Skip to content

feat: trust domain type string parsing and validation#5

Merged
tjons merged 3 commits into
mainfrom
tjons/trust-domain
Dec 21, 2025
Merged

feat: trust domain type string parsing and validation#5
tjons merged 3 commits into
mainfrom
tjons/trust-domain

Conversation

@tjons

@tjons tjons commented Dec 18, 2025

Copy link
Copy Markdown
Owner

Implements the TrustDomain struct type from the go-spiffe API, and the following methods:

  • TrustDomainFromString
  • TrustDomain.name()
  • TrustDomain.idString()
  • TrustDomain.string()

This PR intentionally does not implement the URI-based types, which will be handled in the next iteration.

Signed-off-by: tjons <tylerschade99@gmail.com>
Signed-off-by: tjons <tylerschade99@gmail.com>
Signed-off-by: tjons <tylerschade99@gmail.com>
@tjons tjons changed the title WIP: feat: trust domain type parsing and validation feat: trust domain type string parsing and validation Dec 18, 2025
@tjons tjons requested a review from Coutlaw December 18, 2025 17:30

@Coutlaw Coutlaw left a comment

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

great start for trust domains, already pulled this into my bundle code. Left 2 questions that don't need to be addressed now for this PR.

Comment thread src/spiffeid/td.zig
const InvalidTrustDomain = error{ EmptyTrustDomain, TrustDomainContainsInvalidCharacters, TrustDomainContainsPercentEncodedCharacters, TrustDomainContainsUserPart, TrustDomainContainsPortPart };

// validates a SPIFFE trust domain authority URI segment.
fn validateTrustDomain(idOrName: []const u8) InvalidTrustDomain!void {

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

❓ what would you say to something like this?

fn validateTrustDomain(idOrName: []const u8) InvalidTrustDomain!void {
    if (idOrName.len == 0) return InvalidTrustDomain.EmptyTrustDomain;

    for (idOrName, 0..) |character, index| {
        // TODO(tjons): use this to provide an index number for the invalid character
        _ = index;

        var other_allowed_character: bool = false;

        switch (character) {
            '@' => {
                return InvalidTrustDomain.TrustDomainContainsUserPart;
            },
            ':' => {
                return InvalidTrustDomain.TrustDomainContainsPortPart;
            },
            '%' => {
                return InvalidTrustDomain.TrustDomainContainsPercentEncodedCharacters;
            },
            '_', '-', '.' => {
                other_allowed_character = true;
            },
        }

        const digit = std.ascii.isDigit(character);
        const lowercase = std.ascii.isLower(character);

        if (!digit and !lowercase and !other_allowed_character) {
            return InvalidTrustDomain.TrustDomainContainsInvalidCharacters;
        }
    }

    return;
}

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

100% up to you, I can't decide which is easier to read.

Copy link
Copy Markdown
Owner Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lol. this is much better, I didn't see the switch syntax yet...

Comment thread src/spiffeid/td.zig

pub fn idString(self: TrustDomain, allocator: std.mem.Allocator) ![]const u8 {
const result = try allocator.alloc(u8, "spiffe://".len + self.td.len);
@memcpy(result[0..9], "spiffe://");

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

❓ should we have a global const for the uri base string length? since 9 is showing up a lot?
Not for this PR, but going forward maybe

Copy link
Copy Markdown
Owner Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this is a good point, will fix in the next iteration. I had defined this here: https://github.com/tjons/ziffe/blob/main/src/spiffeid/id.zig#L3 but forgot to use it.

@tjons tjons merged commit 7a71270 into main Dec 21, 2025
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants