dane.go raw

   1  package dns
   2  
   3  import (
   4  	"crypto/sha256"
   5  	"crypto/sha512"
   6  	"crypto/x509"
   7  	"encoding/hex"
   8  	"errors"
   9  )
  10  
  11  // CertificateToDANE converts a certificate to a hex string as used in the TLSA or SMIMEA records.
  12  func CertificateToDANE(selector, matchingType uint8, cert *x509.Certificate) (string, error) {
  13  	switch matchingType {
  14  	case 0:
  15  		switch selector {
  16  		case 0:
  17  			return hex.EncodeToString(cert.Raw), nil
  18  		case 1:
  19  			return hex.EncodeToString(cert.RawSubjectPublicKeyInfo), nil
  20  		}
  21  	case 1:
  22  		h := sha256.New()
  23  		switch selector {
  24  		case 0:
  25  			h.Write(cert.Raw)
  26  			return hex.EncodeToString(h.Sum(nil)), nil
  27  		case 1:
  28  			h.Write(cert.RawSubjectPublicKeyInfo)
  29  			return hex.EncodeToString(h.Sum(nil)), nil
  30  		}
  31  	case 2:
  32  		h := sha512.New()
  33  		switch selector {
  34  		case 0:
  35  			h.Write(cert.Raw)
  36  			return hex.EncodeToString(h.Sum(nil)), nil
  37  		case 1:
  38  			h.Write(cert.RawSubjectPublicKeyInfo)
  39  			return hex.EncodeToString(h.Sum(nil)), nil
  40  		}
  41  	}
  42  	return "", errors.New("dns: bad MatchingType or Selector")
  43  }
  44