1package dns 2 3import ( 4 "crypto/x509" 5 "net" 6 "strconv" 7) 8 9// Sign creates a TLSA record from an SSL certificate. 10func (r *TLSA) Sign(usage, selector, matchingType int, cert *x509.Certificate) (err error) { 11 r.Hdr.Rrtype = TypeTLSA 12 r.Usage = uint8(usage) 13 r.Selector = uint8(selector) 14 r.MatchingType = uint8(matchingType) 15 16 r.Certificate, err = CertificateToDANE(r.Selector, r.MatchingType, cert) 17 if err != nil { 18 return err 19 } 20 return nil 21} 22 23// Verify verifies a TLSA record against an SSL certificate. If it is OK 24// a nil error is returned. 25func (r *TLSA) Verify(cert *x509.Certificate) error { 26 c, err := CertificateToDANE(r.Selector, r.MatchingType, cert) 27 if err != nil { 28 return err // Not also ErrSig? 29 } 30 if r.Certificate == c { 31 return nil 32 } 33 return ErrSig // ErrSig, really? 34} 35 36// TLSAName returns the ownername of a TLSA resource record as per the 37// rules specified in RFC 6698, Section 3. 38func TLSAName(name, service, network string) (string, error) { 39 if !IsFqdn(name) { 40 return "", ErrFqdn 41 } 42 p, err := net.LookupPort(network, service) 43 if err != nil { 44 return "", err 45 } 46 return "_" + strconv.Itoa(p) + "._" + network + "." + name, nil 47} 48