2 files changed, 56 insertions, 5 deletions

diff --git a/src/cryptography/hazmat/primitives/asymmetric/rsa.py b/src/cryptography/hazmat/primitives/asymmetric/rsa.py
index 8adc7459..ae00184f 100644
--- a/src/cryptography/hazmat/primitives/asymmetric/rsa.py
+++ b/src/cryptography/hazmat/primitives/asymmetric/rsa.py
@@ -348,7 +348,7 @@ class RSAPublicNumbers(object):
         return backend.load_rsa_public_numbers(self)
 
     def __repr__(self):
-        return "<RSAPublicNumbers(e={0}, n={1})>".format(self._e, self._n)
+        return "<RSAPublicNumbers(e={0.e}, n={0.n})>".format(self)
 
     def __eq__(self, other):
         if not isinstance(other, RSAPublicNumbers):
diff --git a/src/cryptography/x509.py b/src/cryptography/x509.py
index ad7ebbe0..1ad7028d 100644
--- a/src/cryptography/x509.py
+++ b/src/cryptography/x509.py
@@ -42,6 +42,7 @@ _OID_NAMES = {
     "1.2.840.10040.4.3": "dsa-with-sha1",
     "2.16.840.1.101.3.4.3.1": "dsa-with-sha224",
     "2.16.840.1.101.3.4.3.2": "dsa-with-sha256",
+    "2.5.29.19": "basicConstraints",
 }
 
 
@@ -90,10 +91,7 @@ class NameAttribute(object):
         return not self == other
 
     def __repr__(self):
-        return "<NameAttribute(oid={oid}, value={value!r})>".format(
-            oid=self.oid,
-            value=self.value
-        )
+        return "<NameAttribute(oid={0.oid}, value={0.value!r})>".format(self)
 
 
 class ObjectIdentifier(object):
@@ -141,6 +139,59 @@ class Name(object):
         return len(self._attributes)
 
 
+OID_BASIC_CONSTRAINTS = ObjectIdentifier("2.5.29.19")
+
+
+class Extension(object):
+    def __init__(self, oid, critical, value):
+        if not isinstance(oid, ObjectIdentifier):
+            raise TypeError(
+                "oid argument must be an ObjectIdentifier instance."
+            )
+
+        if not isinstance(critical, bool):
+            raise TypeError("critical must be a boolean value")
+
+        self._oid = oid
+        self._critical = critical
+        self._value = value
+
+    oid = utils.read_only_property("_oid")
+    critical = utils.read_only_property("_critical")
+    value = utils.read_only_property("_value")
+
+    def __repr__(self):
+        return ("<Extension(oid={0.oid}, critical={0.critical}, "
+                "value={0.value})>").format(self)
+
+
+class BasicConstraints(object):
+    def __init__(self, ca, path_length):
+        if not isinstance(ca, bool):
+            raise TypeError("ca must be a boolean value")
+
+        if path_length is not None and not ca:
+            raise ValueError("path_length must be None when ca is False")
+
+        if (
+            path_length is not None and
+            (not isinstance(path_length, six.integer_types) or path_length < 0)
+        ):
+            raise TypeError(
+                "path_length must be a non-negative integer or None"
+            )
+
+        self._ca = ca
+        self._path_length = path_length
+
+    ca = utils.read_only_property("_ca")
+    path_length = utils.read_only_property("_path_length")
+
+    def __repr__(self):
+        return ("<BasicConstraints(ca={0.ca}, "
+                "path_length={0.path_length})>").format(self)
+
+
 OID_COMMON_NAME = ObjectIdentifier("2.5.4.3")
 OID_COUNTRY_NAME = ObjectIdentifier("2.5.4.6")
 OID_LOCALITY_NAME = ObjectIdentifier("2.5.4.7")