From 8fef81627073792fa8dfe055d1fb08c7d28a1f85 Mon Sep 17 00:00:00 2001 From: Dirkjan Ochtman Date: Sun, 24 Sep 2023 23:11:42 +0200 Subject: [PATCH] Remove low-value abstraction layer --- src/subject_name/dns_name.rs | 32 ++++++-------------------------- src/subject_name/verify.rs | 4 ++-- 2 files changed, 8 insertions(+), 28 deletions(-) diff --git a/src/subject_name/dns_name.rs b/src/subject_name/dns_name.rs index 8e0c5ed8..4b57f956 100644 --- a/src/subject_name/dns_name.rs +++ b/src/subject_name/dns_name.rs @@ -99,7 +99,7 @@ impl<'a> DnsNameRef<'a> { _ => return None, }; - match presented_id_matches_reference_id(presented_id, dns_name) { + match presented_id_matches_reference_id(presented_id, IdRole::Reference, dns_name) { Ok(true) => Some(Ok(())), Ok(false) | Err(Error::MalformedDnsIdentifier) => None, Err(e) => Some(Err(e)), @@ -205,28 +205,6 @@ impl core::fmt::Display for InvalidDnsNameError { #[cfg(feature = "std")] impl ::std::error::Error for InvalidDnsNameError {} -fn presented_id_matches_reference_id( - presented_dns_id: untrusted::Input, - reference_dns_id: untrusted::Input, -) -> Result { - presented_id_matches_reference_id_internal( - presented_dns_id, - IdRole::Reference, - reference_dns_id, - ) -} - -pub(super) fn presented_id_matches_constraint( - presented_dns_id: untrusted::Input, - reference_dns_id: untrusted::Input, -) -> Result { - presented_id_matches_reference_id_internal( - presented_dns_id, - IdRole::NameConstraint, - reference_dns_id, - ) -} - // We assume that both presented_dns_id and reference_dns_id are encoded in // such a way that US-ASCII (7-bit) characters are encoded in one byte and no // encoding of a non-US-ASCII character contains a code point in the range @@ -343,7 +321,7 @@ pub(super) fn presented_id_matches_constraint( // [4] Feedback on the lack of clarify in the definition that never got // incorporated into the spec: // https://www.ietf.org/mail-archive/web/pkix/current/msg21192.html -fn presented_id_matches_reference_id_internal( +pub(super) fn presented_id_matches_reference_id( presented_dns_id: untrusted::Input, reference_dns_id_role: IdRole, reference_dns_id: untrusted::Input, @@ -489,7 +467,7 @@ enum Wildcards { } #[derive(Clone, Copy, PartialEq)] -enum IdRole { +pub(super) enum IdRole { Reference, Presented, NameConstraint, @@ -1000,6 +978,7 @@ mod tests { for &(presented, reference, expected_result) in PRESENTED_MATCHES_REFERENCE { let actual_result = presented_id_matches_reference_id( untrusted::Input::from(presented), + IdRole::Reference, untrusted::Input::from(reference), ); assert_eq!( @@ -1074,8 +1053,9 @@ mod tests { #[test] fn presented_matches_constraint_test() { for &(presented, constraint, expected_result) in PRESENTED_MATCHES_CONSTRAINT { - let actual_result = presented_id_matches_constraint( + let actual_result = presented_id_matches_reference_id( untrusted::Input::from(presented), + IdRole::NameConstraint, untrusted::Input::from(constraint), ); assert_eq!( diff --git a/src/subject_name/verify.rs b/src/subject_name/verify.rs index de8342d8..65c0d794 100644 --- a/src/subject_name/verify.rs +++ b/src/subject_name/verify.rs @@ -12,7 +12,7 @@ // ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF // OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -use super::dns_name; +use super::dns_name::{self, IdRole}; use super::ip_address; use crate::der::{self, FromDer}; use crate::error::{DerTypeId, Error}; @@ -108,7 +108,7 @@ fn check_presented_id_conforms_to_constraints( let matches = match (name, base) { (GeneralName::DnsName(name), GeneralName::DnsName(base)) => { - dns_name::presented_id_matches_constraint(name, base) + dns_name::presented_id_matches_reference_id(name, IdRole::NameConstraint, base) } (GeneralName::DirectoryName(_), GeneralName::DirectoryName(_)) => Ok(