Add sign_x509_certificate to MultiBackend Add example of CertificateBuilder to the reference documentation

commit: 1517a4bb9f349747bb8d13f7724864c3927e47f4 [log] [tgz]
author: Ian Cordasco <graffatcolmingov@gmail.com> Sun Aug 02 22:11:19 2015 -0500
committer: Ian Cordasco <graffatcolmingov@gmail.com> Sun Aug 02 22:36:17 2015 -0500
tree: 06bc3e2d96f38a3230151b2187566d3441ef4a23
parent: 17c8900f0b38052d16864de493bd1d409cc94180 [diff]
diff --git a/docs/x509/reference.rst b/docs/x509/reference.rst
index 26ac295..1dd466e 100644
--- a/docs/x509/reference.rst
+++ b/docs/x509/reference.rst

@@ -393,6 +393,48 @@
 
 .. class:: CertificateBuilder
 
+    .. versionadded:: 1.0
+
+    .. doctest::
+
+        >>> from cryptography import x509
+        >>> from cryptography.hazmat.backends import default_backend
+        >>> from cryptography.hazmat.primitives import hashes
+        >>> from cryptography.hazmat.primitives.asymmetric import rsa
+        >>> import datetime
+        >>> import uuid
+        >>> one_day = datetime.timedelta(1, 0, 0)
+        >>> private_key = rsa.generate_private_key(
+        ...     public_exponent=65537,
+        ...     key_size=2048,
+        ...     backend=default_backend()
+        ... )
+        >>> public_key = rsa.generate_private_key(
+        ...     public_exponent=65537,
+        ...     key_size=2048,
+        ...     backend=default_backend()
+        ... ).public_key()
+        >>> builder = x509.CertificateBuilder()
+        >>> builder = builder.subject_name(x509.Name([
+        ...     x509.NameAttribute(x509.OID_COMMON_NAME, u'cryptography.io'),
+        ... ]))
+        >>> builder = builder.issuer_name(x509.Name([
+        ...     x509.NameAttribute(x509.OID_COMMON_NAME, u'cryptography.io'),
+        ... ]))
+        >>> builder = builder.not_valid_before(datetime.datetime.today() - one_day)
+        >>> builder = builder.not_valid_after(datetime.datetime(2018, 8, 2))
+        >>> builder = builder.serial_number(int(uuid.uuid4()))
+        >>> builder = builder.public_key(public_key)
+        >>> builder = builder.add_extension(
+        ...     x509.BasicConstraints(ca=False, path_length=None), critical=True,
+        ... )
+        >>> certificate = builder.sign(
+        ...     private_key=private_key, algorithm=hashes.SHA256(),
+        ...     backend=default_backend()
+        ... )
+        >>> isinstance(certificate, x509.Certificate)
+        True
+
     .. method:: issuer_name(name)
 
         Sets the issuer's distinguished name.

diff --git a/src/cryptography/hazmat/backends/multibackend.py b/src/cryptography/hazmat/backends/multibackend.py
index 6e911fd..8008989 100644
--- a/src/cryptography/hazmat/backends/multibackend.py
+++ b/src/cryptography/hazmat/backends/multibackend.py

@@ -351,3 +351,12 @@
             "This backend does not support X.509.",
             _Reasons.UNSUPPORTED_X509
         )
+
+    def sign_x509_certificate(self, builder, private_key, algorithm):
+        for b in self._filtered_backends(X509Backend):
+            return b.sign_x509_certificate(builder, private_key, algorithm)
+
+        raise UnsupportedAlgorithm(
+            "This backend does not support X.509.",
+            _Reasons.UNSUPPORTED_X509
+        )
commit	1517a4bb9f349747bb8d13f7724864c3927e47f4	[log] [tgz]
author	Ian Cordasco <graffatcolmingov@gmail.com>	Sun Aug 02 22:11:19 2015 -0500
committer	Ian Cordasco <graffatcolmingov@gmail.com>	Sun Aug 02 22:36:17 2015 -0500
tree	06bc3e2d96f38a3230151b2187566d3441ef4a23
parent	17c8900f0b38052d16864de493bd1d409cc94180 [diff]