From 6a0718faddbc7b6b57f86417f6daa468c18ea248 Mon Sep 17 00:00:00 2001
From: Alex Gaynor <alex.gaynor@gmail.com>
Date: Sun, 4 Jun 2017 13:36:58 -0400
Subject: Refs #3461 -- parse SCTs from x.509 extension (#3480)

* Stub API for SCTs, feedback wanted

* grr, flake8

* finish up the __init__

* Initial implementation and tests

* write a test. it fails because computer

* get the tests passing and fix some TODOs

* changelog entry

* This can go now

* Put a skip in this test

* grump

* Removed unreachable code

* moved changelog to the correct section

* Use the deocrator for expressing requirements

* This needs f for the right entry_type

* coverage

* syntax error

* tests for coverage

* better sct eq tests

* docs

* technically correct, the most useless kind of correct

* typo and more details

* bug

* drop __eq__
---
 docs/x509/certificate-transparency.rst |  6 +++---
 docs/x509/reference.rst                | 26 ++++++++++++++++++++++++++
 2 files changed, 29 insertions(+), 3 deletions(-)

(limited to 'docs/x509')

diff --git a/docs/x509/certificate-transparency.rst b/docs/x509/certificate-transparency.rst
index 0d344d2b..f9e651ed 100644
--- a/docs/x509/certificate-transparency.rst
+++ b/docs/x509/certificate-transparency.rst
@@ -11,7 +11,7 @@ issued.
 
 .. class:: SignedCertificateTimestamp
 
-    .. versionadded:: 1.9
+    .. versionadded:: 2.0
 
     SignedCertificateTimestamps (SCTs) are small cryptographically signed
     assertions that the specified certificate has been submitted to a
@@ -53,7 +53,7 @@ issued.
 
 .. class:: Version
 
-    .. versionadded:: 1.9
+    .. versionadded:: 2.0
 
     An enumeration for SignedCertificateTimestamp versions.
 
@@ -63,7 +63,7 @@ issued.
 
 .. class:: LogEntryType
 
-    .. versionadded:: 1.9
+    .. versionadded:: 2.0
 
     An enumeration for SignedCertificateTimestamp log entry types.
 
diff --git a/docs/x509/reference.rst b/docs/x509/reference.rst
index 24d1c07b..5a903b95 100644
--- a/docs/x509/reference.rst
+++ b/docs/x509/reference.rst
@@ -1814,6 +1814,32 @@ X.509 Extensions
         :returns: A list of values extracted from the matched general names.
 
 
+.. class:: PrecertificateSignedCertificateTimestamps(scts)
+
+    .. versionadded:: 2.0
+
+    This extension contains
+    :class:`~cryptography.x509.certificate_transparency.SignedCertificateTimestamp`
+    instances which were issued for the pre-certificate corresponding to this
+    certificate. These can be used to verify that the certificate is included
+    in a public Certificate Transparency log.
+
+    It is an iterable containing one or more
+    :class:`~cryptography.x509.certificate_transparency.SignedCertificateTimestamp`
+    objects.
+
+    :param list scts: A ``list`` of
+        :class:`~cryptography.x509.certificate_transparency.SignedCertificateTimestamp`
+        objects.
+
+    .. attribute:: oid
+
+        :type: :class:`ObjectIdentifier`
+
+        Returns
+        :attr:`~cryptography.x509.oid.ExtensionOID.PRECERT_SIGNED_CERTIFICATE_TIMESTAMPS`.
+
+
 .. class:: AuthorityInformationAccess(descriptions)
 
     .. versionadded:: 0.9
-- 
cgit v1.2.3