Skip to content

Commit

Permalink
Remove low-value abstraction layer
Browse files Browse the repository at this point in the history
  • Loading branch information
djc committed Sep 24, 2023
1 parent 53cba8c commit 8fef816
Show file tree
Hide file tree
Showing 2 changed files with 8 additions and 28 deletions.
32 changes: 6 additions & 26 deletions src/subject_name/dns_name.rs
Original file line number Diff line number Diff line change
Expand Up @@ -99,7 +99,7 @@ impl<'a> DnsNameRef<'a> {
_ => return None,
};

match presented_id_matches_reference_id(presented_id, dns_name) {
match presented_id_matches_reference_id(presented_id, IdRole::Reference, dns_name) {
Ok(true) => Some(Ok(())),
Ok(false) | Err(Error::MalformedDnsIdentifier) => None,
Err(e) => Some(Err(e)),
Expand Down Expand Up @@ -205,28 +205,6 @@ impl core::fmt::Display for InvalidDnsNameError {
#[cfg(feature = "std")]
impl ::std::error::Error for InvalidDnsNameError {}

fn presented_id_matches_reference_id(
presented_dns_id: untrusted::Input,
reference_dns_id: untrusted::Input,
) -> Result<bool, Error> {
presented_id_matches_reference_id_internal(
presented_dns_id,
IdRole::Reference,
reference_dns_id,
)
}

pub(super) fn presented_id_matches_constraint(
presented_dns_id: untrusted::Input,
reference_dns_id: untrusted::Input,
) -> Result<bool, Error> {
presented_id_matches_reference_id_internal(
presented_dns_id,
IdRole::NameConstraint,
reference_dns_id,
)
}

// We assume that both presented_dns_id and reference_dns_id are encoded in
// such a way that US-ASCII (7-bit) characters are encoded in one byte and no
// encoding of a non-US-ASCII character contains a code point in the range
Expand Down Expand Up @@ -343,7 +321,7 @@ pub(super) fn presented_id_matches_constraint(
// [4] Feedback on the lack of clarify in the definition that never got
// incorporated into the spec:
// https://www.ietf.org/mail-archive/web/pkix/current/msg21192.html
fn presented_id_matches_reference_id_internal(
pub(super) fn presented_id_matches_reference_id(
presented_dns_id: untrusted::Input,
reference_dns_id_role: IdRole,
reference_dns_id: untrusted::Input,
Expand Down Expand Up @@ -489,7 +467,7 @@ enum Wildcards {
}

#[derive(Clone, Copy, PartialEq)]
enum IdRole {
pub(super) enum IdRole {
Reference,
Presented,
NameConstraint,
Expand Down Expand Up @@ -1000,6 +978,7 @@ mod tests {
for &(presented, reference, expected_result) in PRESENTED_MATCHES_REFERENCE {
let actual_result = presented_id_matches_reference_id(
untrusted::Input::from(presented),
IdRole::Reference,
untrusted::Input::from(reference),
);
assert_eq!(
Expand Down Expand Up @@ -1074,8 +1053,9 @@ mod tests {
#[test]
fn presented_matches_constraint_test() {
for &(presented, constraint, expected_result) in PRESENTED_MATCHES_CONSTRAINT {
let actual_result = presented_id_matches_constraint(
let actual_result = presented_id_matches_reference_id(
untrusted::Input::from(presented),
IdRole::NameConstraint,
untrusted::Input::from(constraint),
);
assert_eq!(
Expand Down
4 changes: 2 additions & 2 deletions src/subject_name/verify.rs
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@
// ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
// OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.

use super::dns_name;
use super::dns_name::{self, IdRole};
use super::ip_address;
use crate::der::{self, FromDer};
use crate::error::{DerTypeId, Error};
Expand Down Expand Up @@ -108,7 +108,7 @@ fn check_presented_id_conforms_to_constraints(

let matches = match (name, base) {
(GeneralName::DnsName(name), GeneralName::DnsName(base)) => {
dns_name::presented_id_matches_constraint(name, base)
dns_name::presented_id_matches_reference_id(name, IdRole::NameConstraint, base)
}

(GeneralName::DirectoryName(_), GeneralName::DirectoryName(_)) => Ok(
Expand Down

0 comments on commit 8fef816

Please sign in to comment.