From 61ff35662049f02da8d2c0f54ef6e84f97c14b1a Mon Sep 17 00:00:00 2001
From: Paul Kehrer <paul.l.kehrer@gmail.com>
Date: Fri, 11 Mar 2016 22:51:27 -0400
Subject: Add AuthorityKeyIdentifier.from_issuer_subject_key_identifier

---
 docs/x509/reference.rst | 26 ++++++++++++++++++++++++++
 1 file changed, 26 insertions(+)

(limited to 'docs/x509/reference.rst')

diff --git a/docs/x509/reference.rst b/docs/x509/reference.rst
index 67427ddb..1e8aebad 100644
--- a/docs/x509/reference.rst
+++ b/docs/x509/reference.rst
@@ -1568,6 +1568,32 @@ X.509 Extensions
             >>> x509.AuthorityKeyIdentifier.from_issuer_public_key(issuer_cert.public_key())
             <AuthorityKeyIdentifier(key_identifier='X\x01\x84$\x1b\xbc+R\x94J=\xa5\x10r\x14Q\xf5\xaf:\xc9', authority_cert_issuer=None, authority_cert_serial_number=None)>
 
+    .. classmethod:: from_issuer_subject_key_identifier(ski)
+
+        .. versionadded:: 1.3
+
+        Creates a new AuthorityKeyIdentifier instance using the
+        SubjectKeyIdentifier from the issuer certificate. The resulting object
+        will contain
+        :attr:`~cryptography.x509.AuthorityKeyIdentifier.key_identifier`, but
+        :attr:`~cryptography.x509.AuthorityKeyIdentifier.authority_cert_issuer`
+        and
+        :attr:`~cryptography.x509.AuthorityKeyIdentifier.authority_cert_serial_number`
+        will be None.
+
+        :param ski: The
+            :class:`~cryptography.x509.SubjectKeyIdentifier` from the issuer
+            certificate.
+
+        .. doctest::
+
+            >>> from cryptography import x509
+            >>> from cryptography.hazmat.backends import default_backend
+            >>> issuer_cert = x509.load_pem_x509_certificate(pem_data, default_backend())
+            >>> ski = issuer_cert.extensions.get_extension_for_class(x509.SubjectKeyIdentifier)
+            >>> x509.AuthorityKeyIdentifier.from_issuer_subject_key_identifier(ski)
+            <AuthorityKeyIdentifier(key_identifier='X\x01\x84$\x1b\xbc+R\x94J=\xa5\x10r\x14Q\xf5\xaf:\xc9', authority_cert_issuer=None, authority_cert_serial_number=None)>
+
 .. class:: SubjectKeyIdentifier(digest)
 
     .. versionadded:: 0.9
-- 
cgit v1.2.3


From 2d8e574e9dd1510783f12b7632b05622a16e82ef Mon Sep 17 00:00:00 2001
From: Paul Kehrer <paul.l.kehrer@gmail.com>
Date: Sat, 12 Mar 2016 09:27:55 -0400
Subject: add some notes about when to use these classmethods

---
 docs/x509/reference.rst | 12 ++++++++++++
 1 file changed, 12 insertions(+)

(limited to 'docs/x509/reference.rst')

diff --git a/docs/x509/reference.rst b/docs/x509/reference.rst
index 1e8aebad..399d693a 100644
--- a/docs/x509/reference.rst
+++ b/docs/x509/reference.rst
@@ -1541,6 +1541,13 @@ X.509 Extensions
 
         .. versionadded:: 1.0
 
+        .. note::
+
+            This method should be used if the issuer certificate does not
+            contain a :class:`~cryptography.x509.SubjectKeyIdentifier`.
+            Otherwise, use
+            :meth:`~cryptography.x509.AuthorityKeyIdentifier.from_issuer_subject_key_identifier`.
+
         Creates a new AuthorityKeyIdentifier instance using the public key
         provided to generate the appropriate digest. This should be the
         **issuer's public key**. The resulting object will contain
@@ -1572,6 +1579,11 @@ X.509 Extensions
 
         .. versionadded:: 1.3
 
+        .. note::
+            This method should be used if the issuer certificate contains a
+            :class:`~cryptography.x509.SubjectKeyIdentifier`.  Otherwise, use
+            :meth:`~cryptography.x509.AuthorityKeyIdentifier.from_issuer_public_key`.
+
         Creates a new AuthorityKeyIdentifier instance using the
         SubjectKeyIdentifier from the issuer certificate. The resulting object
         will contain
-- 
cgit v1.2.3