add X509Backend support to multibackend

3 files changed, 47 insertions, 2 deletions

diff --git a/src/cryptography/exceptions.py b/src/cryptography/exceptions.py
index 4270cb22..b0e1a993 100644
--- a/src/cryptography/exceptions.py
+++ b/src/cryptography/exceptions.py
@@ -14,6 +14,7 @@ class _Reasons(object):
     UNSUPPORTED_PUBLIC_KEY_ALGORITHM = object()
     UNSUPPORTED_ELLIPTIC_CURVE = object()
     UNSUPPORTED_SERIALIZATION = object()
+    UNSUPPORTED_X509 = object()
 
 
 class UnsupportedAlgorithm(Exception):
diff --git a/src/cryptography/hazmat/backends/multibackend.py b/src/cryptography/hazmat/backends/multibackend.py
index fce6c8e1..ffc569f4 100644
--- a/src/cryptography/hazmat/backends/multibackend.py
+++ b/src/cryptography/hazmat/backends/multibackend.py
@@ -12,7 +12,7 @@ from cryptography.hazmat.backends.interfaces import (
     CMACBackend, CipherBackend, DSABackend, EllipticCurveBackend, HMACBackend,
     HashBackend, PBKDF2HMACBackend, PEMSerializationBackend,
     PKCS8SerializationBackend, RSABackend,
-    TraditionalOpenSSLSerializationBackend
+    TraditionalOpenSSLSerializationBackend, X509Backend
 )
 
 
@@ -27,6 +27,7 @@ from cryptography.hazmat.backends.interfaces import (
 @utils.register_interface(DSABackend)
 @utils.register_interface(EllipticCurveBackend)
 @utils.register_interface(PEMSerializationBackend)
+@utils.register_interface(X509Backend)
 class MultiBackend(object):
     name = "multibackend"
 
@@ -347,3 +348,25 @@ class MultiBackend(object):
             "This backend does not support this key serialization.",
             _Reasons.UNSUPPORTED_SERIALIZATION
         )
+
+    def load_pem_x509_certificate(self, data):
+        for b in self._filtered_backends(
+            X509Backend
+        ):
+            return b.load_pem_x509_certificate(data)
+
+        raise UnsupportedAlgorithm(
+            "This backend does not support X.509.",
+            _Reasons.UNSUPPORTED_X509
+        )
+
+    def load_der_x509_certificate(self, data):
+        for b in self._filtered_backends(
+            X509Backend
+        ):
+            return b.load_der_x509_certificate(data)
+
+        raise UnsupportedAlgorithm(
+            "This backend does not support X.509.",
+            _Reasons.UNSUPPORTED_X509
+        )
diff --git a/tests/hazmat/backends/test_multibackend.py b/tests/hazmat/backends/test_multibackend.py
index 112247cb..03aa3cd8 100644
--- a/tests/hazmat/backends/test_multibackend.py
+++ b/tests/hazmat/backends/test_multibackend.py
@@ -14,7 +14,7 @@ from cryptography.hazmat.backends.interfaces import (
     CMACBackend, CipherBackend, DSABackend, EllipticCurveBackend, HMACBackend,
     HashBackend, PBKDF2HMACBackend, PEMSerializationBackend,
     PKCS8SerializationBackend, RSABackend,
-    TraditionalOpenSSLSerializationBackend
+    TraditionalOpenSSLSerializationBackend, X509Backend
 )
 from cryptography.hazmat.backends.multibackend import MultiBackend
 from cryptography.hazmat.primitives import cmac, hashes, hmac
@@ -203,6 +203,15 @@ class DummyPEMSerializationBackend(object):
         pass
 
 
+@utils.register_interface(X509Backend)
+class DummyX509Backend(object):
+    def load_pem_x509_certificate(self, data):
+        pass
+
+    def load_der_x509_certificate(self, data):
+        pass
+
+
 class TestMultiBackend(object):
     def test_ciphers(self):
         backend = MultiBackend([
@@ -522,3 +531,15 @@ class TestMultiBackend(object):
             backend.load_pem_private_key(b"keydata", None)
         with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_SERIALIZATION):
             backend.load_pem_public_key(b"keydata")
+
+    def test_x509_backend(self):
+        backend = MultiBackend([DummyX509Backend()])
+
+        backend.load_pem_x509_certificate(b"certdata")
+        backend.load_der_x509_certificate(b"certdata")
+
+        backend = MultiBackend([])
+        with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_X509):
+            backend.load_pem_x509_certificate(b"certdata")
+        with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_X509):
+            backend.load_der_x509_certificate(b"certdata")