1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
|
package gemini
import (
"bufio"
"bytes"
"crypto/sha512"
"crypto/x509"
"errors"
"fmt"
"io"
"strconv"
"strings"
)
var (
ErrInvalidKnownHosts = errors.New("gemini: invalid known hosts")
)
// KnownHost represents a known host.
type KnownHost struct {
Hostname string // e.g. gemini.circumlunar.space
Algorithm string // fingerprint algorithm
Fingerprint string // fingerprint in hexadecimal, with ':' between each octet
NotAfter int64 // unix time of certificate notAfter date
}
// ParseKnownHosts parses and returns a list of known hosts from the provided io.Reader.
func ParseKnownHosts(r io.Reader) ([]KnownHost, error) {
hosts := []KnownHost{}
scanner := bufio.NewScanner(r)
for scanner.Scan() {
text := scanner.Text()
parts := strings.Split(text, " ")
if len(parts) < 4 {
return nil, ErrInvalidKnownHosts
}
hostname := parts[0]
algorithm := parts[1]
fingerprint := parts[2]
notAfter, err := strconv.ParseInt(parts[3], 10, 0)
if err != nil {
return nil, ErrInvalidKnownHosts
}
hosts = append(hosts, KnownHost{
Hostname: hostname,
Algorithm: algorithm,
Fingerprint: fingerprint,
NotAfter: notAfter,
})
}
return hosts, nil
}
// Fingerprint returns the SHA-512 fingerprint of the provided certificate.
func Fingerprint(cert *x509.Certificate) string {
sum512 := sha512.Sum512(cert.Raw)
var buf bytes.Buffer
for i, f := range sum512 {
if i > 0 {
fmt.Fprintf(&buf, ":")
}
fmt.Fprintf(&buf, "%02X", f)
}
return buf.String()
}
|