71 lines
1.5 KiB
Go
71 lines
1.5 KiB
Go
|
package gemini
|
||
|
|
||
|
import (
|
||
|
"bufio"
|
||
|
"bytes"
|
||
|
"crypto/sha512"
|
||
|
"crypto/x509"
|
||
|
"errors"
|
||
|
"fmt"
|
||
|
"io"
|
||
|
"strconv"
|
||
|
"strings"
|
||
|
)
|
||
|
|
||
|
var (
|
||
|
ErrInvalidKnownHosts = errors.New("gemini: invalid known hosts")
|
||
|
)
|
||
|
|
||
|
// KnownHost represents a known host.
|
||
|
type KnownHost struct {
|
||
|
Hostname string // e.g. gemini.circumlunar.space
|
||
|
Algorithm string // fingerprint algorithm
|
||
|
Fingerprint string // fingerprint in hexadecimal, with ':' between each octet
|
||
|
NotAfter int64 // unix time of certificate notAfter date
|
||
|
}
|
||
|
|
||
|
// ParseKnownHosts parses and returns a list of known hosts from the provided io.Reader.
|
||
|
func ParseKnownHosts(r io.Reader) ([]KnownHost, error) {
|
||
|
hosts := []KnownHost{}
|
||
|
|
||
|
scanner := bufio.NewScanner(r)
|
||
|
for scanner.Scan() {
|
||
|
text := scanner.Text()
|
||
|
|
||
|
parts := strings.Split(text, " ")
|
||
|
if len(parts) < 4 {
|
||
|
return nil, ErrInvalidKnownHosts
|
||
|
}
|
||
|
|
||
|
hostname := parts[0]
|
||
|
algorithm := parts[1]
|
||
|
fingerprint := parts[2]
|
||
|
notAfter, err := strconv.ParseInt(parts[3], 10, 0)
|
||
|
if err != nil {
|
||
|
return nil, ErrInvalidKnownHosts
|
||
|
}
|
||
|
|
||
|
hosts = append(hosts, KnownHost{
|
||
|
Hostname: hostname,
|
||
|
Algorithm: algorithm,
|
||
|
Fingerprint: fingerprint,
|
||
|
NotAfter: notAfter,
|
||
|
})
|
||
|
}
|
||
|
|
||
|
return hosts, nil
|
||
|
}
|
||
|
|
||
|
// Fingerprint returns the SHA-512 fingerprint of the provided certificate.
|
||
|
func Fingerprint(cert *x509.Certificate) string {
|
||
|
sum512 := sha512.Sum512(cert.Raw)
|
||
|
var buf bytes.Buffer
|
||
|
for i, f := range sum512 {
|
||
|
if i > 0 {
|
||
|
fmt.Fprintf(&buf, ":")
|
||
|
}
|
||
|
fmt.Fprintf(&buf, "%02X", f)
|
||
|
}
|
||
|
return buf.String()
|
||
|
}
|