From 05c122b5614740a50bee67808d4540ed94ae69e9 Mon Sep 17 00:00:00 2001
From: Paul Kehrer <paul.l.kehrer@gmail.com>
Date: Mon, 24 Nov 2014 08:41:05 -1000
Subject: Initial minimal X509Certificate interfaces

This will be expanded in the future to include algorithm identifier,
subject, issuer, extensions, etc
---
 docs/hazmat/primitives/interfaces.rst            | 44 ++++++++++++++++++++++++
 src/cryptography/hazmat/primitives/interfaces.py | 33 ++++++++++++++++++
 2 files changed, 77 insertions(+)

diff --git a/docs/hazmat/primitives/interfaces.rst b/docs/hazmat/primitives/interfaces.rst
index e9e4e77e..888a3403 100644
--- a/docs/hazmat/primitives/interfaces.rst
+++ b/docs/hazmat/primitives/interfaces.rst
@@ -695,6 +695,50 @@ Key derivation functions
         :raises cryptography.exceptions.InvalidSignature: This is raised when
             the provided signature does not match the expected signature.
 
+
+X509
+----
+
+.. class:: X509Certificate
+
+    .. versionadded:: 0.7
+
+    .. method:: fingerprint(algorithm)
+
+        :param algorithm: A
+            :class:`~cryptography.hazmat.primitives.interfaces.HashAlgorithm`
+            that will be used by this context.
+
+        :return: The fingerprint using the supplied hash algorithm as bytes.
+
+    .. attribute:: serial
+
+        :type: int
+
+        The serial as a Python integer.
+
+    .. method:: public_key()
+
+        :type:
+            :class:`~cryptography.hazmat.primitives.interfaces.RSAPublicKey` or
+            :class:`~cryptography.hazmat.primitives.interfaces.DSAPublicKey` or
+            :class:`~cryptography.hazmat.primitives.interfaces.EllipticCurvePublicKey`
+
+        The public key associated with the certificate.
+
+    .. attribute:: not_before
+
+        :type: datetime
+
+    The beginning of the validity period for the certificate (UTC).
+
+    .. attribute:: not_after
+
+        :type: datetime
+
+    The end of the validity period for the certificate (UTC).
+
+
 .. _`RSA`: https://en.wikipedia.org/wiki/RSA_(cryptosystem)
 .. _`Chinese remainder theorem`: https://en.wikipedia.org/wiki/Chinese_remainder_theorem
 .. _`DSA`: https://en.wikipedia.org/wiki/Digital_Signature_Algorithm
diff --git a/src/cryptography/hazmat/primitives/interfaces.py b/src/cryptography/hazmat/primitives/interfaces.py
index 7d9fc4fb..561be972 100644
--- a/src/cryptography/hazmat/primitives/interfaces.py
+++ b/src/cryptography/hazmat/primitives/interfaces.py
@@ -488,3 +488,36 @@ class MACContext(object):
 
 # DeprecatedIn07
 CMACContext = MACContext
+
+
+@six.add_metaclass(abc.ABCMeta)
+class X509Certificate(object):
+    @abc.abstractmethod
+    def fingerprint(self, algorithm):
+        """
+        Returns bytes using digest passed.
+        """
+
+    @abc.abstractproperty
+    def serial(self):
+        """
+        Returns certificate serial number
+        """
+
+    @abc.abstractmethod
+    def public_key(self):
+        """
+        Returns the public key
+        """
+
+    @abc.abstractproperty
+    def not_before(self):
+        """
+        Not before time (represented as UTC datetime)
+        """
+
+    @abc.abstractproperty
+    def not_after(self):
+        """
+        Not after time (represented as UTC datetime)
+        """
-- 
cgit v1.2.3


From 6c4302e64c8ee866bfde6cd0acd5a86a9b1834de Mon Sep 17 00:00:00 2001
From: Paul Kehrer <paul.l.kehrer@gmail.com>
Date: Mon, 24 Nov 2014 09:20:38 -1000
Subject: add backend interface for loading x509 certificates

---
 docs/hazmat/backends/interfaces.rst            | 14 ++++++++++++++
 src/cryptography/hazmat/backends/interfaces.py |  9 +++++++++
 2 files changed, 23 insertions(+)

diff --git a/docs/hazmat/backends/interfaces.rst b/docs/hazmat/backends/interfaces.rst
index ce2f0918..47553a9d 100644
--- a/docs/hazmat/backends/interfaces.rst
+++ b/docs/hazmat/backends/interfaces.rst
@@ -512,3 +512,17 @@ A specific ``backend`` may provide one or more of these interfaces.
         :raises cryptography.exceptions.UnsupportedAlgorithm: If the data is
             encrypted with an unsupported algorithm.
 
+
+.. class:: X509Backend
+
+    .. versionadded:: 0.7
+
+    A backend with methods for working with X.509 objects.
+
+    .. method:: load_pem_x509_certificate(data)
+
+        :param bytes data: PEM formatted certificate data.
+
+        :returns: An instance of a
+            :class:`~cryptography.hazmat.primitives.interfaces.X509Certificate`
+            provider.
diff --git a/src/cryptography/hazmat/backends/interfaces.py b/src/cryptography/hazmat/backends/interfaces.py
index f433afcb..dcdd1c39 100644
--- a/src/cryptography/hazmat/backends/interfaces.py
+++ b/src/cryptography/hazmat/backends/interfaces.py
@@ -250,3 +250,12 @@ class PKCS8SerializationBackend(object):
         Load a private key from PKCS8 encoded data, using password if the data
         is encrypted.
         """
+
+
+@six.add_metaclass(abc.ABCMeta)
+class X509Backend(object):
+    @abc.abstractmethod
+    def load_pem_x509_certificate(self, data):
+        """
+        Load an X.509 certificate from PEM encoded data.
+        """
-- 
cgit v1.2.3


From 333ae9be186d5a3fc39c6b175774fd4d4413ed2c Mon Sep 17 00:00:00 2001
From: Paul Kehrer <paul.l.kehrer@gmail.com>
Date: Mon, 24 Nov 2014 12:23:22 -1000
Subject: update docs with review feedback

---
 docs/hazmat/backends/interfaces.rst   |  5 ++---
 docs/hazmat/primitives/interfaces.rst | 13 ++++++++-----
 2 files changed, 10 insertions(+), 8 deletions(-)

diff --git a/docs/hazmat/backends/interfaces.rst b/docs/hazmat/backends/interfaces.rst
index 47553a9d..3cce1576 100644
--- a/docs/hazmat/backends/interfaces.rst
+++ b/docs/hazmat/backends/interfaces.rst
@@ -523,6 +523,5 @@ A specific ``backend`` may provide one or more of these interfaces.
 
         :param bytes data: PEM formatted certificate data.
 
-        :returns: An instance of a
-            :class:`~cryptography.hazmat.primitives.interfaces.X509Certificate`
-            provider.
+        :returns: An instance of
+            :class:`~cryptography.hazmat.primitives.interfaces.X509Certificate`.
diff --git a/docs/hazmat/primitives/interfaces.rst b/docs/hazmat/primitives/interfaces.rst
index 888a3403..d9019cbb 100644
--- a/docs/hazmat/primitives/interfaces.rst
+++ b/docs/hazmat/primitives/interfaces.rst
@@ -709,7 +709,8 @@ X509
             :class:`~cryptography.hazmat.primitives.interfaces.HashAlgorithm`
             that will be used by this context.
 
-        :return: The fingerprint using the supplied hash algorithm as bytes.
+        :return bytes: The fingerprint using the supplied hash algorithm as
+            bytes.
 
     .. attribute:: serial
 
@@ -728,15 +729,17 @@ X509
 
     .. attribute:: not_before
 
-        :type: datetime
+        :type: datetime.datetime
 
-    The beginning of the validity period for the certificate (UTC).
+    A naïve datetime representing the beginning of the validity period for the
+    certificate in UTC. This value is inclusive.
 
     .. attribute:: not_after
 
-        :type: datetime
+        :type: datetime.datetime
 
-    The end of the validity period for the certificate (UTC).
+    A naïve datetime representing the end of the validity period for the
+    certificate in UTC. This value is inclusive.
 
 
 .. _`RSA`: https://en.wikipedia.org/wiki/RSA_(cryptosystem)
-- 
cgit v1.2.3


From f0e05bb7711f3c04a96f3bc924588ecfa838d41d Mon Sep 17 00:00:00 2001
From: Paul Kehrer <paul.l.kehrer@gmail.com>
Date: Mon, 24 Nov 2014 12:30:03 -1000
Subject: =?UTF-8?q?link=20datetime=20better=20and=20add=20na=C3=AFve=20to?=
 =?UTF-8?q?=20spelling=20list?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 docs/hazmat/primitives/interfaces.rst | 4 ++--
 docs/spelling_wordlist.txt            | 1 +
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/docs/hazmat/primitives/interfaces.rst b/docs/hazmat/primitives/interfaces.rst
index d9019cbb..77aa0017 100644
--- a/docs/hazmat/primitives/interfaces.rst
+++ b/docs/hazmat/primitives/interfaces.rst
@@ -729,14 +729,14 @@ X509
 
     .. attribute:: not_before
 
-        :type: datetime.datetime
+        :type: :class:`datetime.datetime`
 
     A naïve datetime representing the beginning of the validity period for the
     certificate in UTC. This value is inclusive.
 
     .. attribute:: not_after
 
-        :type: datetime.datetime
+        :type: :class:`datetime.datetime`
 
     A naïve datetime representing the end of the validity period for the
     certificate in UTC. This value is inclusive.
diff --git a/docs/spelling_wordlist.txt b/docs/spelling_wordlist.txt
index b16026f6..b7b33436 100644
--- a/docs/spelling_wordlist.txt
+++ b/docs/spelling_wordlist.txt
@@ -31,6 +31,7 @@ iOS
 Koblitz
 Lange
 metadata
+naïve
 namespace
 namespaces
 pickleable
-- 
cgit v1.2.3


From 8473df6d553a2e0bf790b613c2818beb4bd2f416 Mon Sep 17 00:00:00 2001
From: Paul Kehrer <paul.l.kehrer@gmail.com>
Date: Mon, 24 Nov 2014 17:13:59 -1000
Subject: add load_der_x509_certificate X509Backend method

---
 docs/hazmat/backends/interfaces.rst            | 7 +++++++
 src/cryptography/hazmat/backends/interfaces.py | 6 ++++++
 2 files changed, 13 insertions(+)

diff --git a/docs/hazmat/backends/interfaces.rst b/docs/hazmat/backends/interfaces.rst
index 3cce1576..e4c43d9e 100644
--- a/docs/hazmat/backends/interfaces.rst
+++ b/docs/hazmat/backends/interfaces.rst
@@ -525,3 +525,10 @@ A specific ``backend`` may provide one or more of these interfaces.
 
         :returns: An instance of
             :class:`~cryptography.hazmat.primitives.interfaces.X509Certificate`.
+
+    .. method:: load_der_x509_certificate(data)
+
+        :param bytes data: DER formatted certificate data.
+
+        :returns: An instance of
+            :class:`~cryptography.hazmat.primitives.interfaces.X509Certificate`.
diff --git a/src/cryptography/hazmat/backends/interfaces.py b/src/cryptography/hazmat/backends/interfaces.py
index dcdd1c39..8fc78309 100644
--- a/src/cryptography/hazmat/backends/interfaces.py
+++ b/src/cryptography/hazmat/backends/interfaces.py
@@ -259,3 +259,9 @@ class X509Backend(object):
         """
         Load an X.509 certificate from PEM encoded data.
         """
+
+    @abc.abstractmethod
+    def load_der_x509_certificate(self, data):
+        """
+        Load an X.509 certificate from DER encoded data.
+        """
-- 
cgit v1.2.3


From 244637cedae3eef1997fd2eb85c74eb3d92d52ce Mon Sep 17 00:00:00 2001
From: Paul Kehrer <paul.l.kehrer@gmail.com>
Date: Tue, 25 Nov 2014 08:20:59 -1000
Subject: add X509Certificate version attribute

---
 docs/hazmat/primitives/interfaces.rst            | 6 ++++++
 src/cryptography/hazmat/primitives/interfaces.py | 6 ++++++
 2 files changed, 12 insertions(+)

diff --git a/docs/hazmat/primitives/interfaces.rst b/docs/hazmat/primitives/interfaces.rst
index 77aa0017..d964f25c 100644
--- a/docs/hazmat/primitives/interfaces.rst
+++ b/docs/hazmat/primitives/interfaces.rst
@@ -703,6 +703,12 @@ X509
 
     .. versionadded:: 0.7
 
+    .. attribute:: version
+
+        :type: X509Version
+
+        The certificate version as an enumeration.
+
     .. method:: fingerprint(algorithm)
 
         :param algorithm: A
diff --git a/src/cryptography/hazmat/primitives/interfaces.py b/src/cryptography/hazmat/primitives/interfaces.py
index 561be972..18a62601 100644
--- a/src/cryptography/hazmat/primitives/interfaces.py
+++ b/src/cryptography/hazmat/primitives/interfaces.py
@@ -504,6 +504,12 @@ class X509Certificate(object):
         Returns certificate serial number
         """
 
+    @abc.abstractproperty
+    def version(self):
+        """
+        Returns the certificate version
+        """
+
     @abc.abstractmethod
     def public_key(self):
         """
-- 
cgit v1.2.3