Lines Matching refs:constraint
30 // certificate has a name constraint which doesn't permit a DNS or
33 // TooManyIntermediates results when a path length constraint is
81 return "x509: too many intermediates for path length constraint"
183 // constraint down the chain which mirrors Windows CryptoAPI behavior,
384 func matchEmailConstraint(mailbox rfc2821Mailbox, constraint string) (bool, error) {
385 // If the constraint contains an @, then it specifies an exact mailbox
387 if strings.Contains(constraint, "@") {
388 constraintMailbox, ok := parseRFC2821Mailbox(constraint)
390 return false, fmt.Errorf("x509: internal error: cannot parse constraint %q", constraint)
395 // Otherwise the constraint is like a DNS constraint of the domain part
397 return matchDomainConstraint(mailbox.domain, constraint)
400 func matchURIConstraint(uri *url.URL, constraint string) (bool, error) {
427 return matchDomainConstraint(host, constraint)
430 func matchIPConstraint(ip net.IP, constraint *net.IPNet) (bool, error) {
431 if len(ip) != len(constraint.IP) {
436 if mask := constraint.Mask[i]; ip[i]&mask != constraint.IP[i]&mask {
444 func matchDomainConstraint(domain, constraint string) (bool, error) {
447 if len(constraint) == 0 {
462 if constraint[0] == '.' {
464 constraint = constraint[1:]
467 constraintLabels, ok := domainToReverseLabels(constraint)
469 return false, fmt.Errorf("x509: internal error: cannot parse domain %q", constraint)
496 match func(parsedName, constraint interface{}) (match bool, err error),
507 constraint := excludedValue.Index(i).Interface()
508 match, err := match(parsedName, constraint)
514 return CertificateInvalidError{c, CANotAuthorizedForThisName, fmt.Sprintf("%s %q is excluded by constraint %q", nameType, name, constraint)}
527 constraint := permittedValue.Index(i).Interface()
530 if ok, err = match(parsedName, constraint); err != nil {
540 return CertificateInvalidError{c, CANotAuthorizedForThisName, fmt.Sprintf("%s %q is not permitted by any constraint", nameType, name)}
638 func(parsedName, constraint interface{}) (bool, error) {
639 return matchEmailConstraint(parsedName.(rfc2821Mailbox), constraint.(string))
647 func(parsedName, constraint interface{}) (bool, error) {
648 return matchDomainConstraint(parsedName.(string), constraint.(string))
661 func(parsedName, constraint interface{}) (bool, error) {
662 return matchURIConstraint(parsedName.(*url.URL), constraint.(string))
674 func(parsedName, constraint interface{}) (bool, error) {
675 return matchIPConstraint(parsedName.(net.IP), constraint.(*net.IPNet))
