Skip to content

Add DAFSA-format Public Suffix List reader#215

Draft
AlfioEmanueleFresta wants to merge 8 commits into
masterfrom
issue-210-dafsa-psl
Draft

Add DAFSA-format Public Suffix List reader#215
AlfioEmanueleFresta wants to merge 8 commits into
masterfrom
issue-210-dafsa-psl

Conversation

@AlfioEmanueleFresta
Copy link
Copy Markdown
Member

@AlfioEmanueleFresta AlfioEmanueleFresta commented May 12, 2026

Closes #210.

Adds a safe-Rust reader for libpsl's binary .dafsa PSL file and an auto-detecting SystemPublicSuffixList::auto() loader that probes .dafsa then .dat. Fixes the Fedora default-install gap where only .dafsa is shipped.

The DAFSA lookup is a port of LookupStringInFixedSet; format is described in psl-make-dafsa. No new runtime deps.

Test plan

  • CI passes (clippy + fmt + workspace tests) with the new `apt-get install publicsuffix` step
  • Gated integration test `psl::system::tests::system_psl_loads_and_resolves_common_suffixes` runs in CI (`LIBWEBAUTHN_PSL_SYSTEM_TEST=1`) against Debian's real PSL files
  • Verified locally on Fedora that `SystemPublicSuffixList::auto()` loads the system `.dafsa` and resolves IDN suffixes in punycode form (e.g. `xn--55qx5d.hk`)

@AlfioEmanueleFresta
refactor(psl): split psl.rs into psl/ module with dat.rs
32553ef 
Pure code move with no behavior change. Splits the single-file PSL module
into a directory layout to make room for additional reader implementations.
The trait and MockPublicSuffixList stay in mod.rs; DatFilePublicSuffixList
moves to dat.rs.
@AlfioEmanueleFresta
feat(psl): add DAFSA-format reader (DafsaFilePublicSuffixList)
9c39409 
Adds a safe-Rust reader for libpsl's binary .dafsa file format. The reader
ports LookupStringInFixedSet from libpsl's lookup_string_in_fixed_set.c
(BSD-licensed by The Chromium Authors), translating the byte-coded DAFSA
walk to safe Rust without unsafe or extra dependencies.

Closes the Fedora gap from issue #210: Fedora ships only the .dafsa file
by default (via publicsuffix-list-dafsa, which libpsl requires).

Tests cover plain rules, wildcard, exception, private section, and the
file-header parser edge cases. The fixture was generated by libpsl's
psl-make-dafsa script from a small synthetic PSL.
@AlfioEmanueleFresta
feat(psl): add SystemPublicSuffixList::auto() probing both formats
2711177 
Auto-detects which system-managed PSL file is available, preferring
.dafsa over .dat. Returns SystemLoadError::NoneFound listing the paths
tried if neither is present.

Includes an integration test gated by LIBWEBAUTHN_PSL_SYSTEM_TEST=1 that
loads the real system PSL and validates lookups against common suffixes.
The gating env var is intentional so that local 'cargo test' runs do not
require any package to be installed.
@AlfioEmanueleFresta
feat(examples): use SystemPublicSuffixList::auto() in ceremony examples
324683d 
Switches the three ceremony examples (cable, hid, nfc) to the
auto-detecting loader so they work out of the box on Fedora (where only
.dafsa is shipped) and on Debian/Ubuntu/Arch.

Also re-exports the new public types (SystemPublicSuffixList,
DafsaFilePublicSuffixList, etc.) from ops::webauthn alongside the
existing DatFilePublicSuffixList for callers wiring the list themselves.
@AlfioEmanueleFresta
docs(readme): document DAFSA support and per-distro shipping
8c808c5 
Updates the Runtime requirements section to reflect that the loader now
auto-detects the .dafsa format alongside .dat, and explains which package
ships which format on each distribution.
@AlfioEmanueleFresta
ci: install publicsuffix and run gated system-file PSL test
99614e5 
apt-get installs Debian's publicsuffix package (ships both .dat and
.dafsa). Sets LIBWEBAUTHN_PSL_SYSTEM_TEST=1 on the test step so the
SystemPublicSuffixList::auto() integration test runs against the real
system file in CI.
@AlfioEmanueleFresta
fix(psl): satisfy clippy::expect_used and rustfmt in DAFSA reader
ba492b5 
Crate denies clippy::expect_used outside tests; the version parse now
propagates BadMagic on UTF-8 failure even though the bytes were already
validated as ASCII digits. Also rustfmt reflow of test code.
@AlfioEmanueleFresta
docs(psl): clarify DAFSA reader deviations from libpsl
1179d97 
Module docs now call out the two intentional deviations from libpsl's
psl_is_public_suffix: no prevailing-star rule for unknown single-label
TLDs (so localhost works as its own rp.id), and no multibyte key
support (WebAuthn only ever passes IDN-ASCII, and the DAFSA stores IDN
rules in punycode form regardless of encoding mode). Test comment for
the exception-overrides-wildcard case rewritten to describe the actual
lookup chain rather than conflating two mechanisms.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Add a DAFSA-format Public Suffix List reader

1 participant

@AlfioEmanueleFresta