[build-system]
# These requirements must be kept sync with the requirements in
# ./.github/requirements/build-requirements.{in,txt}
requires = [
    "maturin>=1,<2",

    # Must be kept in sync with `project.dependencies`
    "cffi>=1.12; platform_python_implementation != 'PyPy'",
    # Needed because cffi imports distutils, and in Python 3.12, distutils has
    # been removed from the stdlib, but installing setuptools puts it back.
    "setuptools!=74.0.0,!=74.1.0,!=74.1.1,!=74.1.2",
]
build-backend = "maturin"

[project]
name = "cryptography"
version = "44.0.0.dev1"
authors = [
    {name = "The Python Cryptographic Authority and individual contributors", email = "cryptography-dev@python.org"}
]
description = "cryptography is a package which provides cryptographic recipes and primitives to Python developers."
readme = "README.rst"
license = {text = "Apache-2.0 OR BSD-3-Clause"}
classifiers = [
    "Development Status :: 5 - Production/Stable",
    "Intended Audience :: Developers",
    "License :: OSI Approved :: Apache Software License",
    "License :: OSI Approved :: BSD License",
    "Natural Language :: English",
    "Operating System :: MacOS :: MacOS X",
    "Operating System :: POSIX",
    "Operating System :: POSIX :: BSD",
    "Operating System :: POSIX :: Linux",
    'Operating System :: Microsoft :: Windows',
    "Programming Language :: Python",
    "Programming Language :: Python :: 3",
    "Programming Language :: Python :: 3 :: Only",
    "Programming Language :: Python :: 3.7",
    "Programming Language :: Python :: 3.8",
    "Programming Language :: Python :: 3.9",
    "Programming Language :: Python :: 3.10",
    "Programming Language :: Python :: 3.11",
    "Programming Language :: Python :: 3.12",
    "Programming Language :: Python :: 3.13",
    "Programming Language :: Python :: Implementation :: CPython",
    "Programming Language :: Python :: Implementation :: PyPy",
    "Topic :: Security :: Cryptography",
]
requires-python = ">=3.7"
dependencies = [
    # Must be kept in sync with `build-system.requires`
    "cffi>=1.12; platform_python_implementation != 'PyPy'",
]

[project.urls]
homepage = "https://github.com/pyca/cryptography"
documentation = "https://cryptography.io/"
source = "https://github.com/pyca/cryptography/"
issues = "https://github.com/pyca/cryptography/issues"
changelog = "https://cryptography.io/en/latest/changelog/"

[project.optional-dependencies]
ssh = ["bcrypt >=3.1.5"]

# All the following are used for our own testing.
nox = ["nox"]
test = [
    "cryptography_vectors",
    "pytest >=6.2.0",
    "pytest-benchmark",
    "pytest-cov",
    "pytest-xdist",
    "pretend",
    "certifi",
]
test-randomorder = ["pytest-randomly"]
docs = ["sphinx >=5.3.0", "sphinx-rtd-theme >=3.0.0rc1; python_version >= '3.8'"]
docstest = ["pyenchant >=1.6.11", "readme-renderer", "sphinxcontrib-spelling >=4.0.1"]
sdist = ["build"]
# `click` included because its needed to type check `release.py`
pep8test = ["ruff", "mypy", "check-sdist; python_version >= '3.8'", "click"]

[tool.maturin]
python-source = "src"
python-packages = ["cryptography"]
manifest-path = "src/rust/Cargo.toml"
module-name = "cryptography.hazmat.bindings._rust"
locked = true
sdist-generator = "git"
features = ["pyo3/abi3-py37"]
include = [
    "CHANGELOG.rst",
    "CONTRIBUTING.rst",
    "LICENSE",
    "LICENSE.APACHE",
    "LICENSE.BSD",

    "docs/**/*",

    "src/_cffi_src/**/*.py",
    "src/_cffi_src/**/*.c",
    "src/_cffi_src/**/*.h",

    "src/rust/**/Cargo.toml",
    "src/rust/**/Cargo.lock",
    "src/rust/**/*.rs",

    "tests/**/*.py",
]
exclude = [
    "vectors/**/*",
    "src/rust/target/**/*",
    "docs/_build/**/*",
    ".github/**/*",
    ".readthedocs.yml",
    "ci-constraints-requirements.txt",
    "mypy.ini",
]

[tool.pytest.ini_options]
addopts = "-r s --capture=no --strict-markers --benchmark-disable"
console_output_style = "progress-even-when-capture-no"
markers = [
    "skip_fips: this test is not executed in FIPS mode",
    "supported: parametrized test requiring only_if and skip_message",
]

[tool.mypy]
show_error_codes = true
check_untyped_defs = true
no_implicit_reexport = true
warn_redundant_casts = true
warn_unused_ignores = true
warn_unused_configs = true
strict_equality = true

[[tool.mypy.overrides]]
module = [
    "pretend"
]
ignore_missing_imports = true

[tool.coverage.run]
branch = true
relative_files = true
source = [
    "cryptography",
    "tests/",
]

[tool.coverage.paths]
source = [
    "src/cryptography",
    "*.nox/*/lib*/python*/site-packages/cryptography",
    "*.nox\\*\\Lib\\site-packages\\cryptography",
    "*.nox/pypy/site-packages/cryptography",
]
tests = [
    "tests/",
    "*tests\\",
]

[tool.coverage.report]
exclude_lines = [
    "@abc.abstractmethod",
    "@typing.overload",
    "if typing.TYPE_CHECKING",
]

[tool.ruff]
line-length = 79

lint.ignore = ['N818']
lint.select = ['E', 'F', 'I', 'N', 'W', 'UP', 'RUF']

[tool.ruff.lint.isort]
known-first-party = ["cryptography", "cryptography_vectors", "tests"]

[tool.check-sdist]
git-only = [
    "vectors/*",
    "release.py",
    "ci-constraints-requirements.txt",
    ".gitattributes",
    ".gitignore",
]

[tool.uv]
# These cover all Python versions, but by expressing multiple environments we
# force uv's resolver to pick the latest versions of packages for each version.
environments = ["python_version >= '3.10'", "python_version >= '3.8' and python_version < '3.10'", "python_version < '3.8'"]