update docs, test invalid x509 version

7 files changed, 29 insertions, 4 deletions

diff --git a/CHANGELOG.rst b/CHANGELOG.rst
index cf6d2252..29cee493 100644
--- a/CHANGELOG.rst
+++ b/CHANGELOG.rst
@@ -22,6 +22,8 @@ Changelog
   :func:`~cryptography.hazmat.primitives.serialization.load_ssh_public_key` to
   support the loading of OpenSSH public keys (:rfc:`4253`). Currently, only RSA
   keys are supported.
+* Added initial support for X.509 certificate parsing. See :doc:`X.509 </x509>`
+  for more information.
 
 0.6.1 - 2014-10-15
 ~~~~~~~~~~~~~~~~~~
diff --git a/docs/exceptions.rst b/docs/exceptions.rst
index 28da8ecc..b86d3eea 100644
--- a/docs/exceptions.rst
+++ b/docs/exceptions.rst
@@ -43,3 +43,8 @@ Exceptions
 
     This is raised when the verify method of a one time password function's
     computed token does not match the expected token.
+
+
+.. class:: InvalidX509Version
+
+    This is raised when an X.509 certificate has an invalid version number.
diff --git a/docs/hazmat/primitives/interfaces.rst b/docs/hazmat/primitives/interfaces.rst
index d87e8d66..71646ce9 100644
--- a/docs/hazmat/primitives/interfaces.rst
+++ b/docs/hazmat/primitives/interfaces.rst
@@ -705,7 +705,7 @@ X509
 
     .. attribute:: version
 
-        :type: X509Version
+        :type: :class:`~cryptography.x509.X509Version`
 
         The certificate version as an enumeration.
 
diff --git a/docs/x509.rst b/docs/x509.rst
index 5d18297a..2c9c0f46 100644
--- a/docs/x509.rst
+++ b/docs/x509.rst
@@ -3,7 +3,7 @@
 X.509
 =====
 
-.. currentmodule:: cryptography.hazmat.primitives.x509
+.. currentmodule:: cryptography.x509
 
 X.509 is an ITU-T standard for a `public key infrastructure`_. X.509v3 is
 defined in :rfc:`5280` (which obsoletes :rfc:`2459` and :rfc:`3280`).
diff --git a/src/cryptography/exceptions.py b/src/cryptography/exceptions.py
index b0e1a993..23edcd02 100644
--- a/src/cryptography/exceptions.py
+++ b/src/cryptography/exceptions.py
@@ -53,3 +53,7 @@ class InvalidKey(Exception):
 
 class InvalidToken(Exception):
     pass
+
+
+class InvalidX509Version(Exception):
+    pass
diff --git a/src/cryptography/hazmat/backends/openssl/x509.py b/src/cryptography/hazmat/backends/openssl/x509.py
index 0c6395f4..9f6f71d0 100644
--- a/src/cryptography/hazmat/backends/openssl/x509.py
+++ b/src/cryptography/hazmat/backends/openssl/x509.py
@@ -16,6 +16,7 @@ from __future__ import absolute_import, division, print_function
 import datetime
 
 from cryptography import utils, x509
+from cryptography.exceptions import InvalidX509Version
 from cryptography.hazmat.primitives import hashes, interfaces
 
 
@@ -60,7 +61,9 @@ class _X509Certificate(object):
         elif version == 2:
             return x509.X509Version.v3
         else:
-            raise StandardError("TODO")
+            raise InvalidX509Version(
+                "{0} is not a valid X509 version", version
+            )
 
     @property
     def serial(self):
diff --git a/tests/test_x509.py b/tests/test_x509.py
index 97102946..eac8a307 100644
--- a/tests/test_x509.py
+++ b/tests/test_x509.py
@@ -12,10 +12,11 @@ import textwrap
 import pytest
 
 from cryptography import x509
+from cryptography.exceptions import InvalidX509Version
 from cryptography.hazmat.backends.interfaces import RSABackend, X509Backend
 from cryptography.hazmat.primitives import interfaces
 
-from .hazmat.primitives.utils import load_vectors_from_file
+from .utils import load_vectors_from_file
 
 
 def _der_to_pem(data):
@@ -83,3 +84,13 @@ class TestX509Certificate(object):
         assert cert.not_before == datetime.datetime(2010, 1, 1, 8, 30)
         assert cert.not_after == datetime.datetime(2050, 1, 1, 12, 1)
         assert cert.version == x509.X509Version.v3
+
+    def test_invalid_version_cert(self, backend):
+        cert = load_vectors_from_file(
+            os.path.join("x509", "custom", "invalid_version.pem"),
+            lambda pemfile: x509.load_pem_x509_certificate(
+                pemfile.read(), backend
+            )
+        )
+        with pytest.raises(InvalidX509Version):
+            cert.version