Make verify_for_name a bit more ergonomic; add a smoketest.

Author: briansmith

Cargo.toml

@@ -38,6 +38,7 @@ include = [
     "src/name.rs",
     "src/name/dns_name.rs",
     "src/name/ip_address.rs",
+    "src/name/name.rs",
     "src/name/verify.rs",
     "src/signed_data.rs",
     "src/time.rs",

src/end_entity.rs

@@ -140,8 +140,8 @@ impl<'a> EndEntityCert<'a> {
     }
 
     /// Verifies that the certificate is valid for the given DNS host name.
-    pub fn verify_for_name(&self, name: Name) -> Result<(), Error> {
-        match name {
+    pub fn verify_for_name<'n>(&self, name: impl Into<Name<'n>>) -> Result<(), Error> {
+        match name.into() {
             Name::DnsName(dns_name) => name::verify_cert_dns_name(&self, dns_name),
         }
     }

src/name/name.rs

@@ -21,3 +21,10 @@ pub enum Name<'a> {
     /// A DNS name.
     DnsName(DnsNameRef<'a>),
 }
+
+impl<'a> From<DnsNameRef<'a>> for Name<'a> {
+    #[inline]
+    fn from(name: DnsNameRef<'a>) -> Self {
+        Self::DnsName(name)
+    }
+}

tests/integration.rs

@@ -13,7 +13,9 @@
 // OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 
 use core::convert::TryFrom;
+
 extern crate webpki;
+use webpki::Error;
 
 static ALL_SIGALGS: &[&webpki::SignatureAlgorithm] = &[
     &webpki::ECDSA_P256_SHA256,
@@ -51,6 +53,15 @@ pub fn netflix() {
         Ok(()),
         cert.verify_is_valid_tls_server_cert(ALL_SIGALGS, &anchors, &[inter], time)
     );
+
+    let name = webpki::DnsNameRef::try_from_ascii_str("netflix.com").unwrap();
+    assert_eq!(Ok(()), cert.verify_for_name(name));
+
+    let wrong_name = webpki::DnsNameRef::try_from_ascii_str("netflix.co").unwrap();
+    assert_eq!(
+        Err(Error::CertNotValidForName),
+        cert.verify_for_name(wrong_name)
+    );
 }
 
 #[test]