From cc671824ad133df93bbf903ef2d363b54b5835a9 Mon Sep 17 00:00:00 2001
From: Paul Kehrer <paul.l.kehrer@gmail.com>
Date: Sat, 8 Aug 2015 15:41:54 -0500
Subject: address review comments

---
 docs/x509/reference.rst  | 17 +++++++++++------
 src/cryptography/x509.py |  2 +-
 2 files changed, 12 insertions(+), 7 deletions(-)

diff --git a/docs/x509/reference.rst b/docs/x509/reference.rst
index 930c7f9f..d86ebbe8 100644
--- a/docs/x509/reference.rst
+++ b/docs/x509/reference.rst
@@ -1176,14 +1176,19 @@ X.509 Extensions
         ASN.1 bit string. This is the first recommendation in :rfc:`5280`
         section 4.2.1.2.
 
-        :param certificate: The issuing :class:`~cryptography.x509.Certificate`.
+        :param public_key: One of
+            :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicKey`
+            ,
+            :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPublicKey`
+            , or
+            :class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKey`.
 
         .. doctest::
 
             >>> from cryptography import x509
             >>> from cryptography.hazmat.backends import default_backend
-            >>> cert = x509.load_pem_x509_certificate(pem_data, default_backend())
-            >>> x509.AuthorityKeyIdentifier.from_issuer_public_key(cert.public_key())
+            >>> issuer_cert = x509.load_pem_x509_certificate(pem_data, default_backend())
+            >>> x509.AuthorityKeyIdentifier.from_issuer_public_key(issuer_cert.public_key())
             <AuthorityKeyIdentifier(key_identifier='X\x01\x84$\x1b\xbc+R\x94J=\xa5\x10r\x14Q\xf5\xaf:\xc9', authority_cert_issuer=None, authority_cert_serial_number=None)>
 
 .. class:: SubjectKeyIdentifier
@@ -1228,9 +1233,9 @@ X.509 Extensions
 
             >>> from cryptography import x509
             >>> from cryptography.hazmat.backends import default_backend
-            >>> cert = x509.load_pem_x509_certificate(pem_data, default_backend())
-            >>> x509.SubjectKeyIdentifier.from_public_key(cert.public_key())
-            <SubjectKeyIdentifier(digest='X\x01\x84$\x1b\xbc+R\x94J=\xa5\x10r\x14Q\xf5\xaf:\xc9')>
+            >>> csr = x509.load_pem_x509_csr(pem_req_data, default_backend())
+            >>> x509.SubjectKeyIdentifier.from_public_key(csr.public_key())
+            <SubjectKeyIdentifier(digest='\xdb\xaa\xf0\x06\x11\xdbD\xfe\xbf\x93\x03\x8av\x88WP7\xa6\x91\xf7')>
 
 .. class:: SubjectAlternativeName
 
diff --git a/src/cryptography/x509.py b/src/cryptography/x509.py
index 3f306e3a..713e92a2 100644
--- a/src/cryptography/x509.py
+++ b/src/cryptography/x509.py
@@ -41,10 +41,10 @@ def _key_identifier_from_public_key(public_key):
     spki, remaining = decoder.decode(
         serialized, asn1Spec=_SubjectPublicKeyInfo()
     )
+    assert not remaining
     # the univ.BitString object is a tuple of bits. We need bytes and
     # pyasn1 really doesn't want to give them to us. To get it we'll
     # build an integer and convert that to bytes.
-    assert not remaining
     bits = 0
     for bit in spki.getComponentByName("subjectPublicKey"):
         bits = bits << 1 | bit
-- 
cgit v1.2.3