boulder icon indicating copy to clipboard operation
boulder copied to clipboard
verified publisher icon letsencrypt

Improve type-safety in the identifiers package

Open aarongable opened this issue 10 months ago • 0 comments

Currently our Identifier type looks like this: https://github.com/letsencrypt/boulder/blob/bef73f3c8b9e233bbb8ec75e08e007d6c274fed9/identifier/identifier.go#L47-L53

This means that:

  1. Other packages can access and use the .Value without checking the .Type, potentially leading to cases where an IP address is used where a DNS name is expected, or vice versa;
  2. It's possible to construct an identifier whose .Type claims to be an IP address but whose .Value is a DNS name, or vice versa; and
  3. IP Addresses are stored and carried around as strings, rather than as netip.Addrs.

We'd like to replace this with a more type-safe structure, perhaps something like:

type ACMEIdentifier interface {
  func ToProto() *corepb.Identifier
  func ToJSON() string
}

type DNS struct {
  value string
}

type IP struct {
  value netip.Addr
}

where the latter two types implement the interface.

aarongable avatar May 16 '25 17:05 aarongable