mirror of https://github.com/k3s-io/k3s
44 lines
997 B
Go
44 lines
997 B
Go
|
package dns
|
||
|
|
||
|
import (
|
||
|
"crypto/sha256"
|
||
|
"crypto/sha512"
|
||
|
"crypto/x509"
|
||
|
"encoding/hex"
|
||
|
"errors"
|
||
|
)
|
||
|
|
||
|
// CertificateToDANE converts a certificate to a hex string as used in the TLSA or SMIMEA records.
|
||
|
func CertificateToDANE(selector, matchingType uint8, cert *x509.Certificate) (string, error) {
|
||
|
switch matchingType {
|
||
|
case 0:
|
||
|
switch selector {
|
||
|
case 0:
|
||
|
return hex.EncodeToString(cert.Raw), nil
|
||
|
case 1:
|
||
|
return hex.EncodeToString(cert.RawSubjectPublicKeyInfo), nil
|
||
|
}
|
||
|
case 1:
|
||
|
h := sha256.New()
|
||
|
switch selector {
|
||
|
case 0:
|
||
|
h.Write(cert.Raw)
|
||
|
return hex.EncodeToString(h.Sum(nil)), nil
|
||
|
case 1:
|
||
|
h.Write(cert.RawSubjectPublicKeyInfo)
|
||
|
return hex.EncodeToString(h.Sum(nil)), nil
|
||
|
}
|
||
|
case 2:
|
||
|
h := sha512.New()
|
||
|
switch selector {
|
||
|
case 0:
|
||
|
h.Write(cert.Raw)
|
||
|
return hex.EncodeToString(h.Sum(nil)), nil
|
||
|
case 1:
|
||
|
h.Write(cert.RawSubjectPublicKeyInfo)
|
||
|
return hex.EncodeToString(h.Sum(nil)), nil
|
||
|
}
|
||
|
}
|
||
|
return "", errors.New("dns: bad MatchingType or Selector")
|
||
|
}
|