update docs, test invalid x509 version
diff --git a/CHANGELOG.rst b/CHANGELOG.rst
index cf6d225..29cee49 100644
--- a/CHANGELOG.rst
+++ b/CHANGELOG.rst
@@ -22,6 +22,8 @@
:func:`~cryptography.hazmat.primitives.serialization.load_ssh_public_key` to
support the loading of OpenSSH public keys (:rfc:`4253`). Currently, only RSA
keys are supported.
+* Added initial support for X.509 certificate parsing. See :doc:`X.509 </x509>`
+ for more information.
0.6.1 - 2014-10-15
~~~~~~~~~~~~~~~~~~
diff --git a/docs/exceptions.rst b/docs/exceptions.rst
index 28da8ec..b86d3ee 100644
--- a/docs/exceptions.rst
+++ b/docs/exceptions.rst
@@ -43,3 +43,8 @@
This is raised when the verify method of a one time password function's
computed token does not match the expected token.
+
+
+.. class:: InvalidX509Version
+
+ This is raised when an X.509 certificate has an invalid version number.
diff --git a/docs/hazmat/primitives/interfaces.rst b/docs/hazmat/primitives/interfaces.rst
index d87e8d6..71646ce 100644
--- a/docs/hazmat/primitives/interfaces.rst
+++ b/docs/hazmat/primitives/interfaces.rst
@@ -705,7 +705,7 @@
.. attribute:: version
- :type: X509Version
+ :type: :class:`~cryptography.x509.X509Version`
The certificate version as an enumeration.
diff --git a/docs/x509.rst b/docs/x509.rst
index 5d18297..2c9c0f4 100644
--- a/docs/x509.rst
+++ b/docs/x509.rst
@@ -3,7 +3,7 @@
X.509
=====
-.. currentmodule:: cryptography.hazmat.primitives.x509
+.. currentmodule:: cryptography.x509
X.509 is an ITU-T standard for a `public key infrastructure`_. X.509v3 is
defined in :rfc:`5280` (which obsoletes :rfc:`2459` and :rfc:`3280`).
diff --git a/src/cryptography/exceptions.py b/src/cryptography/exceptions.py
index b0e1a99..23edcd0 100644
--- a/src/cryptography/exceptions.py
+++ b/src/cryptography/exceptions.py
@@ -53,3 +53,7 @@
class InvalidToken(Exception):
pass
+
+
+class InvalidX509Version(Exception):
+ pass
diff --git a/src/cryptography/hazmat/backends/openssl/x509.py b/src/cryptography/hazmat/backends/openssl/x509.py
index 0c6395f..9f6f71d 100644
--- a/src/cryptography/hazmat/backends/openssl/x509.py
+++ b/src/cryptography/hazmat/backends/openssl/x509.py
@@ -16,6 +16,7 @@
import datetime
from cryptography import utils, x509
+from cryptography.exceptions import InvalidX509Version
from cryptography.hazmat.primitives import hashes, interfaces
@@ -60,7 +61,9 @@
elif version == 2:
return x509.X509Version.v3
else:
- raise StandardError("TODO")
+ raise InvalidX509Version(
+ "{0} is not a valid X509 version", version
+ )
@property
def serial(self):
diff --git a/tests/test_x509.py b/tests/test_x509.py
index 9710294..eac8a30 100644
--- a/tests/test_x509.py
+++ b/tests/test_x509.py
@@ -12,10 +12,11 @@
import pytest
from cryptography import x509
+from cryptography.exceptions import InvalidX509Version
from cryptography.hazmat.backends.interfaces import RSABackend, X509Backend
from cryptography.hazmat.primitives import interfaces
-from .hazmat.primitives.utils import load_vectors_from_file
+from .utils import load_vectors_from_file
def _der_to_pem(data):
@@ -83,3 +84,13 @@
assert cert.not_before == datetime.datetime(2010, 1, 1, 8, 30)
assert cert.not_after == datetime.datetime(2050, 1, 1, 12, 1)
assert cert.version == x509.X509Version.v3
+
+ def test_invalid_version_cert(self, backend):
+ cert = load_vectors_from_file(
+ os.path.join("x509", "custom", "invalid_version.pem"),
+ lambda pemfile: x509.load_pem_x509_certificate(
+ pemfile.read(), backend
+ )
+ )
+ with pytest.raises(InvalidX509Version):
+ cert.version