smimea.go raw

   1  package dns
   2  
   3  import (
   4  	"crypto/sha256"
   5  	"crypto/x509"
   6  	"encoding/hex"
   7  )
   8  
   9  // Sign creates a SMIMEA record from an SSL certificate.
  10  func (r *SMIMEA) Sign(usage, selector, matchingType int, cert *x509.Certificate) (err error) {
  11  	r.Hdr.Rrtype = TypeSMIMEA
  12  	r.Usage = uint8(usage)
  13  	r.Selector = uint8(selector)
  14  	r.MatchingType = uint8(matchingType)
  15  
  16  	r.Certificate, err = CertificateToDANE(r.Selector, r.MatchingType, cert)
  17  	return err
  18  }
  19  
  20  // Verify verifies a SMIMEA record against an SSL certificate. If it is OK
  21  // a nil error is returned.
  22  func (r *SMIMEA) Verify(cert *x509.Certificate) error {
  23  	c, err := CertificateToDANE(r.Selector, r.MatchingType, cert)
  24  	if err != nil {
  25  		return err // Not also ErrSig?
  26  	}
  27  	if r.Certificate == c {
  28  		return nil
  29  	}
  30  	return ErrSig // ErrSig, really?
  31  }
  32  
  33  // SMIMEAName returns the ownername of a SMIMEA resource record as per the
  34  // format specified in RFC 'draft-ietf-dane-smime-12' Section 2 and 3
  35  func SMIMEAName(email, domain string) (string, error) {
  36  	hasher := sha256.New()
  37  	hasher.Write([]byte(email))
  38  
  39  	// RFC Section 3: "The local-part is hashed using the SHA2-256
  40  	// algorithm with the hash truncated to 28 octets and
  41  	// represented in its hexadecimal representation to become the
  42  	// left-most label in the prepared domain name"
  43  	return hex.EncodeToString(hasher.Sum(nil)[:28]) + "." + "_smimecert." + domain, nil
  44  }
  45