class Cryptorecord::Tlsa
Cryptorecord::Tlsa-class generates tlsa-dns-records. @!attribute [r] selector
@return [Integer] the selector
@!attribute [r] mtype
@return [Integer] the match-type
@!attribute [r] usage
@return [Integer] the usage
@!attribute [r] cert
@return [String] the x509 certificate
@!attribute [r] rectype
@return [String] "TLSA"
@!attribute host
@return [String] the fqdn for the record
@!attribute proto
@return [String] the network protocol
@!attribute port
@return [String] the network port
Attributes
Public Class Methods
constructor for the tlsa-object
@param [Hash] args @option args [Integer] mtype the matching type @option args [Integer] selector the selector for the tlsa-record @option args [String] host host-part for the tlsa-record @option args [String] proto the network-protocol for the tlsa-record @option args [Integer] port the network-port for the tlsa-record @option args [Integer] usage the usage for this record @option args [String] cert the certificate as a string
# File lib/cryptorecord/tlsa.rb, line 57 def initialize(args = {}) self.mtype = args.fetch(:mtype, 1) self.selector = args.fetch(:selector, 0) @host = args.fetch(:host, 'localhost') @proto = args.fetch(:proto, 'tcp') @port = args.fetch(:port, 443) self.usage = args.fetch(:usage, 3) self.cert = args.fetch(:cert, nil) @rectype = 'TLSA' end
Public Instance Methods
this setter initializes the certificate
@param [OpenSSL::X509::Certificate] val the x509 certificate @raise Cryptorecord::ArgumentError
# File lib/cryptorecord/tlsa.rb, line 107 def cert=(val) unless val.is_a?(OpenSSL::X509::Certificate) || val.nil? raise ArgumentError, 'cert has to be a OpenSSL::X509::Certificate' end @cert = val end
this function creates a hash-string defined by mtype and selector @return depending on mtype and selector a proper hash will be returned @raise Cryptorecord::MatchTypeError
# File lib/cryptorecord/tlsa.rb, line 126 def fingerprint raise Cryptorecord::MatchTypeError, 'No certificate defined' if @cert.nil? case @mtype.to_i when 0 return bin_to_hex(msg) when 1 return OpenSSL::Digest::SHA256.new(msg).to_s when 2 return OpenSSL::Digest::SHA512.new(msg).to_s end end
This method returns the left-hand name of a dns-record @return [String] left-hand name of a dns-record
# File lib/cryptorecord/tlsa.rb, line 141 def left "_#{@port}._#{@proto}.#{@host}." end
This setter initializes the mtype
@param [Integer] val The Matching Type of the association. 0 = Exact Match, 1 = SHA-256, 2 = SHA-512
# File lib/cryptorecord/tlsa.rb, line 83 def mtype=(val) if val.to_i < 0 || val.to_i > 2 raise ArgumentError, 'Invalid match type.'\ 'Has to be 0,1 or 2' end @mtype = val end
This function reads in the certificate from file
@param [String] file path to certificate-file
# File lib/cryptorecord/tlsa.rb, line 118 def read_file(file) data = File.read(file) self.cert = OpenSSL::X509::Certificate.new(data) end
This method returns the right-hand content of a dns-record @return [String] right-hand content of a dns-record
# File lib/cryptorecord/tlsa.rb, line 147 def right "#{@usage} #{@selector} #{@mtype} #{fingerprint}" end
This setter initializes the selector
@param [Integer] val Selector for the association.
0 = Full Cert, 1 = SubjectPublicKeyInfo
# File lib/cryptorecord/tlsa.rb, line 72 def selector=(val) if val.to_i < 0 || val.to_i > 1 raise ArgumentError, 'Invalid selector. Has to be 0 or 1' end @selector = val end
This method concats the tlsa-record
@return [String] tlsa dns-record as defined in rfc6698
# File lib/cryptorecord/tlsa.rb, line 154 def to_s "#{left} IN #{@rectype} #{right}" end
This setter initializes the usage
@param [Integer] val Usage for the association.
0 = PKIX-CA, 1 = PKIX-EE, 2 = DANE-TA, 3 = DANE-EE
@raise Cryptorecord::ArgumentError
# File lib/cryptorecord/tlsa.rb, line 96 def usage=(val) if val.to_i < 0 || val.to_i > 3 raise ArgumentError, 'Invalid usage. Has to be 0,1,2 or 3' end @usage = val end
Private Instance Methods
This helper-function converts binary data into hex
@param [String] str Binary-string @return hex-string
# File lib/cryptorecord/tlsa.rb, line 177 def bin_to_hex(str) str.each_byte.map { |b| b.to_s(16).rjust(2, '0') }.join end
This function selects the msg to hash using the selector
@return if selector = 0 it returns cert.to_der, if selector = 1 it returns cert.public_key.to_der
# File lib/cryptorecord/tlsa.rb, line 164 def msg case @selector.to_i when 0 @cert.to_der when 1 @cert.public_key.to_der end end