Skip to content
Snippets Groups Projects
Normal view Permalink
smimea.go 1.33 KiB
Newer Older
  • Learn to ignore specific revisions
    • ale's avatar
    Upgrade dependencies
    ale committed
    1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 
    package dns

import (
	"crypto/sha256"
	"crypto/x509"
	"encoding/hex"
)

// Sign creates a SMIMEA record from an SSL certificate.
func (r *SMIMEA) Sign(usage, selector, matchingType int, cert *x509.Certificate) (err error) {
	r.Hdr.Rrtype = TypeSMIMEA
	r.Usage = uint8(usage)
	r.Selector = uint8(selector)
	r.MatchingType = uint8(matchingType)

	r.Certificate, err = CertificateToDANE(r.Selector, r.MatchingType, cert)
    renovate's avatar
    Update module miekg/dns to v1.1.35  
    renovate committed
    17 
    	return err
    ale's avatar
    Upgrade dependencies
    ale committed
    18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 
    }

// Verify verifies a SMIMEA record against an SSL certificate. If it is OK
// a nil error is returned.
func (r *SMIMEA) Verify(cert *x509.Certificate) error {
	c, err := CertificateToDANE(r.Selector, r.MatchingType, cert)
	if err != nil {
		return err // Not also ErrSig?
	}
	if r.Certificate == c {
		return nil
	}
	return ErrSig // ErrSig, really?
}

// SMIMEAName returns the ownername of a SMIMEA resource record as per the
// format specified in RFC 'draft-ietf-dane-smime-12' Section 2 and 3
func SMIMEAName(email, domain string) (string, error) {
	hasher := sha256.New()
	hasher.Write([]byte(email))

	// RFC Section 3: "The local-part is hashed using the SHA2-256
	// algorithm with the hash truncated to 28 octets and
	// represented in its hexadecimal representation to become the
	// left-most label in the prepared domain name"
	return hex.EncodeToString(hasher.Sum(nil)[:28]) + "." + "_smimecert." + domain, nil
}