forked from TrueCloudLab/certificates
Make the constraint service public
This commit is contained in:
parent
7bea2f4d0e
commit
45e594f98c
2 changed files with 10 additions and 8 deletions
|
@ -22,7 +22,9 @@ func (e ConstraintError) Error() string {
|
|||
return e.Detail
|
||||
}
|
||||
|
||||
type service struct {
|
||||
// Service implements a constraint validator for DNS names, IP addresses, Email
|
||||
// addresses and URIs.
|
||||
type Service struct {
|
||||
hasNameConstraints bool
|
||||
permittedDNSDomains []string
|
||||
excludedDNSDomains []string
|
||||
|
@ -36,8 +38,8 @@ type service struct {
|
|||
|
||||
// New creates a constraint validation service that contains the given chain of
|
||||
// certificates.
|
||||
func New(chain ...*x509.Certificate) *service {
|
||||
s := new(service)
|
||||
func New(chain ...*x509.Certificate) *Service {
|
||||
s := new(Service)
|
||||
for _, crt := range chain {
|
||||
s.permittedDNSDomains = append(s.permittedDNSDomains, crt.PermittedDNSDomains...)
|
||||
s.excludedDNSDomains = append(s.excludedDNSDomains, crt.ExcludedDNSDomains...)
|
||||
|
@ -62,7 +64,7 @@ func New(chain ...*x509.Certificate) *service {
|
|||
|
||||
// Validate checks the given names with the name constraints defined in the
|
||||
// service.
|
||||
func (s *service) Validate(dnsNames []string, ipAddresses []net.IP, emailAddresses []string, uris []*url.URL) error {
|
||||
func (s *Service) Validate(dnsNames []string, ipAddresses []net.IP, emailAddresses []string, uris []*url.URL) error {
|
||||
if !s.hasNameConstraints {
|
||||
return nil
|
||||
}
|
||||
|
|
|
@ -47,12 +47,12 @@ func TestNew(t *testing.T) {
|
|||
tests := []struct {
|
||||
name string
|
||||
args args
|
||||
want *service
|
||||
want *Service
|
||||
}{
|
||||
{"ok", args{[]*x509.Certificate{ca1.Intermediate, ca1.Root}}, &service{
|
||||
{"ok", args{[]*x509.Certificate{ca1.Intermediate, ca1.Root}}, &Service{
|
||||
hasNameConstraints: false,
|
||||
}},
|
||||
{"ok with constraints", args{[]*x509.Certificate{ca2.Intermediate, ca2.Root}}, &service{
|
||||
{"ok with constraints", args{[]*x509.Certificate{ca2.Intermediate, ca2.Root}}, &Service{
|
||||
hasNameConstraints: true,
|
||||
permittedDNSDomains: []string{"internal.example.org"},
|
||||
excludedDNSDomains: []string{"internal.example.com"},
|
||||
|
@ -205,7 +205,7 @@ func Test_service_Validate(t *testing.T) {
|
|||
}
|
||||
for _, tt := range tests {
|
||||
t.Run(tt.name, func(t *testing.T) {
|
||||
s := &service{
|
||||
s := &Service{
|
||||
hasNameConstraints: tt.fields.hasNameConstraints,
|
||||
permittedDNSDomains: tt.fields.permittedDNSDomains,
|
||||
excludedDNSDomains: tt.fields.excludedDNSDomains,
|
||||
|
|
Loading…
Reference in a new issue