reorganize a bunch of things related to the x509certificate interface

6 files changed, 104 insertions, 63 deletions

diff --git a/docs/hazmat/primitives/interfaces.rst b/docs/hazmat/primitives/interfaces.rst
index 8e86546d..2dea46d2 100644
--- a/docs/hazmat/primitives/interfaces.rst
+++ b/docs/hazmat/primitives/interfaces.rst
@@ -696,58 +696,6 @@ Key derivation functions
             the provided signature does not match the expected signature.
 
 
-X509
-----
-
-.. class:: X509Certificate
-
-    .. versionadded:: 0.7
-
-    .. attribute:: version
-
-        :type: :class:`~cryptography.x509.X509Version`
-
-        The certificate version as an enumeration.
-
-    .. method:: fingerprint(algorithm)
-
-        :param algorithm: The
-            :class:`~cryptography.hazmat.primitives.interfaces.HashAlgorithm`
-            that will be used to generate the fingerprint.
-
-        :return bytes: The fingerprint using the supplied hash algorithm as
-            bytes.
-
-    .. attribute:: serial
-
-        :type: int
-
-        The serial as a Python integer.
-
-    .. method:: public_key()
-
-        :type:
-            :class:`~cryptography.hazmat.primitives.interfaces.RSAPublicKey` or
-            :class:`~cryptography.hazmat.primitives.interfaces.DSAPublicKey` or
-            :class:`~cryptography.hazmat.primitives.interfaces.EllipticCurvePublicKey`
-
-        The public key associated with the certificate.
-
-    .. attribute:: not_valid_before
-
-        :type: :class:`datetime.datetime`
-
-    A naïve datetime representing the beginning of the validity period for the
-    certificate in UTC. This value is inclusive.
-
-    .. attribute:: not_valid_after
-
-        :type: :class:`datetime.datetime`
-
-    A naïve datetime representing the end of the validity period for the
-    certificate in UTC. This value is inclusive.
-
-
 .. _`RSA`: https://en.wikipedia.org/wiki/RSA_(cryptosystem)
 .. _`Chinese remainder theorem`: https://en.wikipedia.org/wiki/Chinese_remainder_theorem
 .. _`DSA`: https://en.wikipedia.org/wiki/Digital_Signature_Algorithm
diff --git a/docs/index.rst b/docs/index.rst
index e64f567c..35f80a2d 100644
--- a/docs/index.rst
+++ b/docs/index.rst
@@ -62,8 +62,8 @@ The recipes layer
 .. toctree::
     :maxdepth: 2
 
-    x509
     fernet
+    x509
     random-numbers
     exceptions
     faq
diff --git a/docs/x509.rst b/docs/x509.rst
index ba52d91a..ba84f6e7 100644
--- a/docs/x509.rst
+++ b/docs/x509.rst
@@ -9,8 +9,9 @@ X.509 is an ITU-T standard for a `public key infrastructure`_. X.509v3 is
 defined in :rfc:`5280` (which obsoletes :rfc:`2459` and :rfc:`3280`). X.509
 certificates are commonly used in protocols like `TLS`_.
 
-Loading
-~~~~~~~
+
+Loading Certificates
+~~~~~~~~~~~~~~~~~~~~
 
 .. function:: load_pem_x509_certificate(data, backend)
 
@@ -24,8 +25,7 @@ Loading
         :class:`~cryptography.hazmat.backends.interfaces.X509Backend`
         interface.
 
-    :returns: An instance of
-        :class:`~cryptography.hazmat.primitives.interfaces.X509Certificate`.
+    :returns: An instance of :class:`~cryptography.x509.X509Certificate`.
 
 .. function:: load_der_x509_certificate(data, backend)
 
@@ -39,8 +39,7 @@ Loading
         :class:`~cryptography.hazmat.backends.interfaces.X509Backend`
         interface.
 
-    :returns: An instance of
-        :class:`~cryptography.hazmat.primitives.interfaces.X509Certificate`.
+    :returns: An instance of :class:`~cryptography.x509.X509Certificate`.
 
 .. testsetup::
 
@@ -76,6 +75,58 @@ Loading
     >>> cert.serial
     2
 
+Interface
+~~~~~~~~~
+
+.. class:: X509Certificate
+
+    .. versionadded:: 0.7
+
+    .. attribute:: version
+
+        :type: :class:`~cryptography.x509.X509Version`
+
+        The certificate version as an enumeration.
+
+    .. method:: fingerprint(algorithm)
+
+        :param algorithm: The
+            :class:`~cryptography.hazmat.primitives.interfaces.HashAlgorithm`
+            that will be used to generate the fingerprint.
+
+        :return bytes: The fingerprint using the supplied hash algorithm as
+            bytes.
+
+    .. attribute:: serial
+
+        :type: int
+
+        The serial as a Python integer.
+
+    .. method:: public_key()
+
+        :type:
+            :class:`~cryptography.hazmat.primitives.interfaces.RSAPublicKey` or
+            :class:`~cryptography.hazmat.primitives.interfaces.DSAPublicKey` or
+            :class:`~cryptography.hazmat.primitives.interfaces.EllipticCurvePublicKey`
+
+        The public key associated with the certificate.
+
+    .. attribute:: not_valid_before
+
+        :type: :class:`datetime.datetime`
+
+    A naïve datetime representing the beginning of the validity period for the
+    certificate in UTC. This value is inclusive.
+
+    .. attribute:: not_valid_after
+
+        :type: :class:`datetime.datetime`
+
+    A naïve datetime representing the end of the validity period for the
+    certificate in UTC. This value is inclusive.
+
+
 Support Classes
 ~~~~~~~~~~~~~~~
 
diff --git a/src/cryptography/hazmat/backends/openssl/x509.py b/src/cryptography/hazmat/backends/openssl/x509.py
index 532785ac..35313b25 100644
--- a/src/cryptography/hazmat/backends/openssl/x509.py
+++ b/src/cryptography/hazmat/backends/openssl/x509.py
@@ -16,10 +16,10 @@ from __future__ import absolute_import, division, print_function
 import datetime
 
 from cryptography import utils, x509
-from cryptography.hazmat.primitives import hashes, interfaces
+from cryptography.hazmat.primitives import hashes
 
 
-@utils.register_interface(interfaces.X509Certificate)
+@utils.register_interface(x509.X509Certificate)
 class _X509Certificate(object):
     def __init__(self, backend, x509):
         self._backend = backend
diff --git a/src/cryptography/x509.py b/src/cryptography/x509.py
index 191666e6..ed754cbc 100644
--- a/src/cryptography/x509.py
+++ b/src/cryptography/x509.py
@@ -4,8 +4,11 @@
 
 from __future__ import absolute_import, division, print_function
 
+import abc
 from enum import Enum
 
+import six
+
 
 class X509Version(Enum):
     v1 = 0
@@ -22,3 +25,42 @@ def load_der_x509_certificate(data, backend):
 
 class InvalidX509Version(Exception):
     pass
+
+
+@six.add_metaclass(abc.ABCMeta)
+class X509Certificate(object):
+    @abc.abstractmethod
+    def fingerprint(self, algorithm):
+        """
+        Returns bytes using digest passed.
+        """
+
+    @abc.abstractproperty
+    def serial(self):
+        """
+        Returns certificate serial number
+        """
+
+    @abc.abstractproperty
+    def version(self):
+        """
+        Returns the certificate version
+        """
+
+    @abc.abstractmethod
+    def public_key(self):
+        """
+        Returns the public key
+        """
+
+    @abc.abstractproperty
+    def not_valid_before(self):
+        """
+        Not before time (represented as UTC datetime)
+        """
+
+    @abc.abstractproperty
+    def not_valid_after(self):
+        """
+        Not after time (represented as UTC datetime)
+        """
diff --git a/tests/test_x509.py b/tests/test_x509.py
index 4fac1e55..638c7d1b 100644
--- a/tests/test_x509.py
+++ b/tests/test_x509.py
@@ -39,7 +39,7 @@ class TestRSAX509Certificate(object):
             x509.load_pem_x509_certificate,
             backend
         )
-        assert isinstance(cert, interfaces.X509Certificate)
+        assert isinstance(cert, x509.X509Certificate)
 
     def test_load_der_cert(self, backend):
         cert = _load_cert(
@@ -47,7 +47,7 @@ class TestRSAX509Certificate(object):
             x509.load_der_x509_certificate,
             backend
         )
-        assert isinstance(cert, interfaces.X509Certificate)
+        assert isinstance(cert, x509.X509Certificate)
 
     def test_load_good_ca_cert(self, backend):
         cert = _load_cert(