Bug 970542, Part 1: Refactor name matching within CN AVAs to reduce duplicate logic, r=keeler

--HG--
extra : rebase_source : f129b24c58377f34ac7d80ee7d5e8775635843ff

security/pkix/lib/pkixnames.cpp

@@ -407,27 +407,26 @@ SearchWithinAVA(Reader& rdn,
     return Success;
   }
 
-  switch (referenceIDType)
+  if (referenceIDType == GeneralNameType::dNSName) {
-  {
+    return MatchPresentedIDWithReferenceID(GeneralNameType::dNSName,
-    case GeneralNameType::dNSName:
+                                           presentedID, referenceID,
-      foundMatch = PresentedDNSIDMatchesReferenceDNSID(presentedID,
+                                           foundMatch);
-                                                       referenceID);
-      break;
-    case GeneralNameType::iPAddress:
-    {
-      // We don't fall back to matching CN-IDs for IPv6 addresses, so we'll
-      // never get here for an IPv6 address.
-      assert(referenceID.GetLength() == 4);
-      uint8_t ipv4[4];
-      foundMatch = ParseIPv4Address(presentedID, ipv4) &&
-                   InputsAreEqual(Input(ipv4), referenceID);
-      break;
-    }
-    default:
-      return NotReached("unexpected referenceIDType in SearchWithinAVA",
-                        Result::FATAL_ERROR_INVALID_ARGS);
   }
 
+  // We don't match CN-IDs for IPv6 addresses. MatchPresentedIDWithReferenceID
+  // ensures that it won't match an IPv4 address with an IPv6 address, so we
+  // don't need to check that referenceID is an IPv4 address here.
+  if (referenceIDType == GeneralNameType::iPAddress) {
+    uint8_t ipv4[4];
+    if (ParseIPv4Address(presentedID, ipv4)) {
+      return MatchPresentedIDWithReferenceID(GeneralNameType::iPAddress,
+                                             Input(ipv4), referenceID,
+                                             foundMatch);
+    }
+  }
+
+  // We don't match CN-IDs for any other types of names.
+
   return Success;
 }