name for policy.
+ code (str): CFSSL use code that policy applies to.
"""
self.name = name
self.code = code
diff --git a/cfssl/models/subject_info.py b/cfssl/models/subject_info.py
index 06a3836..d5b7140 100644
--- a/cfssl/models/subject_info.py
+++ b/cfssl/models/subject_info.py
@@ -10,12 +10,12 @@ def __init__(self, org_name, org_unit, city, state, country):
""" Initialize a new Subject Information.
Args:
- org_name (:obj:`str`): The full legal name of the organization. Do
+ org_name (str): The full legal name of the organization. Do
not abbreviate.
- org_unit (:obj:`str`): Section of the organization.
- city (:obj:`str`): The city where the organization is legally
+ org_unit (str): Section of the organization.
+ city (str): The city where the organization is legally
located.
- country (:obj:`str`): The two letter ISO abbreviation for the
+ country (str): The two letter ISO abbreviation for the
country.
"""
self.org_name = org_name