diff options
Diffstat (limited to 'pkg/dns')
| -rw-r--r-- | pkg/dns/dns.go | 40 |
1 files changed, 40 insertions, 0 deletions
diff --git a/pkg/dns/dns.go b/pkg/dns/dns.go new file mode 100644 index 0000000..7979119 --- /dev/null +++ b/pkg/dns/dns.go @@ -0,0 +1,40 @@ +package dns + +import ( + "context" + "fmt" + "net" + + "encoding/hex" + + "git.sigsum.org/sigsum-log-go/pkg/types" +) + +// Verifier can verify that a domain name is aware of a public key +type Verifier interface { + Verify(ctx context.Context, name string, key *[types.VerificationKeySize]byte) error +} + +// DefaultResolver implements the Verifier interface with Go's default resolver +type DefaultResolver struct { + resolver net.Resolver +} + +func NewDefaultResolver() Verifier { + return &DefaultResolver{} +} + +func (dr *DefaultResolver) Verify(ctx context.Context, name string, key *[types.VerificationKeySize]byte) error { + rsp, err := dr.resolver.LookupTXT(ctx, name) + if err != nil { + return fmt.Errorf("domain name look-up failed: %v", err) + } + + want := hex.EncodeToString(types.Hash(key[:])[:]) + for _, got := range rsp { + if got == want { + return nil + } + } + return fmt.Errorf("%q is not aware of key hash %q", name, want) +} |