Source file src/github.com/miekg/dns/dane.go

Documentation: github.com/miekg/dns

     1  package dns
     2  
     3  import (
     4  	"crypto/sha256"
     5  	"crypto/sha512"
     6  	"crypto/x509"
     7  	"encoding/hex"
     8  	"errors"
     9  )
    10  
    11  // CertificateToDANE converts a certificate to a hex string as used in the TLSA or SMIMEA records.
    12  func CertificateToDANE(selector, matchingType uint8, cert *x509.Certificate) (string, error) {
    13  	switch matchingType {
    14  	case 0:
    15  		switch selector {
    16  		case 0:
    17  			return hex.EncodeToString(cert.Raw), nil
    18  		case 1:
    19  			return hex.EncodeToString(cert.RawSubjectPublicKeyInfo), nil
    20  		}
    21  	case 1:
    22  		h := sha256.New()
    23  		switch selector {
    24  		case 0:
    25  			h.Write(cert.Raw)
    26  			return hex.EncodeToString(h.Sum(nil)), nil
    27  		case 1:
    28  			h.Write(cert.RawSubjectPublicKeyInfo)
    29  			return hex.EncodeToString(h.Sum(nil)), nil
    30  		}
    31  	case 2:
    32  		h := sha512.New()
    33  		switch selector {
    34  		case 0:
    35  			h.Write(cert.Raw)
    36  			return hex.EncodeToString(h.Sum(nil)), nil
    37  		case 1:
    38  			h.Write(cert.RawSubjectPublicKeyInfo)
    39  			return hex.EncodeToString(h.Sum(nil)), nil
    40  		}
    41  	}
    42  	return "", errors.New("dns: bad MatchingType or Selector")
    43  }
    44  

View as plain text