Migrate more types #9254
Migrate more types #9254
Conversation
Signed-off-by: William Woodruff <[email protected]>
Cleans up the types a bit; patterns are now their own type, simplifying our matching logic. Signed-off-by: William Woodruff <[email protected]>
Signed-off-by: William Woodruff <[email protected]>
Signed-off-by: William Woodruff <[email protected]>
| pub fn new(pat: &str) -> Option<Self> { | ||
| if let Some(pat) = pat.strip_prefix("*.") { | ||
| DNSName::new(pat).map(Self::Wildcard) | ||
| } else { | ||
| DNSName::new(pat).map(Self::Exact) | ||
| } | ||
| } |
There was a problem hiding this comment.
It should probably be an error to have a wildcard in any other position, right?
There was a problem hiding this comment.
Yep, and it is -- DNSName::new(...) will return None if there are any wildcards present (since they aren't valid domain characters).
e.g., in tests below:
assert_eq!(DNSPattern::new("f*o.example.com"), None);
assert_eq!(DNSPattern::new("*oo.example.com"), None);
assert_eq!(DNSPattern::new("fo*.example.com"), None);
assert_eq!(DNSPattern::new("foo.*.example.com"), None);
assert_eq!(DNSPattern::new("*.foo.*.example.com"), None);
Signed-off-by: William Woodruff <[email protected]>
Signed-off-by: William Woodruff <[email protected]>
Signed-off-by: William Woodruff <[email protected]>
Signed-off-by: William Woodruff <[email protected]>
|
CI failing here, FYI |
Signed-off-by: William Woodruff <[email protected]>
|
Oh. I think maybe this code should live in the new x509-validation crate? |
Yeah, I think you're right. I can turn this PR into a breakout of a skeleton for the crate + this changeset. Or I can do the skeleton separately, if you'd like to keep things small. |
Co-authored-by: Alex Gaynor <[email protected]>
Signed-off-by: William Woodruff <[email protected]>
|
aa78be8 adds the |
Signed-off-by: William Woodruff <[email protected]>
This moves additional types from
cryptography_x509_validation. In particular:IA5Stringis an invariant-preservingStringwrapper (the inner string must be ASCII only).DNSNameis an invariant preservingIA5Stringwrapper (the inner value must look like a domain name, and is normalized as lowercase before being stored).DNSPatternis an invariant preservingDNSNamewrapper (giving us the ability to both exact and RFC 6125-style wildcard matches).These types roughly mirror some of the Python APIs (service IDs,
CertificatePattern) in functionality; my thinking here is that those APIs could be replaced with bindings to these once they're rounded out more (e.g. IP address and other types) if desired.See #8873.