3 files changed, 43 insertions, 5 deletions

diff --git a/docs/hazmat/primitives/asymmetric/serialization.rst b/docs/hazmat/primitives/asymmetric/serialization.rst
index f14f4037..89028c8e 100644
--- a/docs/hazmat/primitives/asymmetric/serialization.rst
+++ b/docs/hazmat/primitives/asymmetric/serialization.rst
@@ -118,7 +118,12 @@ all begin with ``-----BEGIN {format}-----`` and end with ``-----END
         :class:`~cryptography.hazmat.backends.interfaces.PEMSerializationBackend`
         provider.
 
-    :returns: A new instance of a private key.
+    :returns: One of
+        :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKey`,
+        :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPrivateKey`,
+        or
+        :class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKey`
+        depending on the contents of ``data``.
 
     :raises ValueError: If the PEM data could not be decrypted or if its
         structure could not be decoded successfully.
@@ -151,7 +156,13 @@ all begin with ``-----BEGIN {format}-----`` and end with ``-----END
         :class:`~cryptography.hazmat.backends.interfaces.PEMSerializationBackend`
         provider.
 
-    :returns: A new instance of a public key.
+
+    :returns: One of
+        :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicKey`,
+        :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPublicKey`,
+        or
+        :class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKey`
+        depending on the contents of ``data``.
 
     :raises ValueError: If the PEM data's structure could not be decoded
         successfully.
@@ -183,7 +194,12 @@ the rest.
         :class:`~cryptography.hazmat.backends.interfaces.DERSerializationBackend`
         provider.
 
-    :returns: A new instance of a private key.
+    :returns: One of
+        :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKey`,
+        :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPrivateKey`,
+        or
+        :class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKey`
+        depending on the contents of ``data``.
 
     :raises ValueError: If the DER data could not be decrypted or if its
         structure could not be decoded successfully.
@@ -218,7 +234,12 @@ the rest.
         :class:`~cryptography.hazmat.backends.interfaces.DERSerializationBackend`
         provider.
 
-    :returns: A new instance of a public key.
+    :returns: One of
+        :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicKey`,
+        :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPublicKey`,
+        or
+        :class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKey`
+        depending on the contents of ``data``.
 
     :raises ValueError: If the DER data's structure could not be decoded
         successfully.
@@ -275,7 +296,12 @@ DSA keys look almost identical but begin with ``ssh-dss`` rather than
         :class:`~cryptography.hazmat.backends.interfaces.EllipticCurveBackend`
         depending on the key's type.
 
-    :returns: A new instance of a public key type.
+    :returns: One of
+        :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicKey`,
+        :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPublicKey`,
+        or
+        :class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKey`
+        depending on the contents of ``data``.
 
     :raises ValueError: If the OpenSSH data could not be properly decoded or
         if the key is not in the proper format.
diff --git a/src/cryptography/x509/extensions.py b/src/cryptography/x509/extensions.py
index 0c5b5523..f7b5d7f5 100644
--- a/src/cryptography/x509/extensions.py
+++ b/src/cryptography/x509/extensions.py
@@ -91,6 +91,13 @@ class Extensions(object):
         raise ExtensionNotFound("No {0} extension was found".format(oid), oid)
 
     def get_extension_for_class(self, extclass):
+        if extclass is UnrecognizedExtension:
+            raise TypeError(
+                "UnrecognizedExtension can't be used with "
+                "get_extension_for_class because more than one instance of the"
+                " class may be present."
+            )
+
         for ext in self:
             if isinstance(ext.value, extclass):
                 return ext
diff --git a/tests/test_x509_ext.py b/tests/test_x509_ext.py
index ec6127ab..03a3730a 100644
--- a/tests/test_x509_ext.py
+++ b/tests/test_x509_ext.py
@@ -1073,6 +1073,11 @@ class TestExtensions(object):
             exts.get_extension_for_class(x509.IssuerAlternativeName)
         assert exc.value.oid == ExtensionOID.ISSUER_ALTERNATIVE_NAME
 
+    def test_unrecognized_extension_for_class(self):
+        exts = x509.Extensions([])
+        with pytest.raises(TypeError):
+            exts.get_extension_for_class(x509.UnrecognizedExtension)
+
     def test_indexing(self, backend):
         cert = _load_cert(
             os.path.join("x509", "cryptography.io.pem"),