diff options
author | Rasmus Dahlberg <rasmus.dahlberg@kau.se> | 2021-10-02 20:23:51 +0200 |
---|---|---|
committer | Rasmus Dahlberg <rasmus.dahlberg@kau.se> | 2021-10-02 20:23:51 +0200 |
commit | cc75064317725f5b4d58b8b364dbf0c9c431ec3e (patch) | |
tree | 7ee92c65d4340ecf910d0c966087f1b5a0ec404a /pkg/dns | |
parent | 01d7bd4785be2c82cc4765ba6e27cbcf61188862 (diff) |
added domain_hint enforcementv0.3.0
Diffstat (limited to 'pkg/dns')
-rw-r--r-- | pkg/dns/dns.go | 40 |
1 files changed, 40 insertions, 0 deletions
diff --git a/pkg/dns/dns.go b/pkg/dns/dns.go new file mode 100644 index 0000000..7979119 --- /dev/null +++ b/pkg/dns/dns.go @@ -0,0 +1,40 @@ +package dns + +import ( + "context" + "fmt" + "net" + + "encoding/hex" + + "git.sigsum.org/sigsum-log-go/pkg/types" +) + +// Verifier can verify that a domain name is aware of a public key +type Verifier interface { + Verify(ctx context.Context, name string, key *[types.VerificationKeySize]byte) error +} + +// DefaultResolver implements the Verifier interface with Go's default resolver +type DefaultResolver struct { + resolver net.Resolver +} + +func NewDefaultResolver() Verifier { + return &DefaultResolver{} +} + +func (dr *DefaultResolver) Verify(ctx context.Context, name string, key *[types.VerificationKeySize]byte) error { + rsp, err := dr.resolver.LookupTXT(ctx, name) + if err != nil { + return fmt.Errorf("domain name look-up failed: %v", err) + } + + want := hex.EncodeToString(types.Hash(key[:])[:]) + for _, got := range rsp { + if got == want { + return nil + } + } + return fmt.Errorf("%q is not aware of key hash %q", name, want) +} |