1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
|
package x509util
import (
"crypto/sha256"
"crypto/x509"
"go.step.sm/crypto/fingerprint"
)
// FingerprintEncoding defines the supported encodings in certificate
// fingerprints.
type FingerprintEncoding = fingerprint.Encoding
// Supported fingerprint encodings.
const (
// DefaultFingerprint represents the hex encoding of the fingerprint.
DefaultFingerprint = FingerprintEncoding(0)
// HexFingerprint represents the hex encoding of the fingerprint.
HexFingerprint = fingerprint.HexFingerprint
// Base64Fingerprint represents the base64 encoding of the fingerprint.
Base64Fingerprint = fingerprint.Base64Fingerprint
// Base64URLFingerprint represents the base64URL encoding of the fingerprint.
Base64URLFingerprint = fingerprint.Base64URLFingerprint
// Base64RawFingerprint represents the base64RawStd encoding of the fingerprint.
Base64RawFingerprint = fingerprint.Base64RawFingerprint
// Base64RawURLFingerprint represents the base64RawURL encoding of the fingerprint.
Base64RawURLFingerprint = fingerprint.Base64RawURLFingerprint
// EmojiFingerprint represents the emoji encoding of the fingerprint.
EmojiFingerprint = fingerprint.EmojiFingerprint
)
// Fingerprint returns the SHA-256 fingerprint of the certificate.
func Fingerprint(cert *x509.Certificate) string {
return EncodedFingerprint(cert, DefaultFingerprint)
}
// EncodedFingerprint returns the SHA-256 hash of the certificate using the
// specified encoding. If an invalid encoding is passed, the return value will
// be an empty string.
func EncodedFingerprint(cert *x509.Certificate, encoding FingerprintEncoding) string {
sum := sha256.Sum256(cert.Raw)
switch encoding {
case DefaultFingerprint:
return fingerprint.Fingerprint(sum[:], HexFingerprint)
default:
return fingerprint.Fingerprint(sum[:], encoding)
}
}
|
