Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / python / cryptography / b2de948b18316ac5f08b22d1ab22bdd49da9cc5f^! / .
commitb2de948b18316ac5f08b22d1ab22bdd49da9cc5f[log] [tgz]
authorPaul Kehrer <paul.l.kehrer@gmail.com>Thu Dec 11 14:54:48 2014 -0600
committerPaul Kehrer <paul.l.kehrer@gmail.com>Mon Dec 15 15:49:49 2014 -0600
tree5b882dbc9cc18af972f682ab87aa4f19a3c8035b
parent68481c3e78d08b7defdd716b72b7563fb0ee5469 [diff]
reorganize a bunch of things related to the x509certificate interface

diff --git a/docs/hazmat/primitives/interfaces.rst b/docs/hazmat/primitives/interfaces.rst
index 8e86546..2dea46d 100644
--- a/docs/hazmat/primitives/interfaces.rst
+++ b/docs/hazmat/primitives/interfaces.rst

@@ -696,58 +696,6 @@
             the provided signature does not match the expected signature.
 
 
-X509
-----
-
-.. class:: X509Certificate
-
-    .. versionadded:: 0.7
-
-    .. attribute:: version
-
-        :type: :class:`~cryptography.x509.X509Version`
-
-        The certificate version as an enumeration.
-
-    .. method:: fingerprint(algorithm)
-
-        :param algorithm: The
-            :class:`~cryptography.hazmat.primitives.interfaces.HashAlgorithm`
-            that will be used to generate the fingerprint.
-
-        :return bytes: The fingerprint using the supplied hash algorithm as
-            bytes.
-
-    .. attribute:: serial
-
-        :type: int
-
-        The serial as a Python integer.
-
-    .. method:: public_key()
-
-        :type:
-            :class:`~cryptography.hazmat.primitives.interfaces.RSAPublicKey` or
-            :class:`~cryptography.hazmat.primitives.interfaces.DSAPublicKey` or
-            :class:`~cryptography.hazmat.primitives.interfaces.EllipticCurvePublicKey`
-
-        The public key associated with the certificate.
-
-    .. attribute:: not_valid_before
-
-        :type: :class:`datetime.datetime`
-
-    A naïve datetime representing the beginning of the validity period for the
-    certificate in UTC. This value is inclusive.
-
-    .. attribute:: not_valid_after
-
-        :type: :class:`datetime.datetime`
-
-    A naïve datetime representing the end of the validity period for the
-    certificate in UTC. This value is inclusive.
-
-
 .. _`RSA`: https://en.wikipedia.org/wiki/RSA_(cryptosystem)
 .. _`Chinese remainder theorem`: https://en.wikipedia.org/wiki/Chinese_remainder_theorem
 .. _`DSA`: https://en.wikipedia.org/wiki/Digital_Signature_Algorithm

diff --git a/docs/index.rst b/docs/index.rst
index e64f567..35f80a2 100644
--- a/docs/index.rst
+++ b/docs/index.rst

@@ -62,8 +62,8 @@
 .. toctree::
     :maxdepth: 2
 
-    x509
     fernet
+    x509
     random-numbers
     exceptions
     faq

diff --git a/docs/x509.rst b/docs/x509.rst
index ba52d91..ba84f6e 100644
--- a/docs/x509.rst
+++ b/docs/x509.rst

@@ -9,8 +9,9 @@
 defined in :rfc:`5280` (which obsoletes :rfc:`2459` and :rfc:`3280`). X.509
 certificates are commonly used in protocols like `TLS`_.
 
-Loading
-~~~~~~~
+
+Loading Certificates
+~~~~~~~~~~~~~~~~~~~~
 
 .. function:: load_pem_x509_certificate(data, backend)
 
@@ -24,8 +25,7 @@
         :class:`~cryptography.hazmat.backends.interfaces.X509Backend`
         interface.
 
-    :returns: An instance of
-        :class:`~cryptography.hazmat.primitives.interfaces.X509Certificate`.
+    :returns: An instance of :class:`~cryptography.x509.X509Certificate`.
 
 .. function:: load_der_x509_certificate(data, backend)
 
@@ -39,8 +39,7 @@
         :class:`~cryptography.hazmat.backends.interfaces.X509Backend`
         interface.
 
-    :returns: An instance of
-        :class:`~cryptography.hazmat.primitives.interfaces.X509Certificate`.
+    :returns: An instance of :class:`~cryptography.x509.X509Certificate`.
 
 .. testsetup::
 
@@ -76,6 +75,58 @@
     >>> cert.serial
     2
 
+Interface
+~~~~~~~~~
+
+.. class:: X509Certificate
+
+    .. versionadded:: 0.7
+
+    .. attribute:: version
+
+        :type: :class:`~cryptography.x509.X509Version`
+
+        The certificate version as an enumeration.
+
+    .. method:: fingerprint(algorithm)
+
+        :param algorithm: The
+            :class:`~cryptography.hazmat.primitives.interfaces.HashAlgorithm`
+            that will be used to generate the fingerprint.
+
+        :return bytes: The fingerprint using the supplied hash algorithm as
+            bytes.
+
+    .. attribute:: serial
+
+        :type: int
+
+        The serial as a Python integer.
+
+    .. method:: public_key()
+
+        :type:
+            :class:`~cryptography.hazmat.primitives.interfaces.RSAPublicKey` or
+            :class:`~cryptography.hazmat.primitives.interfaces.DSAPublicKey` or
+            :class:`~cryptography.hazmat.primitives.interfaces.EllipticCurvePublicKey`
+
+        The public key associated with the certificate.
+
+    .. attribute:: not_valid_before
+
+        :type: :class:`datetime.datetime`
+
+    A naïve datetime representing the beginning of the validity period for the
+    certificate in UTC. This value is inclusive.
+
+    .. attribute:: not_valid_after
+
+        :type: :class:`datetime.datetime`
+
+    A naïve datetime representing the end of the validity period for the
+    certificate in UTC. This value is inclusive.
+
+
 Support Classes
 ~~~~~~~~~~~~~~~
 

diff --git a/src/cryptography/hazmat/backends/openssl/x509.py b/src/cryptography/hazmat/backends/openssl/x509.py
index 532785a..35313b2 100644
--- a/src/cryptography/hazmat/backends/openssl/x509.py
+++ b/src/cryptography/hazmat/backends/openssl/x509.py

@@ -16,10 +16,10 @@
 import datetime
 
 from cryptography import utils, x509
-from cryptography.hazmat.primitives import hashes, interfaces
+from cryptography.hazmat.primitives import hashes
 
 
-@utils.register_interface(interfaces.X509Certificate)
+@utils.register_interface(x509.X509Certificate)
 class _X509Certificate(object):
     def __init__(self, backend, x509):
         self._backend = backend

diff --git a/src/cryptography/x509.py b/src/cryptography/x509.py
index 191666e..ed754cb 100644
--- a/src/cryptography/x509.py
+++ b/src/cryptography/x509.py

@@ -4,8 +4,11 @@
 
 from __future__ import absolute_import, division, print_function
 
+import abc
 from enum import Enum
 
+import six
+
 
 class X509Version(Enum):
     v1 = 0
@@ -22,3 +25,42 @@
 
 class InvalidX509Version(Exception):
     pass
+
+
+@six.add_metaclass(abc.ABCMeta)
+class X509Certificate(object):
+    @abc.abstractmethod
+    def fingerprint(self, algorithm):
+        """
+        Returns bytes using digest passed.
+        """
+
+    @abc.abstractproperty
+    def serial(self):
+        """
+        Returns certificate serial number
+        """
+
+    @abc.abstractproperty
+    def version(self):
+        """
+        Returns the certificate version
+        """
+
+    @abc.abstractmethod
+    def public_key(self):
+        """
+        Returns the public key
+        """
+
+    @abc.abstractproperty
+    def not_valid_before(self):
+        """
+        Not before time (represented as UTC datetime)
+        """
+
+    @abc.abstractproperty
+    def not_valid_after(self):
+        """
+        Not after time (represented as UTC datetime)
+        """

diff --git a/tests/test_x509.py b/tests/test_x509.py
index 4fac1e5..638c7d1 100644
--- a/tests/test_x509.py
+++ b/tests/test_x509.py

@@ -39,7 +39,7 @@
             x509.load_pem_x509_certificate,
             backend
         )
-        assert isinstance(cert, interfaces.X509Certificate)
+        assert isinstance(cert, x509.X509Certificate)
 
     def test_load_der_cert(self, backend):
         cert = _load_cert(
@@ -47,7 +47,7 @@
             x509.load_der_x509_certificate,
             backend
         )
-        assert isinstance(cert, interfaces.X509Certificate)
+        assert isinstance(cert, x509.X509Certificate)
 
     def test_load_good_ca_cert(self, backend):
         cert = _load_cert(