New constructs a Policy Authority.

ValidDomain checks that a domain is valid and that it doesn't contain any invalid wildcard characters.

ValidEmail returns an error if the input doesn't parse as an email address, the domain isn't a valid hostname in Preferred Name Syntax, or its on the list of domains forbidden for mail (because they are often used in examples).

WellFormedDomainNames returns an error if any of the provided domains do not meet these criteria: - MUST contains only lowercase characters, numbers, hyphens, and dots - MUST NOT have more than maxLabels labels - MUST follow the DNS hostname syntax rules in RFC 1035 and RFC 2181 In particular, it: - MUST NOT contain underscores - MUST NOT match the syntax of an IP address - MUST end in a public suffix - MUST have at least one label in addition to the public suffix - MUST NOT be a label-wise suffix match for a name on the block list, where comparison is case-independent (normalized to lower case) If a domain contains a *, we additionally require: - There is at most one `*` wildcard character - That the wildcard character is the leftmost label - That the wildcard label is not immediately adjacent to a top level ICANN TLD If multiple domains are invalid, the error will contain suberrors specific to each domain.

AuthorityImpl enforces CA policy decisions.