end_entity: make dns_names infallible

cpu · cpu · commit cd7bbfdcdaca · 2023-09-18T11:08:55.000-04:00
The purpose of the `dns_names` helper on an `EndEntityCert` is to
provide users the opportunity to get information on the dNSName SAN
values in a certificate for **non-validation** purposes. Checking that
a certificate is valid for a particular name should always be done with
`verify_is_valid_for_at_least_one_dns_name`.

With that use-case in mind, we can make the `dns_names` helper easier
for consumers to use by filtering out invalid general names, returning
an `Iterator&lt;Item = &amp;'a str&gt;` unconditionally, instead of
a `Result`. This better matches the updated name validation semantics
where we ignore `MalformedDnsIdentifier` errors to continue to try to
find a valid name to validate against.
diff --git a/src/end_entity.rs b/src/end_entity.rs
@@ -154,7 +154,7 @@ impl<'a> EndEntityCert<'a> {
     /// Checking that a certificate is valid for a given subject name should always be done with
     /// [EndEntityCert::verify_is_valid_for_subject_name].
     #[cfg(feature = "alloc")]
-    pub fn dns_names(&'a self) -> Result<impl Iterator<Item = &'a str>, Error> {
+    pub fn dns_names(&'a self) -> impl Iterator<Item = &'a str> {
         subject_name::list_cert_dns_names(self)
     }
 }
@@ -212,9 +212,7 @@ mod tests {
         let cert =
             EndEntityCert::try_from(der).expect("should parse end entity certificate correctly");
 
-        let mut names = cert
-            .dns_names()
-            .expect("should get all DNS names correctly for end entity cert");
+        let mut names = cert.dns_names();
         assert_eq!(names.next().map(<&str>::from), Some(name));
         assert_eq!(names.next().map(<&str>::from), None);
     }
diff --git a/src/subject_name/verify.rs b/src/subject_name/verify.rs
@@ -320,42 +320,36 @@ impl<'a> Iterator for NameIterator<'a> {
 #[cfg(feature = "alloc")]
 pub(crate) fn list_cert_dns_names<'names>(
     cert: &'names crate::EndEntityCert<'names>,
-) -> Result<impl Iterator<Item = &'names str>, Error> {
+) -> impl Iterator<Item = &'names str> {
     let cert = &cert.inner();
     let mut names = Vec::new();
 
-    let result =
-        NameIterator::new(Some(cert.subject), cert.subject_alt_name).find_map(&mut |result| {
-            let name = match result {
-                Ok(name) => name,
-                Err(err) => return Some(err),
-            };
+    NameIterator::new(Some(cert.subject), cert.subject_alt_name).for_each(|result| {
+        let name = match result {
+            Ok(name) => name,
+            Err(_) => return,
+        };
 
-            let presented_id = match name {
-                GeneralName::DnsName(presented) => presented,
-                _ => return None,
-            };
+        let presented_id = match name {
+            GeneralName::DnsName(presented) => presented,
+            _ => return,
+        };
 
-            let dns_name = DnsNameRef::try_from_ascii(presented_id.as_slice_less_safe())
-                .map(GeneralDnsNameRef::DnsName)
-                .or_else(|_| {
-                    WildcardDnsNameRef::try_from_ascii(presented_id.as_slice_less_safe())
-                        .map(GeneralDnsNameRef::Wildcard)
-                });
-
-            // if the name could be converted to a DNS name, add it; otherwise,
-            // keep going.
-            if let Ok(name) = dns_name {
-                names.push(name.into())
-            }
+        let dns_name = DnsNameRef::try_from_ascii(presented_id.as_slice_less_safe())
+            .map(GeneralDnsNameRef::DnsName)
+            .or_else(|_| {
+                WildcardDnsNameRef::try_from_ascii(presented_id.as_slice_less_safe())
+                    .map(GeneralDnsNameRef::Wildcard)
+            });
 
-            None
-        });
+        // if the name could be converted to a DNS name, add it; otherwise,
+        // keep going.
+        if let Ok(name) = dns_name {
+            names.push(name.into())
+        }
+    });
 
-    match result {
-        Some(err) => Err(err),
-        _ => Ok(names.into_iter()),
-    }
+    names.into_iter()
 }
 
 // It is *not* valid to derive `Eq`, `PartialEq, etc. for this type. In
diff --git a/tests/integration.rs b/tests/integration.rs
@@ -340,5 +340,5 @@ fn expect_cert_dns_names<'name>(
     let cert = webpki::EndEntityCert::try_from(&der)
         .expect("should parse end entity certificate correctly");
 
-    assert!(cert.dns_names().unwrap().eq(expected_names))
+    assert!(cert.dns_names().eq(expected_names))
 }

Original file line number	Diff line number	Diff line change
`@@ -154,7 +154,7 @@ impl<'a> EndEntityCert<'a> {`
`154`	`154`	`/// Checking that a certificate is valid for a given subject name should always be done with`
`155`	`155`	`/// [EndEntityCert::verify_is_valid_for_subject_name].`
`156`	`156`	`#[cfg(feature = "alloc")]`
`157`		`- pub fn dns_names(&'a self) -> Result<impl Iterator<Item = &'a str>, Error> {`
	`157`	`+ pub fn dns_names(&'a self) -> impl Iterator<Item = &'a str> {`
`158`	`158`	`subject_name::list_cert_dns_names(self)`
`159`	`159`	`}`
`160`	`160`	`}`
`@@ -212,9 +212,7 @@ mod tests {`
`212`	`212`	`let cert =`
`213`	`213`	`EndEntityCert::try_from(der).expect("should parse end entity certificate correctly");`
`214`	`214`
`215`		`- let mut names = cert`
`216`		`- .dns_names()`
`217`		`- .expect("should get all DNS names correctly for end entity cert");`
	`215`	`+ let mut names = cert.dns_names();`
`218`	`216`	`assert_eq!(names.next().map(<&str>::from), Some(name));`
`219`	`217`	`assert_eq!(names.next().map(<&str>::from), None);`
`220`	`218`	`}`
Original file line number	Diff line number	Diff line change
`@@ -340,5 +340,5 @@ fn expect_cert_dns_names<'name>(`
`340`	`340`	`let cert = webpki::EndEntityCert::try_from(&der)`
`341`	`341`	`.expect("should parse end entity certificate correctly");`
`342`	`342`
`343`		`- assert!(cert.dns_names().unwrap().eq(expected_names))`
	`343`	`+ assert!(cert.dns_names().eq(expected_names))`
`344`	`344`	`}`