package dns
|
|
import (
|
"crypto/sha256"
|
"crypto/sha512"
|
"crypto/x509"
|
"encoding/hex"
|
"errors"
|
)
|
|
// CertificateToDANE converts a certificate to a hex string as used in the TLSA or SMIMEA records.
|
func CertificateToDANE(selector, matchingType uint8, cert *x509.Certificate) (string, error) {
|
switch matchingType {
|
case 0:
|
switch selector {
|
case 0:
|
return hex.EncodeToString(cert.Raw), nil
|
case 1:
|
return hex.EncodeToString(cert.RawSubjectPublicKeyInfo), nil
|
}
|
case 1:
|
h := sha256.New()
|
switch selector {
|
case 0:
|
h.Write(cert.Raw)
|
return hex.EncodeToString(h.Sum(nil)), nil
|
case 1:
|
h.Write(cert.RawSubjectPublicKeyInfo)
|
return hex.EncodeToString(h.Sum(nil)), nil
|
}
|
case 2:
|
h := sha512.New()
|
switch selector {
|
case 0:
|
h.Write(cert.Raw)
|
return hex.EncodeToString(h.Sum(nil)), nil
|
case 1:
|
h.Write(cert.RawSubjectPublicKeyInfo)
|
return hex.EncodeToString(h.Sum(nil)), nil
|
}
|
}
|
return "", errors.New("dns: bad MatchingType or Selector")
|
}
|
