Skip to content

Commit

Permalink
Make verify_for_name a bit more ergonomic; add a smoketest.
Browse files Browse the repository at this point in the history
  • Loading branch information
briansmith committed Apr 22, 2021
1 parent 4a2a921 commit 222f499
Show file tree
Hide file tree
Showing 4 changed files with 21 additions and 2 deletions.
1 change: 1 addition & 0 deletions Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,7 @@ include = [
"src/name.rs",
"src/name/dns_name.rs",
"src/name/ip_address.rs",
"src/name/name.rs",
"src/name/verify.rs",
"src/signed_data.rs",
"src/time.rs",
Expand Down
4 changes: 2 additions & 2 deletions src/end_entity.rs
Original file line number Diff line number Diff line change
Expand Up @@ -140,8 +140,8 @@ impl<'a> EndEntityCert<'a> {
}

/// Verifies that the certificate is valid for the given DNS host name.
pub fn verify_for_name(&self, name: Name) -> Result<(), Error> {
match name {
pub fn verify_for_name<'n>(&self, name: impl Into<Name<'n>>) -> Result<(), Error> {
match name.into() {
Name::DnsName(dns_name) => name::verify_cert_dns_name(&self, dns_name),
}
}
Expand Down
7 changes: 7 additions & 0 deletions src/name/name.rs
Original file line number Diff line number Diff line change
Expand Up @@ -21,3 +21,10 @@ pub enum Name<'a> {
/// A DNS name.
DnsName(DnsNameRef<'a>),
}

impl<'a> From<DnsNameRef<'a>> for Name<'a> {
#[inline]
fn from(name: DnsNameRef<'a>) -> Self {
Self::DnsName(name)
}
}
11 changes: 11 additions & 0 deletions tests/integration.rs
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,9 @@
// OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.

use core::convert::TryFrom;

extern crate webpki;
use webpki::Error;

static ALL_SIGALGS: &[&webpki::SignatureAlgorithm] = &[
&webpki::ECDSA_P256_SHA256,
Expand Down Expand Up @@ -51,6 +53,15 @@ pub fn netflix() {
Ok(()),
cert.verify_is_valid_tls_server_cert(ALL_SIGALGS, &anchors, &[inter], time)
);

let name = webpki::DnsNameRef::try_from_ascii_str("netflix.com").unwrap();
assert_eq!(Ok(()), cert.verify_for_name(name));

let wrong_name = webpki::DnsNameRef::try_from_ascii_str("netflix.co").unwrap();
assert_eq!(
Err(Error::CertNotValidForName),
cert.verify_for_name(wrong_name)
);
}

#[test]
Expand Down

0 comments on commit 222f499

Please sign in to comment.