# `ExAwsSnsVerifier.Url`
[🔗](https://github.com/GustavoZiaugra/ex_aws_sns_verifier/blob/v0.1.0/lib/ex_aws_sns_verifier/url.ex#L1)

URL host validation helpers for AWS SNS signing cert and subscribe URLs.

Hardens `SigningCertURL` and `SubscribeURL` parsing by:
- Requiring HTTPS scheme
- Validating host matches `sns.<region>.amazonaws.com(.cn)?` pattern
- Rejecting URLs with userinfo (credentials in URL)
- Requiring `.pem` extension for cert URLs

# `hostname_regex`

```elixir
@spec hostname_regex([String.t()]) :: Regex.t()
```

Build a hostname regex pattern from a list of allowed AWS regions.

Matches `sns.<region>.amazonaws.com` and `sns.<region>.amazonaws.com.cn`.

# `validate_signing_cert_url`

```elixir
@spec validate_signing_cert_url(String.t(), [String.t()]) ::
  {:ok, URI.t()} | {:error, atom()}
```

Validate and parse a SigningCertURL.

Returns `{:ok, uri}` on success or `{:error, :invalid_cert_url}` on failure.

# `validate_subscribe_url`

```elixir
@spec validate_subscribe_url(String.t(), [String.t()]) ::
  {:ok, URI.t()} | {:error, atom()}
```

Validate and parse a SubscribeURL.

Returns `{:ok, uri}` on success or `{:error, :invalid_subscribe_url}` on failure.

---

*Consult [api-reference.md](api-reference.md) for complete listing*