ExAwsSnsVerifier.Url (ex_aws_sns_verifier v0.1.0)

URL host validation helpers for AWS SNS signing cert and subscribe URLs.

Hardens SigningCertURL and SubscribeURL parsing by:

Summary

Build a hostname regex pattern from a list of allowed AWS regions.

Validate and parse a SigningCertURL.

Validate and parse a SubscribeURL.

@spec hostname_regex([String.t()]) :: Regex.t()

Build a hostname regex pattern from a list of allowed AWS regions.

Matches sns.<region>.amazonaws.com and sns.<region>.amazonaws.com.cn.

@spec validate_signing_cert_url(String.t(), [String.t()]) ::
  {:ok, URI.t()} | {:error, atom()}

Validate and parse a SigningCertURL.

Returns {:ok, uri} on success or {:error, :invalid_cert_url} on failure.

@spec validate_subscribe_url(String.t(), [String.t()]) ::
  {:ok, URI.t()} | {:error, atom()}

Validate and parse a SubscribeURL.

Returns {:ok, uri} on success or {:error, :invalid_subscribe_url} on failure.