Add top-level ServerVerifier.verify API

src/cryptography/hazmat/bindings/_rust/x509.pyi

@@ -53,6 +53,12 @@ class ServerVerifier:
     def subject(self) -> x509.verification.Subject: ...
     @property
     def validation_time(self) -> datetime.datetime: ...
+    def verify(
+        self,
+        leaf: x509.Certificate,
+        intermediates: list[x509.Certificate],
+        store: Store,
+    ) -> list[x509.Certificate]: ...
 
 class Store:
     def __init__(self, certs: list[x509.Certificate]) -> None: ...

src/rust/src/x509/verify.rs

@@ -90,6 +90,16 @@ impl PyServerVerifier {
     fn validation_time<'p>(&self, py: pyo3::Python<'p>) -> pyo3::PyResult<&'p pyo3::PyAny> {
         datetime_to_py(py, &self.as_policy().validation_time)
     }
+
+    fn verify<'p>(
+        &self,
+        _py: pyo3::Python<'p>,
+        _leaf: &PyCertificate,
+        _intermediates: &'p pyo3::types::PyList,
+        _store: &'p PyStore,
+    ) -> CryptographyResult<Vec<PyCertificate>> {
+        Err(pyo3::exceptions::PyNotImplementedError::new_err("unimplemented").into())
+    }
 }
 
 fn build_subject_owner(

tests/x509/test_verification.py

@@ -40,17 +40,13 @@ def test_subject_bad_types(self):
                 "cryptography.io"  # type: ignore[arg-type]
             )
         with pytest.raises(TypeError):
-            PolicyBuilder().build_server_verifier(
-                "0.0.0.0"  # type: ignore[arg-type]
-            )
+            PolicyBuilder().build_server_verifier("0.0.0.0")  # type: ignore[arg-type]
         with pytest.raises(TypeError):
             PolicyBuilder().build_server_verifier(
                 IPv4Address("0.0.0.0")  # type: ignore[arg-type]
             )
         with pytest.raises(TypeError):
-            PolicyBuilder().build_server_verifier(
-                None  # type: ignore[arg-type]
-            )
+            PolicyBuilder().build_server_verifier(None)  # type: ignore[arg-type]
 
     def test_builder_pattern(self):
         now = datetime.datetime.now().replace(microsecond=0)
@@ -78,3 +74,16 @@ def test_store_initializes(self):
             x509.load_pem_x509_certificate,
         )
         assert Store([cert]) is not None
+
+
+class TestServerVerifier:
+    def test_not_implemented(self):
+        verifier = PolicyBuilder().build_server_verifier(
+            DNSName("cryptography.io")
+        )
+        cert = _load_cert(
+            os.path.join("x509", "cryptography.io.pem"),
+            x509.load_pem_x509_certificate,
+        )
+        with pytest.raises(NotImplementedError):
+            verifier.verify(cert, [], Store([cert]))