smimea.go

Documentation: github.com/miekg/dns

     1  package dns
     2  
     3  import (
     4  	"crypto/sha256"
     5  	"crypto/x509"
     6  	"encoding/hex"
     7  )
     8  
     9  // Sign creates a SMIMEA record from an SSL certificate.
    10  func (r *SMIMEA) Sign(usage, selector, matchingType int, cert *x509.Certificate) (err error) {
    11  	r.Hdr.Rrtype = TypeSMIMEA
    12  	r.Usage = uint8(usage)
    13  	r.Selector = uint8(selector)
    14  	r.MatchingType = uint8(matchingType)
    15  
    16  	r.Certificate, err = CertificateToDANE(r.Selector, r.MatchingType, cert)
    17  	return err
    18  }
    19  
    20  // Verify verifies a SMIMEA record against an SSL certificate. If it is OK
    21  // a nil error is returned.
    22  func (r *SMIMEA) Verify(cert *x509.Certificate) error {
    23  	c, err := CertificateToDANE(r.Selector, r.MatchingType, cert)
    24  	if err != nil {
    25  		return err // Not also ErrSig?
    26  	}
    27  	if r.Certificate == c {
    28  		return nil
    29  	}
    30  	return ErrSig // ErrSig, really?
    31  }
    32  
    33  // SMIMEAName returns the ownername of a SMIMEA resource record as per the
    34  // format specified in RFC 'draft-ietf-dane-smime-12' Section 2 and 3
    35  func SMIMEAName(email, domain string) (string, error) {
    36  	hasher := sha256.New()
    37  	hasher.Write([]byte(email))
    38  
    39  	// RFC Section 3: "The local-part is hashed using the SHA2-256
    40  	// algorithm with the hash truncated to 28 octets and
    41  	// represented in its hexadecimal representation to become the
    42  	// left-most label in the prepared domain name"
    43  	return hex.EncodeToString(hasher.Sum(nil)[:28]) + "." + "_smimecert." + domain, nil
    44  }
    45
View as plain text