vendor/github.com/miekg/dns/dane.go

   1 package dns
   2
   3 import (
   4         "crypto/sha256"
   5         "crypto/sha512"
   6         "crypto/x509"
   7         "encoding/hex"
   8         "errors"
   9 )
  10
  11 // CertificateToDANE converts a certificate to a hex string as used in the TLSA or SMIMEA records.
  12 func CertificateToDANE(selector, matchingType uint8, cert *x509.Certificate) (string, error) {
  13         switch matchingType {
  14         case 0:
  15                 switch selector {
  16                 case 0:
  17                         return hex.EncodeToString(cert.Raw), nil
  18                 case 1:
  19                         return hex.EncodeToString(cert.RawSubjectPublicKeyInfo), nil
  20                 }
  21         case 1:
  22                 h := sha256.New()
  23                 switch selector {
  24                 case 0:
  25                         h.Write(cert.Raw)
  26                         return hex.EncodeToString(h.Sum(nil)), nil
  27                 case 1:
  28                         h.Write(cert.RawSubjectPublicKeyInfo)
  29                         return hex.EncodeToString(h.Sum(nil)), nil
  30                 }
  31         case 2:
  32                 h := sha512.New()
  33                 switch selector {
  34                 case 0:
  35                         h.Write(cert.Raw)
  36                         return hex.EncodeToString(h.Sum(nil)), nil
  37                 case 1:
  38                         h.Write(cert.RawSubjectPublicKeyInfo)
  39                         return hex.EncodeToString(h.Sum(nil)), nil
  40                 }
  41         }
  42         return "", errors.New("dns: bad MatchingType or Selector")
  43 }