2012-09-14 17:48:52 +10:00
|
|
|
package dns
|
|
|
|
|
2012-09-14 19:40:25 +10:00
|
|
|
import (
|
|
|
|
"crypto/sha256"
|
|
|
|
"crypto/sha512"
|
|
|
|
"crypto/x509"
|
|
|
|
"encoding/hex"
|
|
|
|
"io"
|
|
|
|
"net"
|
|
|
|
"strconv"
|
|
|
|
)
|
|
|
|
|
2012-09-14 17:48:52 +10:00
|
|
|
// TLSA support functions
|
|
|
|
|
2012-09-14 19:40:25 +10:00
|
|
|
// Sign creates a TLSA record from a SSL certificate.
|
|
|
|
func (r *RR_TLSA) Sign(usage, selector, matchingType int, cert *x509.Certificate) error {
|
|
|
|
r.Hdr.Rrtype = TypeTLSA
|
|
|
|
r.Usage = uint8(usage)
|
|
|
|
r.Selector = uint8(selector)
|
|
|
|
r.MatchingType = uint8(matchingType)
|
2012-09-14 17:48:52 +10:00
|
|
|
|
2012-09-14 19:40:25 +10:00
|
|
|
switch r.MatchingType {
|
|
|
|
case 0:
|
2012-09-14 19:41:12 +10:00
|
|
|
switch r.Selector {
|
2012-09-14 19:40:25 +10:00
|
|
|
case 0:
|
|
|
|
r.Certificate = hex.EncodeToString(cert.Raw)
|
|
|
|
case 1:
|
|
|
|
r.Certificate = hex.EncodeToString(cert.RawSubjectPublicKeyInfo)
|
|
|
|
}
|
|
|
|
case 1:
|
|
|
|
h := sha256.New()
|
2012-09-14 19:41:12 +10:00
|
|
|
switch r.Selector {
|
2012-09-14 19:40:25 +10:00
|
|
|
case 0:
|
|
|
|
r.Certificate = hex.EncodeToString(cert.Raw)
|
|
|
|
case 1:
|
|
|
|
io.WriteString(h, string(cert.RawSubjectPublicKeyInfo))
|
|
|
|
r.Certificate = hex.EncodeToString(h.Sum(nil))
|
|
|
|
}
|
|
|
|
case 2:
|
|
|
|
h := sha512.New()
|
2012-09-14 19:41:12 +10:00
|
|
|
switch r.Selector {
|
2012-09-14 19:40:25 +10:00
|
|
|
case 0:
|
|
|
|
r.Certificate = hex.EncodeToString(cert.Raw)
|
|
|
|
case 1:
|
|
|
|
io.WriteString(h, string(cert.RawSubjectPublicKeyInfo))
|
|
|
|
r.Certificate = hex.EncodeToString(h.Sum(nil))
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return nil
|
2012-09-14 17:48:52 +10:00
|
|
|
}
|
|
|
|
|
|
|
|
// Verify verifies a TLSA record against a SSL certificate.
|
2012-09-14 19:40:25 +10:00
|
|
|
func (r *RR_TLSA) Verify() error {
|
|
|
|
return nil
|
|
|
|
|
|
|
|
}
|
2012-09-14 17:48:52 +10:00
|
|
|
|
2012-09-14 19:40:25 +10:00
|
|
|
// Name set the ownername of the TLSA record according to the
|
|
|
|
// rules specified in RFC 6698, Section 3.
|
|
|
|
func (r *RR_TLSA) Name(name, service, network string) bool {
|
|
|
|
if !IsFqdn(name) {
|
|
|
|
return false
|
|
|
|
}
|
|
|
|
p, e := net.LookupPort(network, service)
|
|
|
|
if e != nil {
|
|
|
|
return false
|
|
|
|
}
|
|
|
|
r.Hdr.Name = "_" + strconv.Itoa(p) + "_" + network + "." + name
|
|
|
|
return true
|
2012-09-14 17:48:52 +10:00
|
|
|
}
|