rename X509 classes to remove X509 and improve some tests

6 files changed, 96 insertions, 37 deletions

diff --git a/CHANGELOG.rst b/CHANGELOG.rst
index 29cee4937..a5e4684f9 100644
--- a/CHANGELOG.rst
+++ b/CHANGELOG.rst
@@ -22,8 +22,8 @@ Changelog
   :func:`~cryptography.hazmat.primitives.serialization.load_ssh_public_key` to
   support the loading of OpenSSH public keys (:rfc:`4253`). Currently, only RSA
   keys are supported.
-* Added initial support for X.509 certificate parsing. See :doc:`X.509 </x509>`
-  for more information.
+* Added initial support for X.509 certificate parsing. See the
+  :doc:`X.509 documentation</x509>` for more information.
 
 0.6.1 - 2014-10-15
 ~~~~~~~~~~~~~~~~~~
diff --git a/docs/x509.rst b/docs/x509.rst
index ba84f6e72..c682e5e88 100644
--- a/docs/x509.rst
+++ b/docs/x509.rst
@@ -17,7 +17,9 @@ Loading Certificates
 
     .. versionadded:: 0.7
 
-    Deserialize a certificate from PEM encoded data.
+    Deserialize a certificate from PEM encoded data. PEM certificates are
+    base64 decoded and have delimiters that look like
+    ``-----BEGIN CERTIFICATE-----``.
 
     :param bytes data: The PEM encoded certificate data.
 
@@ -25,13 +27,15 @@ Loading Certificates
         :class:`~cryptography.hazmat.backends.interfaces.X509Backend`
         interface.
 
-    :returns: An instance of :class:`~cryptography.x509.X509Certificate`.
+    :returns: An instance of :class:`~cryptography.x509.Certificate`.
 
 .. function:: load_der_x509_certificate(data, backend)
 
     .. versionadded:: 0.7
 
-    Deserialize a certificate from DER encoded data.
+    Deserialize a certificate from DER encoded data. DER is a binary format
+    and is commonly found in files with the ``cer`` suffix (although file
+    suffixes are not a guarantee of encoding type).
 
     :param bytes data: The DER encoded certificate data.
 
@@ -39,7 +43,7 @@ Loading Certificates
         :class:`~cryptography.hazmat.backends.interfaces.X509Backend`
         interface.
 
-    :returns: An instance of :class:`~cryptography.x509.X509Certificate`.
+    :returns: An instance of :class:`~cryptography.x509.Certificate`.
 
 .. testsetup::
 
@@ -75,18 +79,19 @@ Loading Certificates
     >>> cert.serial
     2
 
-Interface
-~~~~~~~~~
+X.509 Certificate Object
+~~~~~~~~~~~~~~~~~~~~~~~~
 
-.. class:: X509Certificate
+.. class:: Certificate
 
     .. versionadded:: 0.7
 
     .. attribute:: version
 
-        :type: :class:`~cryptography.x509.X509Version`
+        :type: :class:`~cryptography.x509.Version`
 
-        The certificate version as an enumeration.
+        The certificate version as an enumeration. Version 3 certificates are
+        the latest version and also the only type you should see in practice.
 
     .. method:: fingerprint(algorithm)
 
@@ -127,10 +132,7 @@ Interface
     certificate in UTC. This value is inclusive.
 
 
-Support Classes
-~~~~~~~~~~~~~~~
-
-.. class:: X509Version
+.. class:: Version
 
     .. versionadded:: 0.7
 
@@ -144,7 +146,7 @@ Support Classes
 
         For version 3 X.509 certificates.
 
-.. class:: InvalidX509Version
+.. class:: InvalidVersion
 
     This is raised when an X.509 certificate has an invalid version number.
 
diff --git a/src/cryptography/hazmat/backends/openssl/backend.py b/src/cryptography/hazmat/backends/openssl/backend.py
index 10341fa21..daccf5ca5 100644
--- a/src/cryptography/hazmat/backends/openssl/backend.py
+++ b/src/cryptography/hazmat/backends/openssl/backend.py
@@ -36,7 +36,7 @@ from cryptography.hazmat.backends.openssl.hmac import _HMACContext
 from cryptography.hazmat.backends.openssl.rsa import (
     _RSAPrivateKey, _RSAPublicKey
 )
-from cryptography.hazmat.backends.openssl.x509 import _X509Certificate
+from cryptography.hazmat.backends.openssl.x509 import _Certificate
 from cryptography.hazmat.bindings.openssl.binding import Binding
 from cryptography.hazmat.primitives import hashes
 from cryptography.hazmat.primitives.asymmetric import dsa, ec, rsa
@@ -709,7 +709,7 @@ class Backend(object):
             raise ValueError("Unable to load certificate")
 
         x509 = self._ffi.gc(x509, self._lib.X509_free)
-        return _X509Certificate(self, x509)
+        return _Certificate(self, x509)
 
     def load_der_x509_certificate(self, data):
         mem_bio = self._bytes_to_bio(data)
@@ -719,7 +719,7 @@ class Backend(object):
             raise ValueError("Unable to load certificate")
 
         x509 = self._ffi.gc(x509, self._lib.X509_free)
-        return _X509Certificate(self, x509)
+        return _Certificate(self, x509)
 
     def load_traditional_openssl_pem_private_key(self, data, password):
         warnings.warn(
diff --git a/src/cryptography/hazmat/backends/openssl/x509.py b/src/cryptography/hazmat/backends/openssl/x509.py
index 17dd098f4..26c5edc20 100644
--- a/src/cryptography/hazmat/backends/openssl/x509.py
+++ b/src/cryptography/hazmat/backends/openssl/x509.py
@@ -19,8 +19,8 @@ from cryptography import utils, x509
 from cryptography.hazmat.primitives import hashes
 
 
-@utils.register_interface(x509.X509Certificate)
-class _X509Certificate(object):
+@utils.register_interface(x509.Certificate)
+class _Certificate(object):
     def __init__(self, backend, x509):
         self._backend = backend
         self._x509 = x509
@@ -40,11 +40,11 @@ class _X509Certificate(object):
     def version(self):
         version = self._backend._lib.X509_get_version(self._x509)
         if version == 0:
-            return x509.X509Version.v1
+            return x509.Version.v1
         elif version == 2:
-            return x509.X509Version.v3
+            return x509.Version.v3
         else:
-            raise x509.InvalidX509Version(
+            raise x509.InvalidVersion(
                 "{0} is not a valid X509 version".format(version)
             )
 
diff --git a/src/cryptography/x509.py b/src/cryptography/x509.py
index ed754cbc5..c79d11716 100644
--- a/src/cryptography/x509.py
+++ b/src/cryptography/x509.py
@@ -10,7 +10,7 @@ from enum import Enum
 import six
 
 
-class X509Version(Enum):
+class Version(Enum):
     v1 = 0
     v3 = 2
 
@@ -23,12 +23,12 @@ def load_der_x509_certificate(data, backend):
     return backend.load_der_x509_certificate(data)
 
 
-class InvalidX509Version(Exception):
+class InvalidVersion(Exception):
     pass
 
 
 @six.add_metaclass(abc.ABCMeta)
-class X509Certificate(object):
+class Certificate(object):
     @abc.abstractmethod
     def fingerprint(self, algorithm):
         """
diff --git a/tests/test_x509.py b/tests/test_x509.py
index be118bb8d..f8d19a54a 100644
--- a/tests/test_x509.py
+++ b/tests/test_x509.py
@@ -32,14 +32,17 @@ def _load_cert(filename, loader, backend):
 
 @pytest.mark.requires_backend_interface(interface=RSABackend)
 @pytest.mark.requires_backend_interface(interface=X509Backend)
-class TestRSAX509Certificate(object):
+class TestRSACertificate(object):
     def test_load_pem_cert(self, backend):
         cert = _load_cert(
             os.path.join("x509", "custom", "post2000utctime.pem"),
             x509.load_pem_x509_certificate,
             backend
         )
-        assert isinstance(cert, x509.X509Certificate)
+        assert isinstance(cert, x509.Certificate)
+        assert cert.serial == 11559813051657483483
+        fingerprint = binascii.hexlify(cert.fingerprint(hashes.SHA1()))
+        assert fingerprint == b"2b619ed04bfc9c3b08eb677d272192286a0947a8"
 
     def test_load_der_cert(self, backend):
         cert = _load_cert(
@@ -47,7 +50,10 @@ class TestRSAX509Certificate(object):
             x509.load_der_x509_certificate,
             backend
         )
-        assert isinstance(cert, x509.X509Certificate)
+        assert isinstance(cert, x509.Certificate)
+        assert cert.serial == 2
+        fingerprint = binascii.hexlify(cert.fingerprint(hashes.SHA1()))
+        assert fingerprint == b"6f49779533d565e8b7c1062503eab41492c38e4d"
 
     def test_load_good_ca_cert(self, backend):
         cert = _load_cert(
@@ -61,7 +67,7 @@ class TestRSAX509Certificate(object):
         assert cert.serial == 2
         public_key = cert.public_key()
         assert isinstance(public_key, interfaces.RSAPublicKey)
-        assert cert.version is x509.X509Version.v3
+        assert cert.version is x509.Version.v3
         fingerprint = binascii.hexlify(cert.fingerprint(hashes.SHA1()))
         assert fingerprint == b"6f49779533d565e8b7c1062503eab41492c38e4d"
 
@@ -113,7 +119,7 @@ class TestRSAX509Certificate(object):
         )
         assert cert.not_valid_before == datetime.datetime(2002, 1, 1, 12, 1)
         assert cert.not_valid_after == datetime.datetime(2030, 12, 31, 8, 30)
-        assert cert.version is x509.X509Version.v3
+        assert cert.version is x509.Version.v3
 
     def test_generalized_time_not_after_cert(self, backend):
         cert = _load_cert(
@@ -126,7 +132,7 @@ class TestRSAX509Certificate(object):
         )
         assert cert.not_valid_before == datetime.datetime(2010, 1, 1, 8, 30)
         assert cert.not_valid_after == datetime.datetime(2050, 1, 1, 12, 1)
-        assert cert.version is x509.X509Version.v3
+        assert cert.version is x509.Version.v3
 
     def test_invalid_version_cert(self, backend):
         cert = _load_cert(
@@ -134,7 +140,7 @@ class TestRSAX509Certificate(object):
             x509.load_pem_x509_certificate,
             backend
         )
-        with pytest.raises(x509.InvalidX509Version):
+        with pytest.raises(x509.InvalidVersion):
             cert.version
 
     def test_version_1_cert(self, backend):
@@ -143,7 +149,7 @@ class TestRSAX509Certificate(object):
             x509.load_pem_x509_certificate,
             backend
         )
-        assert cert.version is x509.X509Version.v1
+        assert cert.version is x509.Version.v1
 
     def test_invalid_pem(self, backend):
         with pytest.raises(ValueError):
@@ -156,7 +162,7 @@ class TestRSAX509Certificate(object):
 
 @pytest.mark.requires_backend_interface(interface=DSABackend)
 @pytest.mark.requires_backend_interface(interface=X509Backend)
-class TestDSAX509Certificate(object):
+class TestDSACertificate(object):
     def test_load_dsa_cert(self, backend):
         cert = _load_cert(
             os.path.join("x509", "custom", "dsa_selfsigned_ca.pem"),
@@ -165,11 +171,49 @@ class TestDSAX509Certificate(object):
         )
         public_key = cert.public_key()
         assert isinstance(public_key, interfaces.DSAPublicKey)
+        if isinstance(public_key, interfaces.DSAPublicKeyWithNumbers):
+            num = public_key.public_numbers()
+            assert num.y == int(
+                "4c08bfe5f2d76649c80acf7d431f6ae2124b217abc8c9f6aca776ddfa94"
+                "53b6656f13e543684cd5f6431a314377d2abfa068b7080cb8ddc065afc2"
+                "dea559f0b584c97a2b235b9b69b46bc6de1aed422a6f341832618bcaae2"
+                "198aba388099dafb05ff0b5efecb3b0ae169a62e1c72022af50ae68af3b"
+                "033c18e6eec1f7df4692c456ccafb79cc7e08da0a5786e9816ceda651d6"
+                "1b4bb7b81c2783da97cea62df67af5e85991fdc13aff10fc60e06586386"
+                "b96bb78d65750f542f86951e05a6d81baadbcd35a2e5cad4119923ae6a2"
+                "002091a3d17017f93c52970113cdc119970b9074ca506eac91c3dd37632"
+                "5df4af6b3911ef267d26623a5a1c5df4a6d13f1c", 16
+            )
+            assert num.parameter_numbers.g == int(
+                "4b7ced71dc353965ecc10d441a9a06fc24943a32d66429dd5ef44d43e67"
+                "d789d99770aec32c0415dc92970880872da45fef8dd1e115a3e4801387b"
+                "a6d755861f062fd3b6e9ea8e2641152339b828315b1528ee6c7b79458d2"
+                "1f3db973f6fc303f9397174c2799dd2351282aa2d8842c357a73495bbaa"
+                "c4932786414c55e60d73169f5761036fba29e9eebfb049f8a3b1b7cee6f"
+                "3fbfa136205f130bee2cf5b9c38dc1095d4006f2e73335c07352c64130a"
+                "1ab2b89f13b48f628d3cc3868beece9bb7beade9f830eacc6fa241425c0"
+                "b3fcc0df416a0c89f7bf35668d765ec95cdcfbe9caff49cfc156c668c76"
+                "fa6247676a6d3ac945844a083509c6a1b436baca", 16
+            )
+            assert num.parameter_numbers.p == int(
+                "bfade6048e373cd4e48b677e878c8e5b08c02102ae04eb2cb5c46a523a3"
+                "af1c73d16b24f34a4964781ae7e50500e21777754a670bd19a7420d6330"
+                "84e5556e33ca2c0e7d547ea5f46a07a01bf8669ae3bdec042d9b2ae5e6e"
+                "cf49f00ba9dac99ab6eff140d2cedf722ee62c2f9736857971444c25d0a"
+                "33d2017dc36d682a1054fe2a9428dda355a851ce6e6d61e03e419fd4ca4"
+                "e703313743d86caa885930f62ed5bf342d8165627681e9cc3244ba72aa2"
+                "2148400a6bbe80154e855d042c9dc2a3405f1e517be9dea50562f56da93"
+                "f6085f844a7e705c1f043e65751c583b80d29103e590ccb26efdaa0893d"
+                "833e36468f3907cfca788a3cb790f0341c8a31bf", 16
+            )
+            assert num.parameter_numbers.q == int(
+                "822ff5d234e073b901cf5941f58e1f538e71d40d", 16
+            )
 
 
 @pytest.mark.requires_backend_interface(interface=EllipticCurveBackend)
 @pytest.mark.requires_backend_interface(interface=X509Backend)
-class TestECDSAX509Certificate(object):
+class TestECDSACertificate(object):
     def test_load_ecdsa_cert(self, backend):
         _skip_curve_unsupported(backend, ec.SECP384R1())
         cert = _load_cert(
@@ -179,6 +223,19 @@ class TestECDSAX509Certificate(object):
         )
         public_key = cert.public_key()
         assert isinstance(public_key, interfaces.EllipticCurvePublicKey)
+        if isinstance(
+            public_key, interfaces.EllipticCurvePublicKeyWithNumbers
+        ):
+            num = public_key.public_numbers()
+            assert num.x == int(
+                "dda7d9bb8ab80bfb0b7f21d2f0bebe73f3335d1abc34eadec69bbcd095f"
+                "6f0ccd00bba615b51467e9e2d9fee8e630c17", 16
+            )
+            assert num.y == int(
+                "ec0770f5cf842e40839ce83f416d3badd3a4145936789d0343ee10136c7"
+                "2deae88a7a16bb543ce67dc23ff031ca3e23e", 16
+            )
+            assert isinstance(num.curve, ec.SECP384R1)
 
     def test_load_ecdsa_no_named_curve(self, backend):
         _skip_curve_unsupported(backend, ec.SECP256R1())