MatchWildcard returns true if subject (a candidate DNS name) matches wildcard (a reference DNS name), mostly according to RFC 6125-compliant wildcard rules. See also RFC 2818 which states that IP addresses must match exactly, but this function does not attempt to distinguish IP addresses from intern
(subject, wildcard string)
| 670 | // It uses DNS wildcard matching logic and is case-insensitive. |
| 671 | // https://tools.ietf.org/html/rfc2818#section-3.1 |
| 672 | func MatchWildcard(subject, wildcard string) bool { |
| 673 | // Strip brackets from IPv6 addresses (e.g. "[::1]" from HTTP Host headers). |
| 674 | subject = hostOnly(subject) |
| 675 | subject, wildcard = strings.ToLower(subject), strings.ToLower(wildcard) |
| 676 | if subject == wildcard { |
| 677 | return true |
| 678 | } |
| 679 | if !strings.Contains(wildcard, "*") { |
| 680 | return false |
| 681 | } |
| 682 | labels := strings.Split(subject, ".") |
| 683 | for i := range labels { |
| 684 | if labels[i] == "" { |
| 685 | continue // invalid label |
| 686 | } |
| 687 | labels[i] = "*" |
| 688 | candidate := strings.Join(labels, ".") |
| 689 | if candidate == wildcard { |
| 690 | return true |
| 691 | } |
| 692 | } |
| 693 | return false |
| 694 | } |
searching dependent graphs…