Rename internal names to conform to Rust conventions.

src/cert.rs

@@ -14,13 +14,13 @@
 
 use crate::{der, signed_data, Error};
 
-pub enum EndEntityOrCA<'a> {
+pub enum EndEntityOrCa<'a> {
     EndEntity,
-    CA(&'a Cert<'a>),
+    Ca(&'a Cert<'a>),
 }
 
 pub struct Cert<'a> {
-    pub ee_or_ca: EndEntityOrCA<'a>,
+    pub ee_or_ca: EndEntityOrCa<'a>,
 
     pub signed_data: signed_data::SignedData<'a>,
     pub issuer: untrusted::Input<'a>,
@@ -36,7 +36,7 @@ pub struct Cert<'a> {
 
 pub fn parse_cert<'a>(
     cert_der: untrusted::Input<'a>,
-    ee_or_ca: EndEntityOrCA<'a>,
+    ee_or_ca: EndEntityOrCa<'a>,
 ) -> Result<Cert<'a>, Error> {
     parse_cert_internal(cert_der, ee_or_ca, certificate_serial_number)
 }
@@ -46,7 +46,7 @@ pub fn parse_cert<'a>(
 /// certificates.
 pub(crate) fn parse_cert_internal<'a>(
     cert_der: untrusted::Input<'a>,
-    ee_or_ca: EndEntityOrCA<'a>,
+    ee_or_ca: EndEntityOrCa<'a>,
     serial_number: fn(input: &mut untrusted::Reader<'_>) -> Result<(), Error>,
 ) -> Result<Cert<'a>, Error> {
     let (tbs, signed_data) = cert_der.read_all(Error::BadDer, |cert_der| {

src/end_entity.rs

@@ -68,7 +68,7 @@ impl<'a> core::convert::TryFrom<&'a [u8]> for EndEntityCert<'a> {
         Ok(Self {
             inner: cert::parse_cert(
                 untrusted::Input::from(cert_der),
-                cert::EndEntityOrCA::EndEntity,
+                cert::EndEntityOrCa::EndEntity,
             )?,
         })
     }

src/name/dns_name.rs

@@ -153,7 +153,7 @@ pub(super) fn presented_id_matches_reference_id(
 ) -> Option<bool> {
     presented_id_matches_reference_id_internal(
         presented_dns_id,
-        IDRole::ReferenceID,
+        IdRole::Reference,
         reference_dns_id,
     )
 }
@@ -164,7 +164,7 @@ pub(super) fn presented_id_matches_constraint(
 ) -> Option<bool> {
     presented_id_matches_reference_id_internal(
         presented_dns_id,
-        IDRole::NameConstraint,
+        IdRole::NameConstraint,
         reference_dns_id,
     )
 }
@@ -291,10 +291,10 @@ pub(super) fn presented_id_matches_constraint(
 //     https://www.ietf.org/mail-archive/web/pkix/current/msg21192.html
 fn presented_id_matches_reference_id_internal(
     presented_dns_id: untrusted::Input,
-    reference_dns_id_role: IDRole,
+    reference_dns_id_role: IdRole,
     reference_dns_id: untrusted::Input,
 ) -> Option<bool> {
-    if !is_valid_dns_id(presented_dns_id, IDRole::PresentedID, AllowWildcards::Yes) {
+    if !is_valid_dns_id(presented_dns_id, IdRole::Presented, AllowWildcards::Yes) {
         return None;
     }
 
@@ -306,9 +306,9 @@ fn presented_id_matches_reference_id_internal(
     let mut reference = untrusted::Reader::new(reference_dns_id);
 
     match reference_dns_id_role {
-        IDRole::ReferenceID => (),
+        IdRole::Reference => (),
 
-        IDRole::NameConstraint if presented_dns_id.len() > reference_dns_id.len() => {
+        IdRole::NameConstraint if presented_dns_id.len() > reference_dns_id.len() => {
             if reference_dns_id.is_empty() {
                 // An empty constraint matches everything.
                 return Some(true);
@@ -357,9 +357,9 @@ fn presented_id_matches_reference_id_internal(
             }
         }
 
-        IDRole::NameConstraint => (),
+        IdRole::NameConstraint => (),
 
-        IDRole::PresentedID => unreachable!(),
+        IdRole::Presented => unreachable!(),
     }
 
     // Only allow wildcard labels that consist only of '*'.
@@ -398,7 +398,7 @@ fn presented_id_matches_reference_id_internal(
     // Allow a relative presented DNS ID to match an absolute reference DNS ID,
     // unless we're matching a name constraint.
     if !reference.at_end() {
-        if reference_dns_id_role != IDRole::NameConstraint {
+        if reference_dns_id_role != IdRole::NameConstraint {
             match reference.read_byte() {
                 Ok(b'.') => (),
                 _ => {
@@ -432,14 +432,14 @@ enum AllowWildcards {
 }
 
 #[derive(Clone, Copy, PartialEq)]
-enum IDRole {
-    ReferenceID,
-    PresentedID,
+enum IdRole {
+    Reference,
+    Presented,
     NameConstraint,
 }
 
 fn is_valid_reference_dns_id(hostname: untrusted::Input) -> bool {
-    is_valid_dns_id(hostname, IDRole::ReferenceID, AllowWildcards::No)
+    is_valid_dns_id(hostname, IdRole::Reference, AllowWildcards::No)
 }
 
 // https://tools.ietf.org/html/rfc5280#section-4.2.1.6:
@@ -454,7 +454,7 @@ fn is_valid_reference_dns_id(hostname: untrusted::Input) -> bool {
 // requirement above, underscores are also allowed in names for compatibility.
 fn is_valid_dns_id(
     hostname: untrusted::Input,
-    id_role: IDRole,
+    id_role: IdRole,
     allow_wildcards: AllowWildcards,
 ) -> bool {
     // https://blogs.msdn.microsoft.com/oldnewthing/20120412-00/?p=7873/
@@ -464,7 +464,7 @@ fn is_valid_dns_id(
 
     let mut input = untrusted::Reader::new(hostname);
 
-    if id_role == IDRole::NameConstraint && input.at_end() {
+    if id_role == IdRole::NameConstraint && input.at_end() {
         return true;
     }
 
@@ -523,7 +523,7 @@ fn is_valid_dns_id(
 
             Ok(b'.') => {
                 dot_count += 1;
-                if label_length == 0 && (id_role != IDRole::NameConstraint || !is_first_byte) {
+                if label_length == 0 && (id_role != IdRole::NameConstraint || !is_first_byte) {
                     return false;
                 }
                 if label_ends_with_hyphen {
@@ -545,7 +545,7 @@ fn is_valid_dns_id(
 
     // Only reference IDs, not presented IDs or name constraints, may be
     // absolute.
-    if label_length == 0 && id_role != IDRole::ReferenceID {
+    if label_length == 0 && id_role != IdRole::Reference {
         return false;
     }
 

src/name/verify.rs

@@ -17,7 +17,7 @@ use super::{
     ip_address,
 };
 use crate::{
-    cert::{Cert, EndEntityOrCA},
+    cert::{Cert, EndEntityOrCa},
     der, Error,
 };
 
@@ -86,8 +86,8 @@ pub fn check_name_constraints(
         })?;
 
         child = match child.ee_or_ca {
-            EndEntityOrCA::CA(child_cert) => child_cert,
-            EndEntityOrCA::EndEntity => {
+            EndEntityOrCa::Ca(child_cert) => child_cert,
+            EndEntityOrCa::EndEntity => {
                 break;
             }
         };
@@ -171,7 +171,7 @@ fn check_presented_id_conforms_to_constraints_in_subtree(
                 presented_directory_name_matches_constraint(name, base, subtrees),
             ),
 
-            (GeneralName::IPAddress(name), GeneralName::IPAddress(base)) => {
+            (GeneralName::IpAddress(name), GeneralName::IpAddress(base)) => {
                 ip_address::presented_id_matches_constraint(name, base)
             }
 
@@ -288,7 +288,7 @@ fn iterate_names(
 enum GeneralName<'a> {
     DnsName(untrusted::Input<'a>),
     DirectoryName(untrusted::Input<'a>),
-    IPAddress(untrusted::Input<'a>),
+    IpAddress(untrusted::Input<'a>),
 
     // The value is the `tag & ~(der::CONTEXT_SPECIFIC | der::CONSTRUCTED)` so
     // that the name constraint checking matches tags regardless of whether
@@ -313,7 +313,7 @@ fn general_name<'a>(input: &mut untrusted::Reader<'a>) -> Result<GeneralName<'a>
     let name = match tag {
         DNS_NAME_TAG => GeneralName::DnsName(value),
         DIRECTORY_NAME_TAG => GeneralName::DirectoryName(value),
-        IP_ADDRESS_TAG => GeneralName::IPAddress(value),
+        IP_ADDRESS_TAG => GeneralName::IpAddress(value),
 
         OTHER_NAME_TAG
         | RFC822_NAME_TAG

src/trust_anchor.rs

@@ -1,6 +1,6 @@
 use crate::cert::{certificate_serial_number, Cert};
 use crate::{
-    cert::{parse_cert_internal, EndEntityOrCA},
+    cert::{parse_cert_internal, EndEntityOrCa},
     der, Error,
 };
 
@@ -53,7 +53,7 @@ impl<'a> TrustAnchor<'a> {
         // embedded name constraints in a v1 certificate.
         match parse_cert_internal(
             cert_der,
-            EndEntityOrCA::EndEntity,
+            EndEntityOrCa::EndEntity,
             possibly_invalid_certificate_serial_number,
         ) {
             Ok(cert) => Ok(Self::from(cert)),

src/verify_cert.rs

@@ -13,7 +13,7 @@
 // OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 
 use crate::{
-    cert::{self, Cert, EndEntityOrCA},
+    cert::{self, Cert, EndEntityOrCa},
     der, name, signed_data, time, Error, SignatureAlgorithm, TrustAnchor,
 };
 
@@ -39,14 +39,14 @@ pub fn build_chain(
     // TODO: HPKP checks.
 
     match used_as_ca {
-        UsedAsCA::Yes => {
+        UsedAsCa::Yes => {
             const MAX_SUB_CA_COUNT: usize = 6;
 
             if sub_ca_count >= MAX_SUB_CA_COUNT {
                 return Err(Error::UnknownIssuer);
             }
         }
-        UsedAsCA::No => {
+        UsedAsCa::No => {
             assert_eq!(0, sub_ca_count);
         }
     }
@@ -83,7 +83,7 @@ pub fn build_chain(
 
     loop_while_non_fatal_error(intermediate_certs, |cert_der| {
         let potential_issuer =
-            cert::parse_cert(untrusted::Input::from(*cert_der), EndEntityOrCA::CA(&cert))?;
+            cert::parse_cert(untrusted::Input::from(*cert_der), EndEntityOrCa::Ca(&cert))?;
 
         if potential_issuer.subject != cert.issuer {
             return Err(Error::UnknownIssuer);
@@ -98,10 +98,10 @@ pub fn build_chain(
                 return Err(Error::UnknownIssuer);
             }
             match &prev.ee_or_ca {
-                EndEntityOrCA::EndEntity => {
+                EndEntityOrCa::EndEntity => {
                     break;
                 }
-                EndEntityOrCA::CA(child_cert) => {
+                EndEntityOrCa::Ca(child_cert) => {
                     prev = child_cert;
                 }
             }
@@ -112,8 +112,8 @@ pub fn build_chain(
         })?;
 
         let next_sub_ca_count = match used_as_ca {
-            UsedAsCA::No => sub_ca_count,
-            UsedAsCA::Yes => sub_ca_count + 1,
+            UsedAsCa::No => sub_ca_count,
+            UsedAsCa::Yes => sub_ca_count + 1,
         };
 
         build_chain(
@@ -141,11 +141,11 @@ fn check_signatures(
         // TODO: check revocation
 
         match &cert.ee_or_ca {
-            EndEntityOrCA::CA(child_cert) => {
+            EndEntityOrCa::Ca(child_cert) => {
                 spki_value = cert.spki.value();
                 cert = child_cert;
             }
-            EndEntityOrCA::EndEntity => {
+            EndEntityOrCa::EndEntity => {
                 break;
             }
         }
@@ -157,7 +157,7 @@ fn check_signatures(
 fn check_issuer_independent_properties(
     cert: &Cert,
     time: time::Time,
-    used_as_ca: UsedAsCA,
+    used_as_ca: UsedAsCa,
     sub_ca_count: usize,
     required_eku_if_present: KeyPurposeId,
 ) -> Result<(), Error> {
@@ -204,22 +204,22 @@ fn check_validity(input: &mut untrusted::Reader, time: time::Time) -> Result<(),
 }
 
 #[derive(Clone, Copy)]
-enum UsedAsCA {
+enum UsedAsCa {
     Yes,
     No,
 }
 
-fn used_as_ca(ee_or_ca: &EndEntityOrCA) -> UsedAsCA {
+fn used_as_ca(ee_or_ca: &EndEntityOrCa) -> UsedAsCa {
     match ee_or_ca {
-        EndEntityOrCA::EndEntity => UsedAsCA::No,
-        EndEntityOrCA::CA(..) => UsedAsCA::Yes,
+        EndEntityOrCa::EndEntity => UsedAsCa::No,
+        EndEntityOrCa::Ca(..) => UsedAsCa::Yes,
     }
 }
 
 // https://tools.ietf.org/html/rfc5280#section-4.2.1.9
 fn check_basic_constraints(
     input: Option<&mut untrusted::Reader>,
-    used_as_ca: UsedAsCA,
+    used_as_ca: UsedAsCa,
     sub_ca_count: usize,
 ) -> Result<(), Error> {
     let (is_ca, path_len_constraint) = match input {
@@ -243,9 +243,9 @@ fn check_basic_constraints(
     };
 
     match (used_as_ca, is_ca, path_len_constraint) {
-        (UsedAsCA::No, true, _) => Err(Error::CaUsedAsEndEntity),
-        (UsedAsCA::Yes, false, _) => Err(Error::EndEntityUsedAsCa),
-        (UsedAsCA::Yes, true, Some(len)) if sub_ca_count > len => {
+        (UsedAsCa::No, true, _) => Err(Error::CaUsedAsEndEntity),
+        (UsedAsCa::Yes, false, _) => Err(Error::EndEntityUsedAsCa),
+        (UsedAsCa::Yes, true, Some(len)) if sub_ca_count > len => {
             Err(Error::PathLenConstraintViolated)
         }
         _ => Ok(()),