Class: Cryptorecord::Tlsa
- Inherits:
-
Object
- Object
- Cryptorecord::Tlsa
- Defined in:
- lib/cryptorecord/tlsa.rb
Overview
Cryptorecord::Tlsa-class generates tlsa-dns-records.
Instance Attribute Summary collapse
-
#cert ⇒ String
The x509 certificate.
-
#host ⇒ String
The fqdn for the record.
-
#mtype ⇒ Integer
The match-type.
-
#port ⇒ String
The network port.
-
#proto ⇒ String
The network protocol.
-
#rectype ⇒ String
readonly
“TLSA”.
-
#selector ⇒ Integer
The selector.
-
#usage ⇒ Integer
The usage.
Instance Method Summary collapse
-
#fingerprint ⇒ Object
this function creates a hash-string defined by mtype and selector.
-
#initialize(args = {}) ⇒ Tlsa
constructor
constructor for the tlsa-object.
-
#left ⇒ String
This method returns the left-hand name of a dns-record.
-
#read_file(file) ⇒ Object
This function reads in the certificate from file.
-
#right ⇒ String
This method returns the right-hand content of a dns-record.
-
#to_s ⇒ String
This method concats the tlsa-record.
Constructor Details
#initialize(args = {}) ⇒ Tlsa
constructor for the tlsa-object
57 58 59 60 61 62 63 64 65 66 |
# File 'lib/cryptorecord/tlsa.rb', line 57 def initialize(args = {}) self.mtype = args.fetch(:mtype, 1) self.selector = args.fetch(:selector, 0) @host = args.fetch(:host, 'localhost') @proto = args.fetch(:proto, 'tcp') @port = args.fetch(:port, 443) self.usage = args.fetch(:usage, 3) self.cert = args.fetch(:cert, nil) @rectype = 'TLSA' end |
Instance Attribute Details
#cert ⇒ String
Returns the x509 certificate.
43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 |
# File 'lib/cryptorecord/tlsa.rb', line 43 class Tlsa attr_reader :selector, :mtype, :usage, :cert, :rectype attr_accessor :host, :proto, :port # constructor for the tlsa-object # # @param [Hash] args # @option args [Integer] mtype the matching type # @option args [Integer] selector the selector for the tlsa-record # @option args [String] host host-part for the tlsa-record # @option args [String] proto the network-protocol for the tlsa-record # @option args [Integer] port the network-port for the tlsa-record # @option args [Integer] usage the usage for this record # @option args [String] cert the certificate as a string def initialize(args = {}) self.mtype = args.fetch(:mtype, 1) self.selector = args.fetch(:selector, 0) @host = args.fetch(:host, 'localhost') @proto = args.fetch(:proto, 'tcp') @port = args.fetch(:port, 443) self.usage = args.fetch(:usage, 3) self.cert = args.fetch(:cert, nil) @rectype = 'TLSA' end # This setter initializes the selector # # @param [Integer] val Selector for the association. # 0 = Full Cert, 1 = SubjectPublicKeyInfo def selector=(val) if val.to_i < 0 || val.to_i > 1 raise ArgumentError, 'Invalid selector. Has to be 0 or 1' end @selector = val end # This setter initializes the mtype # # @param [Integer] val The Matching Type of the association. # 0 = Exact Match, 1 = SHA-256, 2 = SHA-512 def mtype=(val) if val.to_i < 0 || val.to_i > 2 raise ArgumentError, 'Invalid match type.'\ 'Has to be 0,1 or 2' end @mtype = val end # This setter initializes the usage # # @param [Integer] val Usage for the association. # 0 = PKIX-CA, 1 = PKIX-EE, 2 = DANE-TA, 3 = DANE-EE # @raise Cryptorecord::ArgumentError def usage=(val) if val.to_i < 0 || val.to_i > 3 raise ArgumentError, 'Invalid usage. Has to be 0,1,2 or 3' end @usage = val end # this setter initializes the certificate # # @param [OpenSSL::X509::Certificate] val the x509 certificate # @raise Cryptorecord::ArgumentError def cert=(val) unless val.is_a?(OpenSSL::X509::Certificate) || val.nil? raise ArgumentError, 'cert has to be a OpenSSL::X509::Certificate' end @cert = val end # This function reads in the certificate from file # # @param [String] file path to certificate-file def read_file(file) data = File.read(file) self.cert = OpenSSL::X509::Certificate.new(data) end # this function creates a hash-string defined by mtype and selector # @return depending on mtype and selector a proper hash will be returned # @raise Cryptorecord::MatchTypeError def fingerprint raise Cryptorecord::MatchTypeError, 'No certificate defined' if @cert.nil? case @mtype.to_i when 0 return bin_to_hex(msg) when 1 return OpenSSL::Digest::SHA256.new(msg).to_s when 2 return OpenSSL::Digest::SHA512.new(msg).to_s end end # This method returns the left-hand name of a dns-record # @return [String] left-hand name of a dns-record def left "_#{@port}._#{@proto}.#{@host}." end # This method returns the right-hand content of a dns-record # @return [String] right-hand content of a dns-record def right "#{@usage} #{@selector} #{@mtype} #{fingerprint}" end # This method concats the tlsa-record # # @return [String] tlsa dns-record as defined in rfc6698 def to_s "#{left} IN #{@rectype} #{right}" end private # This function selects the msg to hash using the selector # # @return if selector = 0 it returns cert.to_der, # if selector = 1 it returns cert.public_key.to_der def msg case @selector.to_i when 0 @cert.to_der when 1 @cert.public_key.to_der end end # This helper-function converts binary data into hex # # @param [String] str Binary-string # @return hex-string def bin_to_hex(str) str.each_byte.map { |b| b.to_s(16).rjust(2, '0') }.join end end |
#host ⇒ String
Returns the fqdn for the record.
43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 |
# File 'lib/cryptorecord/tlsa.rb', line 43 class Tlsa attr_reader :selector, :mtype, :usage, :cert, :rectype attr_accessor :host, :proto, :port # constructor for the tlsa-object # # @param [Hash] args # @option args [Integer] mtype the matching type # @option args [Integer] selector the selector for the tlsa-record # @option args [String] host host-part for the tlsa-record # @option args [String] proto the network-protocol for the tlsa-record # @option args [Integer] port the network-port for the tlsa-record # @option args [Integer] usage the usage for this record # @option args [String] cert the certificate as a string def initialize(args = {}) self.mtype = args.fetch(:mtype, 1) self.selector = args.fetch(:selector, 0) @host = args.fetch(:host, 'localhost') @proto = args.fetch(:proto, 'tcp') @port = args.fetch(:port, 443) self.usage = args.fetch(:usage, 3) self.cert = args.fetch(:cert, nil) @rectype = 'TLSA' end # This setter initializes the selector # # @param [Integer] val Selector for the association. # 0 = Full Cert, 1 = SubjectPublicKeyInfo def selector=(val) if val.to_i < 0 || val.to_i > 1 raise ArgumentError, 'Invalid selector. Has to be 0 or 1' end @selector = val end # This setter initializes the mtype # # @param [Integer] val The Matching Type of the association. # 0 = Exact Match, 1 = SHA-256, 2 = SHA-512 def mtype=(val) if val.to_i < 0 || val.to_i > 2 raise ArgumentError, 'Invalid match type.'\ 'Has to be 0,1 or 2' end @mtype = val end # This setter initializes the usage # # @param [Integer] val Usage for the association. # 0 = PKIX-CA, 1 = PKIX-EE, 2 = DANE-TA, 3 = DANE-EE # @raise Cryptorecord::ArgumentError def usage=(val) if val.to_i < 0 || val.to_i > 3 raise ArgumentError, 'Invalid usage. Has to be 0,1,2 or 3' end @usage = val end # this setter initializes the certificate # # @param [OpenSSL::X509::Certificate] val the x509 certificate # @raise Cryptorecord::ArgumentError def cert=(val) unless val.is_a?(OpenSSL::X509::Certificate) || val.nil? raise ArgumentError, 'cert has to be a OpenSSL::X509::Certificate' end @cert = val end # This function reads in the certificate from file # # @param [String] file path to certificate-file def read_file(file) data = File.read(file) self.cert = OpenSSL::X509::Certificate.new(data) end # this function creates a hash-string defined by mtype and selector # @return depending on mtype and selector a proper hash will be returned # @raise Cryptorecord::MatchTypeError def fingerprint raise Cryptorecord::MatchTypeError, 'No certificate defined' if @cert.nil? case @mtype.to_i when 0 return bin_to_hex(msg) when 1 return OpenSSL::Digest::SHA256.new(msg).to_s when 2 return OpenSSL::Digest::SHA512.new(msg).to_s end end # This method returns the left-hand name of a dns-record # @return [String] left-hand name of a dns-record def left "_#{@port}._#{@proto}.#{@host}." end # This method returns the right-hand content of a dns-record # @return [String] right-hand content of a dns-record def right "#{@usage} #{@selector} #{@mtype} #{fingerprint}" end # This method concats the tlsa-record # # @return [String] tlsa dns-record as defined in rfc6698 def to_s "#{left} IN #{@rectype} #{right}" end private # This function selects the msg to hash using the selector # # @return if selector = 0 it returns cert.to_der, # if selector = 1 it returns cert.public_key.to_der def msg case @selector.to_i when 0 @cert.to_der when 1 @cert.public_key.to_der end end # This helper-function converts binary data into hex # # @param [String] str Binary-string # @return hex-string def bin_to_hex(str) str.each_byte.map { |b| b.to_s(16).rjust(2, '0') }.join end end |
#mtype ⇒ Integer
Returns the match-type.
43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 |
# File 'lib/cryptorecord/tlsa.rb', line 43 class Tlsa attr_reader :selector, :mtype, :usage, :cert, :rectype attr_accessor :host, :proto, :port # constructor for the tlsa-object # # @param [Hash] args # @option args [Integer] mtype the matching type # @option args [Integer] selector the selector for the tlsa-record # @option args [String] host host-part for the tlsa-record # @option args [String] proto the network-protocol for the tlsa-record # @option args [Integer] port the network-port for the tlsa-record # @option args [Integer] usage the usage for this record # @option args [String] cert the certificate as a string def initialize(args = {}) self.mtype = args.fetch(:mtype, 1) self.selector = args.fetch(:selector, 0) @host = args.fetch(:host, 'localhost') @proto = args.fetch(:proto, 'tcp') @port = args.fetch(:port, 443) self.usage = args.fetch(:usage, 3) self.cert = args.fetch(:cert, nil) @rectype = 'TLSA' end # This setter initializes the selector # # @param [Integer] val Selector for the association. # 0 = Full Cert, 1 = SubjectPublicKeyInfo def selector=(val) if val.to_i < 0 || val.to_i > 1 raise ArgumentError, 'Invalid selector. Has to be 0 or 1' end @selector = val end # This setter initializes the mtype # # @param [Integer] val The Matching Type of the association. # 0 = Exact Match, 1 = SHA-256, 2 = SHA-512 def mtype=(val) if val.to_i < 0 || val.to_i > 2 raise ArgumentError, 'Invalid match type.'\ 'Has to be 0,1 or 2' end @mtype = val end # This setter initializes the usage # # @param [Integer] val Usage for the association. # 0 = PKIX-CA, 1 = PKIX-EE, 2 = DANE-TA, 3 = DANE-EE # @raise Cryptorecord::ArgumentError def usage=(val) if val.to_i < 0 || val.to_i > 3 raise ArgumentError, 'Invalid usage. Has to be 0,1,2 or 3' end @usage = val end # this setter initializes the certificate # # @param [OpenSSL::X509::Certificate] val the x509 certificate # @raise Cryptorecord::ArgumentError def cert=(val) unless val.is_a?(OpenSSL::X509::Certificate) || val.nil? raise ArgumentError, 'cert has to be a OpenSSL::X509::Certificate' end @cert = val end # This function reads in the certificate from file # # @param [String] file path to certificate-file def read_file(file) data = File.read(file) self.cert = OpenSSL::X509::Certificate.new(data) end # this function creates a hash-string defined by mtype and selector # @return depending on mtype and selector a proper hash will be returned # @raise Cryptorecord::MatchTypeError def fingerprint raise Cryptorecord::MatchTypeError, 'No certificate defined' if @cert.nil? case @mtype.to_i when 0 return bin_to_hex(msg) when 1 return OpenSSL::Digest::SHA256.new(msg).to_s when 2 return OpenSSL::Digest::SHA512.new(msg).to_s end end # This method returns the left-hand name of a dns-record # @return [String] left-hand name of a dns-record def left "_#{@port}._#{@proto}.#{@host}." end # This method returns the right-hand content of a dns-record # @return [String] right-hand content of a dns-record def right "#{@usage} #{@selector} #{@mtype} #{fingerprint}" end # This method concats the tlsa-record # # @return [String] tlsa dns-record as defined in rfc6698 def to_s "#{left} IN #{@rectype} #{right}" end private # This function selects the msg to hash using the selector # # @return if selector = 0 it returns cert.to_der, # if selector = 1 it returns cert.public_key.to_der def msg case @selector.to_i when 0 @cert.to_der when 1 @cert.public_key.to_der end end # This helper-function converts binary data into hex # # @param [String] str Binary-string # @return hex-string def bin_to_hex(str) str.each_byte.map { |b| b.to_s(16).rjust(2, '0') }.join end end |
#port ⇒ String
Returns the network port.
43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 |
# File 'lib/cryptorecord/tlsa.rb', line 43 class Tlsa attr_reader :selector, :mtype, :usage, :cert, :rectype attr_accessor :host, :proto, :port # constructor for the tlsa-object # # @param [Hash] args # @option args [Integer] mtype the matching type # @option args [Integer] selector the selector for the tlsa-record # @option args [String] host host-part for the tlsa-record # @option args [String] proto the network-protocol for the tlsa-record # @option args [Integer] port the network-port for the tlsa-record # @option args [Integer] usage the usage for this record # @option args [String] cert the certificate as a string def initialize(args = {}) self.mtype = args.fetch(:mtype, 1) self.selector = args.fetch(:selector, 0) @host = args.fetch(:host, 'localhost') @proto = args.fetch(:proto, 'tcp') @port = args.fetch(:port, 443) self.usage = args.fetch(:usage, 3) self.cert = args.fetch(:cert, nil) @rectype = 'TLSA' end # This setter initializes the selector # # @param [Integer] val Selector for the association. # 0 = Full Cert, 1 = SubjectPublicKeyInfo def selector=(val) if val.to_i < 0 || val.to_i > 1 raise ArgumentError, 'Invalid selector. Has to be 0 or 1' end @selector = val end # This setter initializes the mtype # # @param [Integer] val The Matching Type of the association. # 0 = Exact Match, 1 = SHA-256, 2 = SHA-512 def mtype=(val) if val.to_i < 0 || val.to_i > 2 raise ArgumentError, 'Invalid match type.'\ 'Has to be 0,1 or 2' end @mtype = val end # This setter initializes the usage # # @param [Integer] val Usage for the association. # 0 = PKIX-CA, 1 = PKIX-EE, 2 = DANE-TA, 3 = DANE-EE # @raise Cryptorecord::ArgumentError def usage=(val) if val.to_i < 0 || val.to_i > 3 raise ArgumentError, 'Invalid usage. Has to be 0,1,2 or 3' end @usage = val end # this setter initializes the certificate # # @param [OpenSSL::X509::Certificate] val the x509 certificate # @raise Cryptorecord::ArgumentError def cert=(val) unless val.is_a?(OpenSSL::X509::Certificate) || val.nil? raise ArgumentError, 'cert has to be a OpenSSL::X509::Certificate' end @cert = val end # This function reads in the certificate from file # # @param [String] file path to certificate-file def read_file(file) data = File.read(file) self.cert = OpenSSL::X509::Certificate.new(data) end # this function creates a hash-string defined by mtype and selector # @return depending on mtype and selector a proper hash will be returned # @raise Cryptorecord::MatchTypeError def fingerprint raise Cryptorecord::MatchTypeError, 'No certificate defined' if @cert.nil? case @mtype.to_i when 0 return bin_to_hex(msg) when 1 return OpenSSL::Digest::SHA256.new(msg).to_s when 2 return OpenSSL::Digest::SHA512.new(msg).to_s end end # This method returns the left-hand name of a dns-record # @return [String] left-hand name of a dns-record def left "_#{@port}._#{@proto}.#{@host}." end # This method returns the right-hand content of a dns-record # @return [String] right-hand content of a dns-record def right "#{@usage} #{@selector} #{@mtype} #{fingerprint}" end # This method concats the tlsa-record # # @return [String] tlsa dns-record as defined in rfc6698 def to_s "#{left} IN #{@rectype} #{right}" end private # This function selects the msg to hash using the selector # # @return if selector = 0 it returns cert.to_der, # if selector = 1 it returns cert.public_key.to_der def msg case @selector.to_i when 0 @cert.to_der when 1 @cert.public_key.to_der end end # This helper-function converts binary data into hex # # @param [String] str Binary-string # @return hex-string def bin_to_hex(str) str.each_byte.map { |b| b.to_s(16).rjust(2, '0') }.join end end |
#proto ⇒ String
Returns the network protocol.
43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 |
# File 'lib/cryptorecord/tlsa.rb', line 43 class Tlsa attr_reader :selector, :mtype, :usage, :cert, :rectype attr_accessor :host, :proto, :port # constructor for the tlsa-object # # @param [Hash] args # @option args [Integer] mtype the matching type # @option args [Integer] selector the selector for the tlsa-record # @option args [String] host host-part for the tlsa-record # @option args [String] proto the network-protocol for the tlsa-record # @option args [Integer] port the network-port for the tlsa-record # @option args [Integer] usage the usage for this record # @option args [String] cert the certificate as a string def initialize(args = {}) self.mtype = args.fetch(:mtype, 1) self.selector = args.fetch(:selector, 0) @host = args.fetch(:host, 'localhost') @proto = args.fetch(:proto, 'tcp') @port = args.fetch(:port, 443) self.usage = args.fetch(:usage, 3) self.cert = args.fetch(:cert, nil) @rectype = 'TLSA' end # This setter initializes the selector # # @param [Integer] val Selector for the association. # 0 = Full Cert, 1 = SubjectPublicKeyInfo def selector=(val) if val.to_i < 0 || val.to_i > 1 raise ArgumentError, 'Invalid selector. Has to be 0 or 1' end @selector = val end # This setter initializes the mtype # # @param [Integer] val The Matching Type of the association. # 0 = Exact Match, 1 = SHA-256, 2 = SHA-512 def mtype=(val) if val.to_i < 0 || val.to_i > 2 raise ArgumentError, 'Invalid match type.'\ 'Has to be 0,1 or 2' end @mtype = val end # This setter initializes the usage # # @param [Integer] val Usage for the association. # 0 = PKIX-CA, 1 = PKIX-EE, 2 = DANE-TA, 3 = DANE-EE # @raise Cryptorecord::ArgumentError def usage=(val) if val.to_i < 0 || val.to_i > 3 raise ArgumentError, 'Invalid usage. Has to be 0,1,2 or 3' end @usage = val end # this setter initializes the certificate # # @param [OpenSSL::X509::Certificate] val the x509 certificate # @raise Cryptorecord::ArgumentError def cert=(val) unless val.is_a?(OpenSSL::X509::Certificate) || val.nil? raise ArgumentError, 'cert has to be a OpenSSL::X509::Certificate' end @cert = val end # This function reads in the certificate from file # # @param [String] file path to certificate-file def read_file(file) data = File.read(file) self.cert = OpenSSL::X509::Certificate.new(data) end # this function creates a hash-string defined by mtype and selector # @return depending on mtype and selector a proper hash will be returned # @raise Cryptorecord::MatchTypeError def fingerprint raise Cryptorecord::MatchTypeError, 'No certificate defined' if @cert.nil? case @mtype.to_i when 0 return bin_to_hex(msg) when 1 return OpenSSL::Digest::SHA256.new(msg).to_s when 2 return OpenSSL::Digest::SHA512.new(msg).to_s end end # This method returns the left-hand name of a dns-record # @return [String] left-hand name of a dns-record def left "_#{@port}._#{@proto}.#{@host}." end # This method returns the right-hand content of a dns-record # @return [String] right-hand content of a dns-record def right "#{@usage} #{@selector} #{@mtype} #{fingerprint}" end # This method concats the tlsa-record # # @return [String] tlsa dns-record as defined in rfc6698 def to_s "#{left} IN #{@rectype} #{right}" end private # This function selects the msg to hash using the selector # # @return if selector = 0 it returns cert.to_der, # if selector = 1 it returns cert.public_key.to_der def msg case @selector.to_i when 0 @cert.to_der when 1 @cert.public_key.to_der end end # This helper-function converts binary data into hex # # @param [String] str Binary-string # @return hex-string def bin_to_hex(str) str.each_byte.map { |b| b.to_s(16).rjust(2, '0') }.join end end |
#rectype ⇒ String (readonly)
Returns “TLSA”.
43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 |
# File 'lib/cryptorecord/tlsa.rb', line 43 class Tlsa attr_reader :selector, :mtype, :usage, :cert, :rectype attr_accessor :host, :proto, :port # constructor for the tlsa-object # # @param [Hash] args # @option args [Integer] mtype the matching type # @option args [Integer] selector the selector for the tlsa-record # @option args [String] host host-part for the tlsa-record # @option args [String] proto the network-protocol for the tlsa-record # @option args [Integer] port the network-port for the tlsa-record # @option args [Integer] usage the usage for this record # @option args [String] cert the certificate as a string def initialize(args = {}) self.mtype = args.fetch(:mtype, 1) self.selector = args.fetch(:selector, 0) @host = args.fetch(:host, 'localhost') @proto = args.fetch(:proto, 'tcp') @port = args.fetch(:port, 443) self.usage = args.fetch(:usage, 3) self.cert = args.fetch(:cert, nil) @rectype = 'TLSA' end # This setter initializes the selector # # @param [Integer] val Selector for the association. # 0 = Full Cert, 1 = SubjectPublicKeyInfo def selector=(val) if val.to_i < 0 || val.to_i > 1 raise ArgumentError, 'Invalid selector. Has to be 0 or 1' end @selector = val end # This setter initializes the mtype # # @param [Integer] val The Matching Type of the association. # 0 = Exact Match, 1 = SHA-256, 2 = SHA-512 def mtype=(val) if val.to_i < 0 || val.to_i > 2 raise ArgumentError, 'Invalid match type.'\ 'Has to be 0,1 or 2' end @mtype = val end # This setter initializes the usage # # @param [Integer] val Usage for the association. # 0 = PKIX-CA, 1 = PKIX-EE, 2 = DANE-TA, 3 = DANE-EE # @raise Cryptorecord::ArgumentError def usage=(val) if val.to_i < 0 || val.to_i > 3 raise ArgumentError, 'Invalid usage. Has to be 0,1,2 or 3' end @usage = val end # this setter initializes the certificate # # @param [OpenSSL::X509::Certificate] val the x509 certificate # @raise Cryptorecord::ArgumentError def cert=(val) unless val.is_a?(OpenSSL::X509::Certificate) || val.nil? raise ArgumentError, 'cert has to be a OpenSSL::X509::Certificate' end @cert = val end # This function reads in the certificate from file # # @param [String] file path to certificate-file def read_file(file) data = File.read(file) self.cert = OpenSSL::X509::Certificate.new(data) end # this function creates a hash-string defined by mtype and selector # @return depending on mtype and selector a proper hash will be returned # @raise Cryptorecord::MatchTypeError def fingerprint raise Cryptorecord::MatchTypeError, 'No certificate defined' if @cert.nil? case @mtype.to_i when 0 return bin_to_hex(msg) when 1 return OpenSSL::Digest::SHA256.new(msg).to_s when 2 return OpenSSL::Digest::SHA512.new(msg).to_s end end # This method returns the left-hand name of a dns-record # @return [String] left-hand name of a dns-record def left "_#{@port}._#{@proto}.#{@host}." end # This method returns the right-hand content of a dns-record # @return [String] right-hand content of a dns-record def right "#{@usage} #{@selector} #{@mtype} #{fingerprint}" end # This method concats the tlsa-record # # @return [String] tlsa dns-record as defined in rfc6698 def to_s "#{left} IN #{@rectype} #{right}" end private # This function selects the msg to hash using the selector # # @return if selector = 0 it returns cert.to_der, # if selector = 1 it returns cert.public_key.to_der def msg case @selector.to_i when 0 @cert.to_der when 1 @cert.public_key.to_der end end # This helper-function converts binary data into hex # # @param [String] str Binary-string # @return hex-string def bin_to_hex(str) str.each_byte.map { |b| b.to_s(16).rjust(2, '0') }.join end end |
#selector ⇒ Integer
Returns the selector.
43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 |
# File 'lib/cryptorecord/tlsa.rb', line 43 class Tlsa attr_reader :selector, :mtype, :usage, :cert, :rectype attr_accessor :host, :proto, :port # constructor for the tlsa-object # # @param [Hash] args # @option args [Integer] mtype the matching type # @option args [Integer] selector the selector for the tlsa-record # @option args [String] host host-part for the tlsa-record # @option args [String] proto the network-protocol for the tlsa-record # @option args [Integer] port the network-port for the tlsa-record # @option args [Integer] usage the usage for this record # @option args [String] cert the certificate as a string def initialize(args = {}) self.mtype = args.fetch(:mtype, 1) self.selector = args.fetch(:selector, 0) @host = args.fetch(:host, 'localhost') @proto = args.fetch(:proto, 'tcp') @port = args.fetch(:port, 443) self.usage = args.fetch(:usage, 3) self.cert = args.fetch(:cert, nil) @rectype = 'TLSA' end # This setter initializes the selector # # @param [Integer] val Selector for the association. # 0 = Full Cert, 1 = SubjectPublicKeyInfo def selector=(val) if val.to_i < 0 || val.to_i > 1 raise ArgumentError, 'Invalid selector. Has to be 0 or 1' end @selector = val end # This setter initializes the mtype # # @param [Integer] val The Matching Type of the association. # 0 = Exact Match, 1 = SHA-256, 2 = SHA-512 def mtype=(val) if val.to_i < 0 || val.to_i > 2 raise ArgumentError, 'Invalid match type.'\ 'Has to be 0,1 or 2' end @mtype = val end # This setter initializes the usage # # @param [Integer] val Usage for the association. # 0 = PKIX-CA, 1 = PKIX-EE, 2 = DANE-TA, 3 = DANE-EE # @raise Cryptorecord::ArgumentError def usage=(val) if val.to_i < 0 || val.to_i > 3 raise ArgumentError, 'Invalid usage. Has to be 0,1,2 or 3' end @usage = val end # this setter initializes the certificate # # @param [OpenSSL::X509::Certificate] val the x509 certificate # @raise Cryptorecord::ArgumentError def cert=(val) unless val.is_a?(OpenSSL::X509::Certificate) || val.nil? raise ArgumentError, 'cert has to be a OpenSSL::X509::Certificate' end @cert = val end # This function reads in the certificate from file # # @param [String] file path to certificate-file def read_file(file) data = File.read(file) self.cert = OpenSSL::X509::Certificate.new(data) end # this function creates a hash-string defined by mtype and selector # @return depending on mtype and selector a proper hash will be returned # @raise Cryptorecord::MatchTypeError def fingerprint raise Cryptorecord::MatchTypeError, 'No certificate defined' if @cert.nil? case @mtype.to_i when 0 return bin_to_hex(msg) when 1 return OpenSSL::Digest::SHA256.new(msg).to_s when 2 return OpenSSL::Digest::SHA512.new(msg).to_s end end # This method returns the left-hand name of a dns-record # @return [String] left-hand name of a dns-record def left "_#{@port}._#{@proto}.#{@host}." end # This method returns the right-hand content of a dns-record # @return [String] right-hand content of a dns-record def right "#{@usage} #{@selector} #{@mtype} #{fingerprint}" end # This method concats the tlsa-record # # @return [String] tlsa dns-record as defined in rfc6698 def to_s "#{left} IN #{@rectype} #{right}" end private # This function selects the msg to hash using the selector # # @return if selector = 0 it returns cert.to_der, # if selector = 1 it returns cert.public_key.to_der def msg case @selector.to_i when 0 @cert.to_der when 1 @cert.public_key.to_der end end # This helper-function converts binary data into hex # # @param [String] str Binary-string # @return hex-string def bin_to_hex(str) str.each_byte.map { |b| b.to_s(16).rjust(2, '0') }.join end end |
#usage ⇒ Integer
Returns the usage.
43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 |
# File 'lib/cryptorecord/tlsa.rb', line 43 class Tlsa attr_reader :selector, :mtype, :usage, :cert, :rectype attr_accessor :host, :proto, :port # constructor for the tlsa-object # # @param [Hash] args # @option args [Integer] mtype the matching type # @option args [Integer] selector the selector for the tlsa-record # @option args [String] host host-part for the tlsa-record # @option args [String] proto the network-protocol for the tlsa-record # @option args [Integer] port the network-port for the tlsa-record # @option args [Integer] usage the usage for this record # @option args [String] cert the certificate as a string def initialize(args = {}) self.mtype = args.fetch(:mtype, 1) self.selector = args.fetch(:selector, 0) @host = args.fetch(:host, 'localhost') @proto = args.fetch(:proto, 'tcp') @port = args.fetch(:port, 443) self.usage = args.fetch(:usage, 3) self.cert = args.fetch(:cert, nil) @rectype = 'TLSA' end # This setter initializes the selector # # @param [Integer] val Selector for the association. # 0 = Full Cert, 1 = SubjectPublicKeyInfo def selector=(val) if val.to_i < 0 || val.to_i > 1 raise ArgumentError, 'Invalid selector. Has to be 0 or 1' end @selector = val end # This setter initializes the mtype # # @param [Integer] val The Matching Type of the association. # 0 = Exact Match, 1 = SHA-256, 2 = SHA-512 def mtype=(val) if val.to_i < 0 || val.to_i > 2 raise ArgumentError, 'Invalid match type.'\ 'Has to be 0,1 or 2' end @mtype = val end # This setter initializes the usage # # @param [Integer] val Usage for the association. # 0 = PKIX-CA, 1 = PKIX-EE, 2 = DANE-TA, 3 = DANE-EE # @raise Cryptorecord::ArgumentError def usage=(val) if val.to_i < 0 || val.to_i > 3 raise ArgumentError, 'Invalid usage. Has to be 0,1,2 or 3' end @usage = val end # this setter initializes the certificate # # @param [OpenSSL::X509::Certificate] val the x509 certificate # @raise Cryptorecord::ArgumentError def cert=(val) unless val.is_a?(OpenSSL::X509::Certificate) || val.nil? raise ArgumentError, 'cert has to be a OpenSSL::X509::Certificate' end @cert = val end # This function reads in the certificate from file # # @param [String] file path to certificate-file def read_file(file) data = File.read(file) self.cert = OpenSSL::X509::Certificate.new(data) end # this function creates a hash-string defined by mtype and selector # @return depending on mtype and selector a proper hash will be returned # @raise Cryptorecord::MatchTypeError def fingerprint raise Cryptorecord::MatchTypeError, 'No certificate defined' if @cert.nil? case @mtype.to_i when 0 return bin_to_hex(msg) when 1 return OpenSSL::Digest::SHA256.new(msg).to_s when 2 return OpenSSL::Digest::SHA512.new(msg).to_s end end # This method returns the left-hand name of a dns-record # @return [String] left-hand name of a dns-record def left "_#{@port}._#{@proto}.#{@host}." end # This method returns the right-hand content of a dns-record # @return [String] right-hand content of a dns-record def right "#{@usage} #{@selector} #{@mtype} #{fingerprint}" end # This method concats the tlsa-record # # @return [String] tlsa dns-record as defined in rfc6698 def to_s "#{left} IN #{@rectype} #{right}" end private # This function selects the msg to hash using the selector # # @return if selector = 0 it returns cert.to_der, # if selector = 1 it returns cert.public_key.to_der def msg case @selector.to_i when 0 @cert.to_der when 1 @cert.public_key.to_der end end # This helper-function converts binary data into hex # # @param [String] str Binary-string # @return hex-string def bin_to_hex(str) str.each_byte.map { |b| b.to_s(16).rjust(2, '0') }.join end end |
Instance Method Details
#fingerprint ⇒ Object
this function creates a hash-string defined by mtype and selector
126 127 128 129 130 131 132 133 134 135 136 137 |
# File 'lib/cryptorecord/tlsa.rb', line 126 def fingerprint raise Cryptorecord::MatchTypeError, 'No certificate defined' if @cert.nil? case @mtype.to_i when 0 return bin_to_hex(msg) when 1 return OpenSSL::Digest::SHA256.new(msg).to_s when 2 return OpenSSL::Digest::SHA512.new(msg).to_s end end |
#left ⇒ String
This method returns the left-hand name of a dns-record
141 142 143 |
# File 'lib/cryptorecord/tlsa.rb', line 141 def left "_#{@port}._#{@proto}.#{@host}." end |
#read_file(file) ⇒ Object
This function reads in the certificate from file
118 119 120 121 |
# File 'lib/cryptorecord/tlsa.rb', line 118 def read_file(file) data = File.read(file) self.cert = OpenSSL::X509::Certificate.new(data) end |
#right ⇒ String
This method returns the right-hand content of a dns-record
147 148 149 |
# File 'lib/cryptorecord/tlsa.rb', line 147 def right "#{@usage} #{@selector} #{@mtype} #{fingerprint}" end |
#to_s ⇒ String
This method concats the tlsa-record
154 155 156 |
# File 'lib/cryptorecord/tlsa.rb', line 154 def to_s "#{left} IN #{@rectype} #{right}" end |