move AuthorityInformationAccess, BasicConstraints, & CRLDistributionPoints

3 files changed, 241 insertions, 239 deletions

diff --git a/src/cryptography/x509/__init__.py b/src/cryptography/x509/__init__.py
index 389d737b..0beff1f8 100644
--- a/src/cryptography/x509/__init__.py
+++ b/src/cryptography/x509/__init__.py
@@ -5,21 +5,21 @@
 from __future__ import absolute_import, division, print_function
 
 from cryptography.x509.base import (
-    AccessDescription, AuthorityInformationAccess,
-    BasicConstraints, CRLDistributionPoints, Certificate, CertificateBuilder,
+    Certificate, CertificateBuilder,
     CertificatePolicies, CertificateRevocationList, CertificateSigningRequest,
-    CertificateSigningRequestBuilder, DistributionPoint,
+    CertificateSigningRequestBuilder,
     DuplicateExtension, ExtendedKeyUsage, Extension, ExtensionNotFound,
     ExtensionType, Extensions, GeneralNames, InhibitAnyPolicy,
     InvalidVersion, IssuerAlternativeName, KeyUsage, NameConstraints,
     NoticeReference, OCSPNoCheck, ObjectIdentifier,
-    PolicyInformation, ReasonFlags,
-    RevokedCertificate, SubjectAlternativeName,
+    PolicyInformation, RevokedCertificate, SubjectAlternativeName,
     UnsupportedExtension, UserNotice, Version, load_der_x509_certificate,
     load_der_x509_csr, load_pem_x509_certificate, load_pem_x509_csr,
 )
 from cryptography.x509.extensions import (
-    AuthorityKeyIdentifier, SubjectKeyIdentifier
+    AccessDescription, AuthorityInformationAccess,
+    AuthorityKeyIdentifier, BasicConstraints, CRLDistributionPoints,
+    DistributionPoint, ReasonFlags, SubjectKeyIdentifier
 )
 from cryptography.x509.general_name import (
     DNSName, DirectoryName, GeneralName, IPAddress, OtherName, RFC822Name,
diff --git a/src/cryptography/x509/base.py b/src/cryptography/x509/base.py
index b906c7a8..7e755de0 100644
--- a/src/cryptography/x509/base.py
+++ b/src/cryptography/x509/base.py
@@ -16,7 +16,7 @@ from cryptography.hazmat.primitives.asymmetric import dsa, ec, rsa
 from cryptography.x509.general_name import GeneralName, IPAddress, OtherName
 from cryptography.x509.name import Name
 from cryptography.x509.oid import (
-    AuthorityInformationAccessOID, ExtensionOID, ObjectIdentifier
+    ExtensionOID, ObjectIdentifier
 )
 
 
@@ -168,45 +168,6 @@ class OCSPNoCheck(object):
 
 
 @utils.register_interface(ExtensionType)
-class BasicConstraints(object):
-    oid = ExtensionOID.BASIC_CONSTRAINTS
-
-    def __init__(self, ca, path_length):
-        if not isinstance(ca, bool):
-            raise TypeError("ca must be a boolean value")
-
-        if path_length is not None and not ca:
-            raise ValueError("path_length must be None when ca is False")
-
-        if (
-            path_length is not None and
-            (not isinstance(path_length, six.integer_types) or path_length < 0)
-        ):
-            raise TypeError(
-                "path_length must be a non-negative integer or None"
-            )
-
-        self._ca = ca
-        self._path_length = path_length
-
-    ca = utils.read_only_property("_ca")
-    path_length = utils.read_only_property("_path_length")
-
-    def __repr__(self):
-        return ("<BasicConstraints(ca={0.ca}, "
-                "path_length={0.path_length})>").format(self)
-
-    def __eq__(self, other):
-        if not isinstance(other, BasicConstraints):
-            return NotImplemented
-
-        return self.ca == other.ca and self.path_length == other.path_length
-
-    def __ne__(self, other):
-        return not self == other
-
-
-@utils.register_interface(ExtensionType)
 class KeyUsage(object):
     oid = ExtensionOID.KEY_USAGE
 
@@ -293,74 +254,6 @@ class KeyUsage(object):
 
 
 @utils.register_interface(ExtensionType)
-class AuthorityInformationAccess(object):
-    oid = ExtensionOID.AUTHORITY_INFORMATION_ACCESS
-
-    def __init__(self, descriptions):
-        if not all(isinstance(x, AccessDescription) for x in descriptions):
-            raise TypeError(
-                "Every item in the descriptions list must be an "
-                "AccessDescription"
-            )
-
-        self._descriptions = descriptions
-
-    def __iter__(self):
-        return iter(self._descriptions)
-
-    def __len__(self):
-        return len(self._descriptions)
-
-    def __repr__(self):
-        return "<AuthorityInformationAccess({0})>".format(self._descriptions)
-
-    def __eq__(self, other):
-        if not isinstance(other, AuthorityInformationAccess):
-            return NotImplemented
-
-        return self._descriptions == other._descriptions
-
-    def __ne__(self, other):
-        return not self == other
-
-
-class AccessDescription(object):
-    def __init__(self, access_method, access_location):
-        if not (access_method == AuthorityInformationAccessOID.OCSP or
-                access_method == AuthorityInformationAccessOID.CA_ISSUERS):
-            raise ValueError(
-                "access_method must be OID_OCSP or OID_CA_ISSUERS"
-            )
-
-        if not isinstance(access_location, GeneralName):
-            raise TypeError("access_location must be a GeneralName")
-
-        self._access_method = access_method
-        self._access_location = access_location
-
-    def __repr__(self):
-        return (
-            "<AccessDescription(access_method={0.access_method}, access_locati"
-            "on={0.access_location})>".format(self)
-        )
-
-    def __eq__(self, other):
-        if not isinstance(other, AccessDescription):
-            return NotImplemented
-
-        return (
-            self.access_method == other.access_method and
-            self.access_location == other.access_location
-        )
-
-    def __ne__(self, other):
-        return not self == other
-
-    access_method = utils.read_only_property("_access_method")
-    access_location = utils.read_only_property("_access_location")
-
-
-@utils.register_interface(ExtensionType)
 class CertificatePolicies(object):
     oid = ExtensionOID.CERTIFICATE_POLICIES
 
@@ -568,130 +461,6 @@ class NameConstraints(object):
 
 
 @utils.register_interface(ExtensionType)
-class CRLDistributionPoints(object):
-    oid = ExtensionOID.CRL_DISTRIBUTION_POINTS
-
-    def __init__(self, distribution_points):
-        if not all(
-            isinstance(x, DistributionPoint) for x in distribution_points
-        ):
-            raise TypeError(
-                "distribution_points must be a list of DistributionPoint "
-                "objects"
-            )
-
-        self._distribution_points = distribution_points
-
-    def __iter__(self):
-        return iter(self._distribution_points)
-
-    def __len__(self):
-        return len(self._distribution_points)
-
-    def __repr__(self):
-        return "<CRLDistributionPoints({0})>".format(self._distribution_points)
-
-    def __eq__(self, other):
-        if not isinstance(other, CRLDistributionPoints):
-            return NotImplemented
-
-        return self._distribution_points == other._distribution_points
-
-    def __ne__(self, other):
-        return not self == other
-
-
-class DistributionPoint(object):
-    def __init__(self, full_name, relative_name, reasons, crl_issuer):
-        if full_name and relative_name:
-            raise ValueError(
-                "You cannot provide both full_name and relative_name, at "
-                "least one must be None."
-            )
-
-        if full_name and not all(
-            isinstance(x, GeneralName) for x in full_name
-        ):
-            raise TypeError(
-                "full_name must be a list of GeneralName objects"
-            )
-
-        if relative_name and not isinstance(relative_name, Name):
-            raise TypeError("relative_name must be a Name")
-
-        if crl_issuer and not all(
-            isinstance(x, GeneralName) for x in crl_issuer
-        ):
-            raise TypeError(
-                "crl_issuer must be None or a list of general names"
-            )
-
-        if reasons and (not isinstance(reasons, frozenset) or not all(
-            isinstance(x, ReasonFlags) for x in reasons
-        )):
-            raise TypeError("reasons must be None or frozenset of ReasonFlags")
-
-        if reasons and (
-            ReasonFlags.unspecified in reasons or
-            ReasonFlags.remove_from_crl in reasons
-        ):
-            raise ValueError(
-                "unspecified and remove_from_crl are not valid reasons in a "
-                "DistributionPoint"
-            )
-
-        if reasons and not crl_issuer and not (full_name or relative_name):
-            raise ValueError(
-                "You must supply crl_issuer, full_name, or relative_name when "
-                "reasons is not None"
-            )
-
-        self._full_name = full_name
-        self._relative_name = relative_name
-        self._reasons = reasons
-        self._crl_issuer = crl_issuer
-
-    def __repr__(self):
-        return (
-            "<DistributionPoint(full_name={0.full_name}, relative_name={0.rela"
-            "tive_name}, reasons={0.reasons}, crl_issuer={0.crl_is"
-            "suer})>".format(self)
-        )
-
-    def __eq__(self, other):
-        if not isinstance(other, DistributionPoint):
-            return NotImplemented
-
-        return (
-            self.full_name == other.full_name and
-            self.relative_name == other.relative_name and
-            self.reasons == other.reasons and
-            self.crl_issuer == other.crl_issuer
-        )
-
-    def __ne__(self, other):
-        return not self == other
-
-    full_name = utils.read_only_property("_full_name")
-    relative_name = utils.read_only_property("_relative_name")
-    reasons = utils.read_only_property("_reasons")
-    crl_issuer = utils.read_only_property("_crl_issuer")
-
-
-class ReasonFlags(Enum):
-    unspecified = "unspecified"
-    key_compromise = "keyCompromise"
-    ca_compromise = "cACompromise"
-    affiliation_changed = "affiliationChanged"
-    superseded = "superseded"
-    cessation_of_operation = "cessationOfOperation"
-    certificate_hold = "certificateHold"
-    privilege_withdrawn = "privilegeWithdrawn"
-    aa_compromise = "aACompromise"
-    remove_from_crl = "removeFromCRL"
-
-
-@utils.register_interface(ExtensionType)
 class InhibitAnyPolicy(object):
     oid = ExtensionOID.INHIBIT_ANY_POLICY
 
diff --git a/src/cryptography/x509/extensions.py b/src/cryptography/x509/extensions.py
index 38175531..eef9f11a 100644
--- a/src/cryptography/x509/extensions.py
+++ b/src/cryptography/x509/extensions.py
@@ -5,6 +5,7 @@
 from __future__ import absolute_import, division, print_function
 
 import hashlib
+from enum import Enum
 
 from pyasn1.codec.der import decoder
 from pyasn1.type import namedtype, univ
@@ -15,8 +16,9 @@ from cryptography import utils
 from cryptography.hazmat.primitives import serialization
 from cryptography.x509.base import ExtensionType
 from cryptography.x509.general_name import GeneralName
+from cryptography.x509.name import Name
 from cryptography.x509.oid import (
-    ExtensionOID
+    AuthorityInformationAccessOID, ExtensionOID
 )
 
 
@@ -142,3 +144,234 @@ class SubjectKeyIdentifier(object):
 
     def __ne__(self, other):
         return not self == other
+
+
+@utils.register_interface(ExtensionType)
+class AuthorityInformationAccess(object):
+    oid = ExtensionOID.AUTHORITY_INFORMATION_ACCESS
+
+    def __init__(self, descriptions):
+        if not all(isinstance(x, AccessDescription) for x in descriptions):
+            raise TypeError(
+                "Every item in the descriptions list must be an "
+                "AccessDescription"
+            )
+
+        self._descriptions = descriptions
+
+    def __iter__(self):
+        return iter(self._descriptions)
+
+    def __len__(self):
+        return len(self._descriptions)
+
+    def __repr__(self):
+        return "<AuthorityInformationAccess({0})>".format(self._descriptions)
+
+    def __eq__(self, other):
+        if not isinstance(other, AuthorityInformationAccess):
+            return NotImplemented
+
+        return self._descriptions == other._descriptions
+
+    def __ne__(self, other):
+        return not self == other
+
+
+class AccessDescription(object):
+    def __init__(self, access_method, access_location):
+        if not (access_method == AuthorityInformationAccessOID.OCSP or
+                access_method == AuthorityInformationAccessOID.CA_ISSUERS):
+            raise ValueError(
+                "access_method must be OID_OCSP or OID_CA_ISSUERS"
+            )
+
+        if not isinstance(access_location, GeneralName):
+            raise TypeError("access_location must be a GeneralName")
+
+        self._access_method = access_method
+        self._access_location = access_location
+
+    def __repr__(self):
+        return (
+            "<AccessDescription(access_method={0.access_method}, access_locati"
+            "on={0.access_location})>".format(self)
+        )
+
+    def __eq__(self, other):
+        if not isinstance(other, AccessDescription):
+            return NotImplemented
+
+        return (
+            self.access_method == other.access_method and
+            self.access_location == other.access_location
+        )
+
+    def __ne__(self, other):
+        return not self == other
+
+    access_method = utils.read_only_property("_access_method")
+    access_location = utils.read_only_property("_access_location")
+
+
+@utils.register_interface(ExtensionType)
+class BasicConstraints(object):
+    oid = ExtensionOID.BASIC_CONSTRAINTS
+
+    def __init__(self, ca, path_length):
+        if not isinstance(ca, bool):
+            raise TypeError("ca must be a boolean value")
+
+        if path_length is not None and not ca:
+            raise ValueError("path_length must be None when ca is False")
+
+        if (
+            path_length is not None and
+            (not isinstance(path_length, six.integer_types) or path_length < 0)
+        ):
+            raise TypeError(
+                "path_length must be a non-negative integer or None"
+            )
+
+        self._ca = ca
+        self._path_length = path_length
+
+    ca = utils.read_only_property("_ca")
+    path_length = utils.read_only_property("_path_length")
+
+    def __repr__(self):
+        return ("<BasicConstraints(ca={0.ca}, "
+                "path_length={0.path_length})>").format(self)
+
+    def __eq__(self, other):
+        if not isinstance(other, BasicConstraints):
+            return NotImplemented
+
+        return self.ca == other.ca and self.path_length == other.path_length
+
+    def __ne__(self, other):
+        return not self == other
+
+
+@utils.register_interface(ExtensionType)
+class CRLDistributionPoints(object):
+    oid = ExtensionOID.CRL_DISTRIBUTION_POINTS
+
+    def __init__(self, distribution_points):
+        if not all(
+            isinstance(x, DistributionPoint) for x in distribution_points
+        ):
+            raise TypeError(
+                "distribution_points must be a list of DistributionPoint "
+                "objects"
+            )
+
+        self._distribution_points = distribution_points
+
+    def __iter__(self):
+        return iter(self._distribution_points)
+
+    def __len__(self):
+        return len(self._distribution_points)
+
+    def __repr__(self):
+        return "<CRLDistributionPoints({0})>".format(self._distribution_points)
+
+    def __eq__(self, other):
+        if not isinstance(other, CRLDistributionPoints):
+            return NotImplemented
+
+        return self._distribution_points == other._distribution_points
+
+    def __ne__(self, other):
+        return not self == other
+
+
+class DistributionPoint(object):
+    def __init__(self, full_name, relative_name, reasons, crl_issuer):
+        if full_name and relative_name:
+            raise ValueError(
+                "You cannot provide both full_name and relative_name, at "
+                "least one must be None."
+            )
+
+        if full_name and not all(
+            isinstance(x, GeneralName) for x in full_name
+        ):
+            raise TypeError(
+                "full_name must be a list of GeneralName objects"
+            )
+
+        if relative_name and not isinstance(relative_name, Name):
+            raise TypeError("relative_name must be a Name")
+
+        if crl_issuer and not all(
+            isinstance(x, GeneralName) for x in crl_issuer
+        ):
+            raise TypeError(
+                "crl_issuer must be None or a list of general names"
+            )
+
+        if reasons and (not isinstance(reasons, frozenset) or not all(
+            isinstance(x, ReasonFlags) for x in reasons
+        )):
+            raise TypeError("reasons must be None or frozenset of ReasonFlags")
+
+        if reasons and (
+            ReasonFlags.unspecified in reasons or
+            ReasonFlags.remove_from_crl in reasons
+        ):
+            raise ValueError(
+                "unspecified and remove_from_crl are not valid reasons in a "
+                "DistributionPoint"
+            )
+
+        if reasons and not crl_issuer and not (full_name or relative_name):
+            raise ValueError(
+                "You must supply crl_issuer, full_name, or relative_name when "
+                "reasons is not None"
+            )
+
+        self._full_name = full_name
+        self._relative_name = relative_name
+        self._reasons = reasons
+        self._crl_issuer = crl_issuer
+
+    def __repr__(self):
+        return (
+            "<DistributionPoint(full_name={0.full_name}, relative_name={0.rela"
+            "tive_name}, reasons={0.reasons}, crl_issuer={0.crl_is"
+            "suer})>".format(self)
+        )
+
+    def __eq__(self, other):
+        if not isinstance(other, DistributionPoint):
+            return NotImplemented
+
+        return (
+            self.full_name == other.full_name and
+            self.relative_name == other.relative_name and
+            self.reasons == other.reasons and
+            self.crl_issuer == other.crl_issuer
+        )
+
+    def __ne__(self, other):
+        return not self == other
+
+    full_name = utils.read_only_property("_full_name")
+    relative_name = utils.read_only_property("_relative_name")
+    reasons = utils.read_only_property("_reasons")
+    crl_issuer = utils.read_only_property("_crl_issuer")
+
+
+class ReasonFlags(Enum):
+    unspecified = "unspecified"
+    key_compromise = "keyCompromise"
+    ca_compromise = "cACompromise"
+    affiliation_changed = "affiliationChanged"
+    superseded = "superseded"
+    cessation_of_operation = "cessationOfOperation"
+    certificate_hold = "certificateHold"
+    privilege_withdrawn = "privilegeWithdrawn"
+    aa_compromise = "aACompromise"
+    remove_from_crl = "removeFromCRL"