1package dns 2 3import ( 4 "crypto/sha256" 5 "crypto/sha512" 6 "crypto/x509" 7 "encoding/hex" 8 "errors" 9) 10 11// CertificateToDANE converts a certificate to a hex string as used in the TLSA or SMIMEA records. 12func CertificateToDANE(selector, matchingType uint8, cert *x509.Certificate) (string, error) { 13 switch matchingType { 14 case 0: 15 switch selector { 16 case 0: 17 return hex.EncodeToString(cert.Raw), nil 18 case 1: 19 return hex.EncodeToString(cert.RawSubjectPublicKeyInfo), nil 20 } 21 case 1: 22 h := sha256.New() 23 switch selector { 24 case 0: 25 h.Write(cert.Raw) 26 return hex.EncodeToString(h.Sum(nil)), nil 27 case 1: 28 h.Write(cert.RawSubjectPublicKeyInfo) 29 return hex.EncodeToString(h.Sum(nil)), nil 30 } 31 case 2: 32 h := sha512.New() 33 switch selector { 34 case 0: 35 h.Write(cert.Raw) 36 return hex.EncodeToString(h.Sum(nil)), nil 37 case 1: 38 h.Write(cert.RawSubjectPublicKeyInfo) 39 return hex.EncodeToString(h.Sum(nil)), nil 40 } 41 } 42 return "", errors.New("dns: bad MatchingType or Selector") 43} 44