mirror of
https://github.com/miekg/dns.git
synced 2025-08-06 17:46:59 +02:00
b6ecf29d98
* Remove unused bytes.Buffer from dns/idn.encode. This buffer is truncated and written to but never read from. It serves no purpose and all tests pass with it removed. It appears to have been introduced when puncycode.go was first added in miekg/dns@e3c2c07. * Produce less pointless garbage. This change: - removes several needless []byte -> string conversions, - removes two needless append calls in HashName, and - writes the hash to the same nsec3 []byte in HashName rather than creating a new []byte on each of the k iterations. These are all minor performance improvements that will likely go entirely unnoticed. The changes will reduce the ammount of garbage produced when calling CertificateToDANE, HashName, (*SIG).Sign and TsigGenerate.
44 lines
997 B
Go
44 lines
997 B
Go
package dns
|
|
|
|
import (
|
|
"crypto/sha256"
|
|
"crypto/sha512"
|
|
"crypto/x509"
|
|
"encoding/hex"
|
|
"errors"
|
|
)
|
|
|
|
// CertificateToDANE converts a certificate to a hex string as used in the TLSA or SMIMEA records.
|
|
func CertificateToDANE(selector, matchingType uint8, cert *x509.Certificate) (string, error) {
|
|
switch matchingType {
|
|
case 0:
|
|
switch selector {
|
|
case 0:
|
|
return hex.EncodeToString(cert.Raw), nil
|
|
case 1:
|
|
return hex.EncodeToString(cert.RawSubjectPublicKeyInfo), nil
|
|
}
|
|
case 1:
|
|
h := sha256.New()
|
|
switch selector {
|
|
case 0:
|
|
h.Write(cert.Raw)
|
|
return hex.EncodeToString(h.Sum(nil)), nil
|
|
case 1:
|
|
h.Write(cert.RawSubjectPublicKeyInfo)
|
|
return hex.EncodeToString(h.Sum(nil)), nil
|
|
}
|
|
case 2:
|
|
h := sha512.New()
|
|
switch selector {
|
|
case 0:
|
|
h.Write(cert.Raw)
|
|
return hex.EncodeToString(h.Sum(nil)), nil
|
|
case 1:
|
|
h.Write(cert.RawSubjectPublicKeyInfo)
|
|
return hex.EncodeToString(h.Sum(nil)), nil
|
|
}
|
|
}
|
|
return "", errors.New("dns: bad MatchingType or Selector")
|
|
}
|