9 // Sign creates a SMIMEA record from an SSL certificate.
10 func (r *SMIMEA) Sign(usage, selector, matchingType int, cert *x509.Certificate) (err error) {
11 r.Hdr.Rrtype = TypeSMIMEA
12 r.Usage = uint8(usage)
13 r.Selector = uint8(selector)
14 r.MatchingType = uint8(matchingType)
16 r.Certificate, err = CertificateToDANE(r.Selector, r.MatchingType, cert)
20 // Verify verifies a SMIMEA record against an SSL certificate. If it is OK
21 // a nil error is returned.
22 func (r *SMIMEA) Verify(cert *x509.Certificate) error {
23 c, err := CertificateToDANE(r.Selector, r.MatchingType, cert)
25 return err // Not also ErrSig?
27 if r.Certificate == c {
30 return ErrSig // ErrSig, really?
33 // SMIMEAName returns the ownername of a SMIMEA resource record as per the
34 // format specified in RFC 'draft-ietf-dane-smime-12' Section 2 and 3
35 func SMIMEAName(email, domain string) (string, error) {
36 hasher := sha256.New()
37 hasher.Write([]byte(email))
39 // RFC Section 3: "The local-part is hashed using the SHA2-256
40 // algorithm with the hash truncated to 28 octets and
41 // represented in its hexadecimal representation to become the
42 // left-most label in the prepared domain name"
43 return hex.EncodeToString(hasher.Sum(nil)[:28]) + "." + "_smimecert." + domain, nil