mirror of
https://codeberg.org/forgejo/forgejo.git
synced 2024-11-14 14:49:32 +01:00
d2ea21d0d8
* use certmagic for more extensible/robust ACME cert handling * accept TOS based on config option Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: zeripath <art27@cantab.net> Co-authored-by: Lauris BH <lauris@nix.lv>
43 lines
997 B
Go
Vendored
43 lines
997 B
Go
Vendored
package dns
|
|
|
|
import (
|
|
"crypto/sha256"
|
|
"crypto/sha512"
|
|
"crypto/x509"
|
|
"encoding/hex"
|
|
"errors"
|
|
)
|
|
|
|
// CertificateToDANE converts a certificate to a hex string as used in the TLSA or SMIMEA records.
|
|
func CertificateToDANE(selector, matchingType uint8, cert *x509.Certificate) (string, error) {
|
|
switch matchingType {
|
|
case 0:
|
|
switch selector {
|
|
case 0:
|
|
return hex.EncodeToString(cert.Raw), nil
|
|
case 1:
|
|
return hex.EncodeToString(cert.RawSubjectPublicKeyInfo), nil
|
|
}
|
|
case 1:
|
|
h := sha256.New()
|
|
switch selector {
|
|
case 0:
|
|
h.Write(cert.Raw)
|
|
return hex.EncodeToString(h.Sum(nil)), nil
|
|
case 1:
|
|
h.Write(cert.RawSubjectPublicKeyInfo)
|
|
return hex.EncodeToString(h.Sum(nil)), nil
|
|
}
|
|
case 2:
|
|
h := sha512.New()
|
|
switch selector {
|
|
case 0:
|
|
h.Write(cert.Raw)
|
|
return hex.EncodeToString(h.Sum(nil)), nil
|
|
case 1:
|
|
h.Write(cert.RawSubjectPublicKeyInfo)
|
|
return hex.EncodeToString(h.Sum(nil)), nil
|
|
}
|
|
}
|
|
return "", errors.New("dns: bad MatchingType or Selector")
|
|
}
|