Make the constraint service public

This commit is contained in:
Mariano Cano 2022-09-20 11:36:45 -07:00
parent 7bea2f4d0e
commit 45e594f98c
2 changed files with 10 additions and 8 deletions

View file

@ -22,7 +22,9 @@ func (e ConstraintError) Error() string {
return e.Detail
}
type service struct {
// Service implements a constraint validator for DNS names, IP addresses, Email
// addresses and URIs.
type Service struct {
hasNameConstraints bool
permittedDNSDomains []string
excludedDNSDomains []string
@ -36,8 +38,8 @@ type service struct {
// New creates a constraint validation service that contains the given chain of
// certificates.
func New(chain ...*x509.Certificate) *service {
s := new(service)
func New(chain ...*x509.Certificate) *Service {
s := new(Service)
for _, crt := range chain {
s.permittedDNSDomains = append(s.permittedDNSDomains, crt.PermittedDNSDomains...)
s.excludedDNSDomains = append(s.excludedDNSDomains, crt.ExcludedDNSDomains...)
@ -62,7 +64,7 @@ func New(chain ...*x509.Certificate) *service {
// Validate checks the given names with the name constraints defined in the
// service.
func (s *service) Validate(dnsNames []string, ipAddresses []net.IP, emailAddresses []string, uris []*url.URL) error {
func (s *Service) Validate(dnsNames []string, ipAddresses []net.IP, emailAddresses []string, uris []*url.URL) error {
if !s.hasNameConstraints {
return nil
}

View file

@ -47,12 +47,12 @@ func TestNew(t *testing.T) {
tests := []struct {
name string
args args
want *service
want *Service
}{
{"ok", args{[]*x509.Certificate{ca1.Intermediate, ca1.Root}}, &service{
{"ok", args{[]*x509.Certificate{ca1.Intermediate, ca1.Root}}, &Service{
hasNameConstraints: false,
}},
{"ok with constraints", args{[]*x509.Certificate{ca2.Intermediate, ca2.Root}}, &service{
{"ok with constraints", args{[]*x509.Certificate{ca2.Intermediate, ca2.Root}}, &Service{
hasNameConstraints: true,
permittedDNSDomains: []string{"internal.example.org"},
excludedDNSDomains: []string{"internal.example.com"},
@ -205,7 +205,7 @@ func Test_service_Validate(t *testing.T) {
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
s := &service{
s := &Service{
hasNameConstraints: tt.fields.hasNameConstraints,
permittedDNSDomains: tt.fields.permittedDNSDomains,
excludedDNSDomains: tt.fields.excludedDNSDomains,