smimea.go (1361B)
1 package dns 2 3 import ( 4 "crypto/sha256" 5 "crypto/x509" 6 "encoding/hex" 7 ) 8 9 // Sign creates a SMIMEA record from an SSL certificate. 10 func (r *SMIMEA) Sign(usage, selector, matchingType int, cert *x509.Certificate) (err error) { 11 r.Hdr.Rrtype = TypeSMIMEA 12 r.Usage = uint8(usage) 13 r.Selector = uint8(selector) 14 r.MatchingType = uint8(matchingType) 15 16 r.Certificate, err = CertificateToDANE(r.Selector, r.MatchingType, cert) 17 return err 18 } 19 20 // Verify verifies a SMIMEA record against an SSL certificate. If it is OK 21 // a nil error is returned. 22 func (r *SMIMEA) Verify(cert *x509.Certificate) error { 23 c, err := CertificateToDANE(r.Selector, r.MatchingType, cert) 24 if err != nil { 25 return err // Not also ErrSig? 26 } 27 if r.Certificate == c { 28 return nil 29 } 30 return ErrSig // ErrSig, really? 31 } 32 33 // SMIMEAName returns the ownername of a SMIMEA resource record as per the 34 // format specified in RFC 'draft-ietf-dane-smime-12' Section 2 and 3 35 func SMIMEAName(email, domain string) (string, error) { 36 hasher := sha256.New() 37 hasher.Write([]byte(email)) 38 39 // RFC Section 3: "The local-part is hashed using the SHA2-256 40 // algorithm with the hash truncated to 28 octets and 41 // represented in its hexadecimal representation to become the 42 // left-most label in the prepared domain name" 43 return hex.EncodeToString(hasher.Sum(nil)[:28]) + "." + "_smimecert." + domain, nil 44 }