/// <summary>
/// Creates a new instance of the NIdRecord class
/// </summary>
/// <param name="name"> Domain name of the host </param>
/// <param name="timeToLive"> Seconds the record should be cached at most </param>
/// <param name="certificateUsage"></param>
/// <param name="selector"></param>
/// <param name="matchingType"></param>
/// <param name="certificateAssociation"></param>
public TlsaRecord(string name, int timeToLive, TlsaCertificateUsage certificateUsage, TlsaSelector selector, TlsaMatchingType matchingType, byte[] certificateAssociation)
: base(name, RecordType.Tlsa, RecordClass.INet, timeToLive)
{
CertificateUsage = certificateUsage;
Selector = selector;
MatchingType = matchingType;
CertificateAssociation = certificateAssociation ?? new byte[] { };
}
/// <summary>
/// Creates a new instance of the NIdRecord class
/// </summary>
/// <param name="name"> Domain name of the host </param>
/// <param name="timeToLive"> Seconds the record should be cached at most </param>
/// <param name="certificateUsage"></param>
/// <param name="selector"></param>
/// <param name="matchingType"></param>
/// <param name="certificateAssociation"></param>
public TlsaRecord(string name, int timeToLive, TlsaCertificateUsage certificateUsage, TlsaSelector selector, TlsaMatchingType matchingType, byte[] certificateAssociation)
: base(name, RecordType.Tlsa, RecordClass.INet, timeToLive)
{
CertificateUsage = certificateUsage;
Selector = selector;
MatchingType = matchingType;
CertificateAssociation = certificateAssociation ?? new byte[] { };
}
/// <summary>
/// Creates a new instance of the TlsaRecord class
/// </summary>
/// <param name="name"> Domain name of the host </param>
/// <param name="timeToLive"> Seconds the record should be cached at most </param>
/// <param name="certificateUsage">The certificate usage</param>
/// <param name="selector">The selector</param>
/// <param name="matchingType">The matching type</param>
/// <param name="certificate">The certificate to get the association data from</param>
public TlsaRecord(DomainName name, int timeToLive, TlsaCertificateUsage certificateUsage, TlsaSelector selector, TlsaMatchingType matchingType, X509Certificate certificate)
: base(name, RecordType.Tlsa, RecordClass.INet, timeToLive)
{
CertificateUsage = certificateUsage;
Selector = selector;
MatchingType = matchingType;
CertificateAssociationData = GetCertificateAssocicationData(selector, matchingType, certificate);
}
/// <summary>
/// Creates a new instance of the TlsaRecord class
/// </summary>
/// <param name="name"> Domain name of the host </param>
/// <param name="timeToLive"> Seconds the record should be cached at most </param>
/// <param name="certificateUsage">The certificate usage</param>
/// <param name="selector">The selector</param>
/// <param name="matchingType">The matching type</param>
/// <param name="certificateAssociationData">The certificate association data</param>
public TlsaRecord(DomainName name, int timeToLive, TlsaCertificateUsage certificateUsage, TlsaSelector selector, TlsaMatchingType matchingType, byte[] certificateAssociationData)
: base(name, RecordType.Tlsa, RecordClass.INet, timeToLive)
{
CertificateUsage = certificateUsage;
Selector = selector;
MatchingType = matchingType;
CertificateAssociationData = certificateAssociationData ?? Array.Empty <byte>();
}
internal static byte[] GetCertificateAssocicationData(TlsaSelector selector, TlsaMatchingType matchingType, X509Certificate certificate)
{
byte[] selectedBytes;
switch (selector)
{
case TlsaSelector.FullCertificate:
selectedBytes = certificate.GetRawCertData();
break;
case TlsaSelector.SubjectPublicKeyInfo:
var asymmetricKeyParameter = PublicKeyFactory.CreateKey(certificate.GetRawCertData());
selectedBytes = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(asymmetricKeyParameter).GetDerEncoded();
break;
default:
throw new NotSupportedException();
}
byte[] matchingBytes;
switch (matchingType)
{
case TlsaMatchingType.Full:
matchingBytes = selectedBytes;
break;
case TlsaMatchingType.Sha256Hash:
Sha256Digest sha256Digest = new Sha256Digest();
sha256Digest.BlockUpdate(selectedBytes, 0, selectedBytes.Length);
matchingBytes = new byte[sha256Digest.GetDigestSize()];
sha256Digest.DoFinal(matchingBytes, 0);
break;
case TlsaMatchingType.Sha512Hash:
Sha512Digest sha512Digest = new Sha512Digest();
sha512Digest.BlockUpdate(selectedBytes, 0, selectedBytes.Length);
matchingBytes = new byte[sha512Digest.GetDigestSize()];
sha512Digest.DoFinal(matchingBytes, 0);
break;
default:
throw new NotSupportedException();
}
return(matchingBytes);
}
internal static byte[] GetCertificateAssocicationData(TlsaSelector selector, TlsaMatchingType matchingType, X509Certificate certificate)
{
byte[] selectedBytes;
switch (selector)
{
case TlsaSelector.FullCertificate:
#if NETSTANDARD
if (!(certificate is System.Security.Cryptography.X509Certificates.X509Certificate2))
{
// what do?
throw new NotImplementedException("X509Certificate unsupported, use X509Certificate2");
}
selectedBytes = ((System.Security.Cryptography.X509Certificates.X509Certificate2)certificate).RawData;
#else
selectedBytes = certificate.GetRawCertData();
#endif
break;
case TlsaSelector.SubjectPublicKeyInfo:
#if NETSTANDARD
if (!(certificate is System.Security.Cryptography.X509Certificates.X509Certificate2))
{
throw new NotImplementedException("X509Certificate unsupported, use X509Certificate2");
}
selectedBytes = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(new X509CertificateParser().ReadCertificate(((System.Security.Cryptography.X509Certificates.X509Certificate2)certificate).RawData).GetPublicKey()).GetDerEncoded();
#else
selectedBytes = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(DotNetUtilities.FromX509Certificate(certificate).GetPublicKey()).GetDerEncoded();
#endif
break;
default:
throw new NotSupportedException();
}
byte[] matchingBytes;
switch (matchingType)
{
case TlsaMatchingType.Full:
matchingBytes = selectedBytes;
break;
case TlsaMatchingType.Sha256Hash:
Sha256Digest sha256Digest = new Sha256Digest();
sha256Digest.BlockUpdate(selectedBytes, 0, selectedBytes.Length);
matchingBytes = new byte[sha256Digest.GetDigestSize()];
sha256Digest.DoFinal(matchingBytes, 0);
break;
case TlsaMatchingType.Sha512Hash:
Sha512Digest sha512Digest = new Sha512Digest();
sha512Digest.BlockUpdate(selectedBytes, 0, selectedBytes.Length);
matchingBytes = new byte[sha512Digest.GetDigestSize()];
sha512Digest.DoFinal(matchingBytes, 0);
break;
default:
throw new NotSupportedException();
}
return(matchingBytes);
}
internal static byte[] GetCertificateAssocicationData(TlsaSelector selector, TlsaMatchingType matchingType, X509Certificate certificate)
{
byte[] selectedBytes;
switch (selector)
{
case TlsaSelector.FullCertificate:
selectedBytes = certificate.GetRawCertData();
break;
case TlsaSelector.SubjectPublicKeyInfo:
selectedBytes = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(DotNetUtilities.FromX509Certificate(certificate).GetPublicKey()).GetDerEncoded();
break;
default:
throw new NotSupportedException();
}
byte[] matchingBytes;
switch (matchingType)
{
case TlsaMatchingType.Full:
matchingBytes = selectedBytes;
break;
case TlsaMatchingType.Sha256Hash:
Sha256Digest sha256Digest = new Sha256Digest();
sha256Digest.BlockUpdate(selectedBytes, 0, selectedBytes.Length);
matchingBytes = new byte[sha256Digest.GetDigestSize()];
sha256Digest.DoFinal(matchingBytes, 0);
break;
case TlsaMatchingType.Sha512Hash:
Sha512Digest sha512Digest = new Sha512Digest();
sha512Digest.BlockUpdate(selectedBytes, 0, selectedBytes.Length);
matchingBytes = new byte[sha512Digest.GetDigestSize()];
sha512Digest.DoFinal(matchingBytes, 0);
break;
default:
throw new NotSupportedException();
}
return matchingBytes;
}
/// <summary>
/// Creates a new instance of the TlsaRecord class
/// </summary>
/// <param name="name"> Domain name of the host </param>
/// <param name="timeToLive"> Seconds the record should be cached at most </param>
/// <param name="certificateUsage">The certificate usage</param>
/// <param name="selector">The selector</param>
/// <param name="matchingType">The matching type</param>
/// <param name="certificate">The certificate to get the association data from</param>
public TlsaRecord(DomainName name, int timeToLive, TlsaCertificateUsage certificateUsage, TlsaSelector selector, TlsaMatchingType matchingType, X509Certificate certificate)
: base(name, RecordType.Tlsa, RecordClass.INet, timeToLive)
{
CertificateUsage = certificateUsage;
Selector = selector;
MatchingType = matchingType;
CertificateAssociationData = GetCertificateAssocicationData(selector, matchingType, certificate);
}
