class Cryptorecord::Tlsa

Cryptorecord::Tlsa-class generates tlsa-dns-records. @!attribute [r] selector

@return [Integer] the selector

@!attribute [r] mtype

@return [Integer] the match-type

@!attribute [r] usage

@return [Integer] the usage

@!attribute [r] cert

@return [String] the x509 certificate

@!attribute [r] rectype

@return [String] "TLSA"

@!attribute host

@return [String] the fqdn for the record

@!attribute proto

@return [String] the network protocol

@!attribute port

@return [String] the network port

Attributes

cert[R]
host[RW]
mtype[R]
port[RW]
proto[RW]
rectype[R]
selector[R]
usage[R]

Public Class Methods

new(args = {}) click to toggle source

constructor for the tlsa-object

@param [Hash] args @option args [Integer] mtype the matching type @option args [Integer] selector the selector for the tlsa-record @option args [String] host host-part for the tlsa-record @option args [String] proto the network-protocol for the tlsa-record @option args [Integer] port the network-port for the tlsa-record @option args [Integer] usage the usage for this record @option args [String] cert the certificate as a string

# File lib/cryptorecord/tlsa.rb, line 57
def initialize(args = {})
  self.mtype = args.fetch(:mtype, 1)
  self.selector = args.fetch(:selector, 0)
  @host = args.fetch(:host, 'localhost')
  @proto = args.fetch(:proto, 'tcp')
  @port = args.fetch(:port, 443)
  self.usage = args.fetch(:usage, 3)
  self.cert = args.fetch(:cert, nil)
  @rectype = 'TLSA'
end

Public Instance Methods

cert=(val) click to toggle source

this setter initializes the certificate

@param [OpenSSL::X509::Certificate] val the x509 certificate @raise Cryptorecord::ArgumentError

# File lib/cryptorecord/tlsa.rb, line 107
def cert=(val)
  unless val.is_a?(OpenSSL::X509::Certificate) || val.nil?
    raise ArgumentError, 'cert has to be a OpenSSL::X509::Certificate'
  end

  @cert = val
end
fingerprint() click to toggle source

this function creates a hash-string defined by mtype and selector @return depending on mtype and selector a proper hash will be returned @raise Cryptorecord::MatchTypeError

# File lib/cryptorecord/tlsa.rb, line 126
def fingerprint
  raise Cryptorecord::MatchTypeError, 'No certificate defined' if @cert.nil?

  case @mtype.to_i
  when 0
    return bin_to_hex(msg)
  when 1
    return OpenSSL::Digest::SHA256.new(msg).to_s
  when 2
    return OpenSSL::Digest::SHA512.new(msg).to_s
  end
end
left() click to toggle source

This method returns the left-hand name of a dns-record @return [String] left-hand name of a dns-record

# File lib/cryptorecord/tlsa.rb, line 141
def left
  "_#{@port}._#{@proto}.#{@host}."
end
mtype=(val) click to toggle source

This setter initializes the mtype

@param [Integer] val The Matching Type of the association. 0 = Exact Match, 1 = SHA-256, 2 = SHA-512

# File lib/cryptorecord/tlsa.rb, line 83
def mtype=(val)
  if val.to_i < 0 || val.to_i > 2
    raise ArgumentError, 'Invalid match type.'\
    'Has to be 0,1 or 2'
  end
  @mtype = val
end
read_file(file) click to toggle source

This function reads in the certificate from file

@param [String] file path to certificate-file

# File lib/cryptorecord/tlsa.rb, line 118
def read_file(file)
  data = File.read(file)
  self.cert = OpenSSL::X509::Certificate.new(data)
end
right() click to toggle source

This method returns the right-hand content of a dns-record @return [String] right-hand content of a dns-record

# File lib/cryptorecord/tlsa.rb, line 147
def right
  "#{@usage} #{@selector} #{@mtype} #{fingerprint}"
end
selector=(val) click to toggle source

This setter initializes the selector

@param [Integer] val Selector for the association.

0 = Full Cert, 1 = SubjectPublicKeyInfo
# File lib/cryptorecord/tlsa.rb, line 72
def selector=(val)
  if val.to_i < 0 || val.to_i > 1
    raise ArgumentError, 'Invalid selector. Has to be 0 or 1'
  end
  @selector = val
end
to_s() click to toggle source

This method concats the tlsa-record

@return [String] tlsa dns-record as defined in rfc6698

# File lib/cryptorecord/tlsa.rb, line 154
def to_s
  "#{left} IN #{@rectype} #{right}"
end
usage=(val) click to toggle source

This setter initializes the usage

@param [Integer] val Usage for the association.

0 = PKIX-CA, 1 = PKIX-EE, 2 = DANE-TA, 3 = DANE-EE

@raise Cryptorecord::ArgumentError

# File lib/cryptorecord/tlsa.rb, line 96
def usage=(val)
  if val.to_i < 0 || val.to_i > 3
    raise ArgumentError, 'Invalid usage. Has to be 0,1,2 or 3'
  end
  @usage = val
end

Private Instance Methods

bin_to_hex(str) click to toggle source

This helper-function converts binary data into hex

@param [String] str Binary-string @return hex-string

# File lib/cryptorecord/tlsa.rb, line 177
def bin_to_hex(str)
  str.each_byte.map { |b| b.to_s(16).rjust(2, '0') }.join
end
msg() click to toggle source

This function selects the msg to hash using the selector

@return if selector = 0 it returns cert.to_der, if selector = 1 it returns cert.public_key.to_der

# File lib/cryptorecord/tlsa.rb, line 164
def msg
  case @selector.to_i
  when 0
    @cert.to_der
  when 1
    @cert.public_key.to_der
  end
end