change Policy.Matches to accept a URL pointer (#5360)

internal/urlutil/known_test.go

@@ -83,7 +83,7 @@ func TestSignInURL(t *testing.T) {
 	authenticateURL := MustParseAndValidateURL("https://authenticate.example.com")
 	redirectURL := MustParseAndValidateURL("https://redirect.example.com")
 
-	rawSignInURL, err := SignInURL(k1, k2.PublicKey(), &authenticateURL, &redirectURL, "IDP-1")
+	rawSignInURL, err := SignInURL(k1, k2.PublicKey(), authenticateURL, redirectURL, "IDP-1")
 	require.NoError(t, err)
 
 	signInURL, err := ParseAndValidateURL(rawSignInURL)
@@ -107,7 +107,7 @@ func TestSignOutURL(t *testing.T) {
 	}).Encode(), nil)
 	authenticateURL := MustParseAndValidateURL("https://authenticate.example.com")
 
-	rawSignOutURL := SignOutURL(r, &authenticateURL, []byte("TEST"))
+	rawSignOutURL := SignOutURL(r, authenticateURL, []byte("TEST"))
 	signOutURL, err := ParseAndValidateURL(rawSignOutURL)
 	require.NoError(t, err)
 

internal/urlutil/url.go

@@ -54,12 +54,12 @@ func ParseAndValidateURL(rawurl string) (*url.URL, error) {
 
 // MustParseAndValidateURL parses the URL via ParseAndValidateURL but panics if there is an error.
 // (useful for testing)
-func MustParseAndValidateURL(rawURL string) url.URL {
+func MustParseAndValidateURL(rawURL string) *url.URL {
 	u, err := ParseAndValidateURL(rawURL)
 	if err != nil {
 		panic(err)
 	}
-	return *u
+	return u
 }
 
 // ValidateURL wraps standard library's default url.Parse because
@@ -187,6 +187,6 @@ func GetExternalRequest(internalURL, externalURL *url.URL, r *http.Request) *htt
 }
 
 // MatchesServerName returnes true if the url's host matches the given server name.
-func MatchesServerName(u url.URL, serverName string) bool {
+func MatchesServerName(u *url.URL, serverName string) bool {
 	return certmagic.MatchWildcard(u.Hostname(), serverName)
 }