Description
ref Method Chining
The documentation for Creating a self-signed certificate has the example:
cert = x509.CertificateBuilder().subject_name(
subject
).issuer_name(
issuer
).public_key(
key.public_key()
).serial_nuber(
x509.random_serial_number()
...
).sign(key, hashes.SHA256())
which sure looks a lot like method chaining where each call returns self. When I read the documentation, for the individual functions, such as CertificateBuilder.subnect_name()
Sets the subject’s distinguished name.
Parameters:
name – The [Name](https://cryptography.io/en/latest/x509/reference/#cryptography.x509.Name) that describes the subject.
the documentation states that the method will set the name, again consistent with method chaining.
However, when I try to invoke this code using the method chaining's alternative form:
cert_builder = x509.CertificateBuilder()
cert_builder.subject_name(subject)
things don't work. It turns out that, rather than setting the existing builder, each of the above calls return a new instance of the builder. Which means that:
cert_builder = x509.CertificateBuilder()
cert_builder = cert_builder.subject_name(subject)
...
must be used.
The only hint I've seen of this is in CertificateBuilder reference documentation which uses the above; but without explanation.