Class: Cryptorecord::Tlsa

Inherits:

Object

Object
Cryptorecord::Tlsa

show all

Defined in:: lib/cryptorecord/tlsa.rb

Overview

Cryptorecord::Tlsa-class generates tlsa-dns-records.

Instance Attribute Summary collapse

#cert ⇒ String

The x509 certificate.
#host ⇒ String

The fqdn for the record.
#mtype ⇒ Integer

The match-type.
#port ⇒ String

The network port.
#proto ⇒ String

The network protocol.
#selector ⇒ Integer

The selector.
#usage ⇒ Integer

The usage.

Instance Method Summary collapse

#fingerprint ⇒ Object

this function creates a hash-string defined by mtype and selector.
#initialize(args = {}) ⇒ Tlsa constructor

constructor for the tlsa-object.
#read_file(file) ⇒ Object

This function reads in the certificate from file.
#to_s ⇒ String

This method concats the tlsa-record.

Constructor Details

#initialize(args = {}) ⇒ `Tlsa`

constructor for the tlsa-object

Parameters:

args (Hash) (defaults to: {})

Options Hash (args):

mtype (Integer) —

the matching type
selector (Integer) —

the selector for the tlsa-record
host (String) —

host-part for the tlsa-record
proto (String) —

the network-protocol for the tlsa-record
port (Integer) —

the network-port for the tlsa-record
usage (Integer) —

the usage for this record
cert (String) —

the certificate as a string

# File 'lib/cryptorecord/tlsa.rb', line 55

def initialize(args = {})
  self.mtype = args.fetch(:mtype, 1)
  self.selector = args.fetch(:selector, 0)
  @host = args.fetch(:host, 'localhost')
  @proto = args.fetch(:proto, 'tcp')
  @port = args.fetch(:port, 443)
  self.usage = args.fetch(:usage, 3)
  self.cert = args.fetch(:cert, nil)
end

Instance Attribute Details

#cert ⇒ `String`

Returns the x509 certificate.

Returns:

(String) —

the x509 certificate

# File 'lib/cryptorecord/tlsa.rb', line 41

class Tlsa
  attr_reader :selector, :mtype, :usage, :cert
  attr_accessor :host, :proto, :port

  # constructor for the tlsa-object
  #
  # @param [Hash] args
  # @option args [Integer] mtype the matching type
  # @option args [Integer] selector the selector for the tlsa-record
  # @option args [String] host host-part for the tlsa-record
  # @option args [String] proto the network-protocol for the tlsa-record
  # @option args [Integer] port the network-port for the tlsa-record
  # @option args [Integer] usage the usage for this record
  # @option args [String] cert the certificate as a string
  def initialize(args = {})
    self.mtype = args.fetch(:mtype, 1)
    self.selector = args.fetch(:selector, 0)
    @host = args.fetch(:host, 'localhost')
    @proto = args.fetch(:proto, 'tcp')
    @port = args.fetch(:port, 443)
    self.usage = args.fetch(:usage, 3)
    self.cert = args.fetch(:cert, nil)
  end

  # This setter initializes the selector
  #
  # @param [Integer] val Selector for the association.
  #  0 = Full Cert, 1 = SubjectPublicKeyInfo
  def selector=(val)
    if val.to_i < 0 || val.to_i > 1
      raise ArgumentError, 'Invalid selector. Has to be 0 or 1'
    end
    @selector = val
  end

  # This setter initializes the mtype
  #
  # @param [Integer] val The Matching Type of the association.
  # 0 = Exact Match, 1 = SHA-256, 2 = SHA-512
  def mtype=(val)
    if val.to_i < 0 || val.to_i > 2
      raise ArgumentError, 'Invalid match type.'\
  'Has to be 0,1 or 2'
    end
    @mtype = val
  end

  # This setter initializes the usage
  #
  # @param [Integer] val Usage for the association.
  #   0 = PKIX-CA, 1 = PKIX-EE, 2 = DANE-TA, 3 = DANE-EE
  # @raise Cryptorecord::ArgumentError
  def usage=(val)
    if val.to_i < 0 || val.to_i > 3
      raise ArgumentError, 'Invalid usage. Has to be 0,1,2 or 3'
    end
    @usage = val
  end

  # this setter initializes the certificate
  #
  # @param [OpenSSL::X509::Certificate] val the x509 certificate
  # @raise Cryptorecord::ArgumentError
  def cert=(val)
    unless val.is_a?(OpenSSL::X509::Certificate) || val.nil?
      raise ArgumentError, 'cert has to be a OpenSSL::X509::Certificate'
    end

    @cert = val
  end

  # This function reads in the certificate from file
  #
  # @param [String] file path to certificate-file
  def read_file(file)
    data = File.read(file)
    self.cert = OpenSSL::X509::Certificate.new(data)
  end

  # this function creates a hash-string defined by mtype and selector
  # @return depending on mtype and selector a proper hash will be returned
  # @raise Cryptorecord::MatchTypeError
  def fingerprint
    raise Cryptorecord::MatchTypeError, 'No certificate defined' if @cert.nil?

    case @mtype.to_i
    when 0
      return bin_to_hex(msg)
    when 1
      return OpenSSL::Digest::SHA256.new(msg).to_s
    when 2
      return OpenSSL::Digest::SHA512.new(msg).to_s
    end
  end

  # This method concats the tlsa-record
  #
  # @return [String] tlsa dns-record as defined in rfc6698
  def to_s
    "_#{@port}._#{@proto}.#{@host}. IN TLSA"\
    " #{@usage} #{@selector} #{@mtype} #{fingerprint}"
  end

  private

  # This function selects the msg to hash using the selector
  #
  # @return if selector = 0 it returns cert.to_der,
  # if selector = 1 it returns cert.public_key.to_der
  def msg
    case @selector.to_i
    when 0
      @cert.to_der
    when 1
      @cert.public_key.to_der
    end
  end

  # This helper-function converts binary data into hex
  #
  # @param [String] str Binary-string
  # @return hex-string
  def bin_to_hex(str)
    str.each_byte.map { |b| b.to_s(16).rjust(2, '0') }.join
  end
end

#host ⇒ `String`

Returns the fqdn for the record.

Returns:

(String) —

the fqdn for the record

# File 'lib/cryptorecord/tlsa.rb', line 41

class Tlsa
  attr_reader :selector, :mtype, :usage, :cert
  attr_accessor :host, :proto, :port

  # constructor for the tlsa-object
  #
  # @param [Hash] args
  # @option args [Integer] mtype the matching type
  # @option args [Integer] selector the selector for the tlsa-record
  # @option args [String] host host-part for the tlsa-record
  # @option args [String] proto the network-protocol for the tlsa-record
  # @option args [Integer] port the network-port for the tlsa-record
  # @option args [Integer] usage the usage for this record
  # @option args [String] cert the certificate as a string
  def initialize(args = {})
    self.mtype = args.fetch(:mtype, 1)
    self.selector = args.fetch(:selector, 0)
    @host = args.fetch(:host, 'localhost')
    @proto = args.fetch(:proto, 'tcp')
    @port = args.fetch(:port, 443)
    self.usage = args.fetch(:usage, 3)
    self.cert = args.fetch(:cert, nil)
  end

  # This setter initializes the selector
  #
  # @param [Integer] val Selector for the association.
  #  0 = Full Cert, 1 = SubjectPublicKeyInfo
  def selector=(val)
    if val.to_i < 0 || val.to_i > 1
      raise ArgumentError, 'Invalid selector. Has to be 0 or 1'
    end
    @selector = val
  end

  # This setter initializes the mtype
  #
  # @param [Integer] val The Matching Type of the association.
  # 0 = Exact Match, 1 = SHA-256, 2 = SHA-512
  def mtype=(val)
    if val.to_i < 0 || val.to_i > 2
      raise ArgumentError, 'Invalid match type.'\
  'Has to be 0,1 or 2'
    end
    @mtype = val
  end

  # This setter initializes the usage
  #
  # @param [Integer] val Usage for the association.
  #   0 = PKIX-CA, 1 = PKIX-EE, 2 = DANE-TA, 3 = DANE-EE
  # @raise Cryptorecord::ArgumentError
  def usage=(val)
    if val.to_i < 0 || val.to_i > 3
      raise ArgumentError, 'Invalid usage. Has to be 0,1,2 or 3'
    end
    @usage = val
  end

  # this setter initializes the certificate
  #
  # @param [OpenSSL::X509::Certificate] val the x509 certificate
  # @raise Cryptorecord::ArgumentError
  def cert=(val)
    unless val.is_a?(OpenSSL::X509::Certificate) || val.nil?
      raise ArgumentError, 'cert has to be a OpenSSL::X509::Certificate'
    end

    @cert = val
  end

  # This function reads in the certificate from file
  #
  # @param [String] file path to certificate-file
  def read_file(file)
    data = File.read(file)
    self.cert = OpenSSL::X509::Certificate.new(data)
  end

  # this function creates a hash-string defined by mtype and selector
  # @return depending on mtype and selector a proper hash will be returned
  # @raise Cryptorecord::MatchTypeError
  def fingerprint
    raise Cryptorecord::MatchTypeError, 'No certificate defined' if @cert.nil?

    case @mtype.to_i
    when 0
      return bin_to_hex(msg)
    when 1
      return OpenSSL::Digest::SHA256.new(msg).to_s
    when 2
      return OpenSSL::Digest::SHA512.new(msg).to_s
    end
  end

  # This method concats the tlsa-record
  #
  # @return [String] tlsa dns-record as defined in rfc6698
  def to_s
    "_#{@port}._#{@proto}.#{@host}. IN TLSA"\
    " #{@usage} #{@selector} #{@mtype} #{fingerprint}"
  end

  private

  # This function selects the msg to hash using the selector
  #
  # @return if selector = 0 it returns cert.to_der,
  # if selector = 1 it returns cert.public_key.to_der
  def msg
    case @selector.to_i
    when 0
      @cert.to_der
    when 1
      @cert.public_key.to_der
    end
  end

  # This helper-function converts binary data into hex
  #
  # @param [String] str Binary-string
  # @return hex-string
  def bin_to_hex(str)
    str.each_byte.map { |b| b.to_s(16).rjust(2, '0') }.join
  end
end

#mtype ⇒ `Integer`

Returns the match-type.

Returns:

(Integer) —

the match-type

# File 'lib/cryptorecord/tlsa.rb', line 41

class Tlsa
  attr_reader :selector, :mtype, :usage, :cert
  attr_accessor :host, :proto, :port

  # constructor for the tlsa-object
  #
  # @param [Hash] args
  # @option args [Integer] mtype the matching type
  # @option args [Integer] selector the selector for the tlsa-record
  # @option args [String] host host-part for the tlsa-record
  # @option args [String] proto the network-protocol for the tlsa-record
  # @option args [Integer] port the network-port for the tlsa-record
  # @option args [Integer] usage the usage for this record
  # @option args [String] cert the certificate as a string
  def initialize(args = {})
    self.mtype = args.fetch(:mtype, 1)
    self.selector = args.fetch(:selector, 0)
    @host = args.fetch(:host, 'localhost')
    @proto = args.fetch(:proto, 'tcp')
    @port = args.fetch(:port, 443)
    self.usage = args.fetch(:usage, 3)
    self.cert = args.fetch(:cert, nil)
  end

  # This setter initializes the selector
  #
  # @param [Integer] val Selector for the association.
  #  0 = Full Cert, 1 = SubjectPublicKeyInfo
  def selector=(val)
    if val.to_i < 0 || val.to_i > 1
      raise ArgumentError, 'Invalid selector. Has to be 0 or 1'
    end
    @selector = val
  end

  # This setter initializes the mtype
  #
  # @param [Integer] val The Matching Type of the association.
  # 0 = Exact Match, 1 = SHA-256, 2 = SHA-512
  def mtype=(val)
    if val.to_i < 0 || val.to_i > 2
      raise ArgumentError, 'Invalid match type.'\
  'Has to be 0,1 or 2'
    end
    @mtype = val
  end

  # This setter initializes the usage
  #
  # @param [Integer] val Usage for the association.
  #   0 = PKIX-CA, 1 = PKIX-EE, 2 = DANE-TA, 3 = DANE-EE
  # @raise Cryptorecord::ArgumentError
  def usage=(val)
    if val.to_i < 0 || val.to_i > 3
      raise ArgumentError, 'Invalid usage. Has to be 0,1,2 or 3'
    end
    @usage = val
  end

  # this setter initializes the certificate
  #
  # @param [OpenSSL::X509::Certificate] val the x509 certificate
  # @raise Cryptorecord::ArgumentError
  def cert=(val)
    unless val.is_a?(OpenSSL::X509::Certificate) || val.nil?
      raise ArgumentError, 'cert has to be a OpenSSL::X509::Certificate'
    end

    @cert = val
  end

  # This function reads in the certificate from file
  #
  # @param [String] file path to certificate-file
  def read_file(file)
    data = File.read(file)
    self.cert = OpenSSL::X509::Certificate.new(data)
  end

  # this function creates a hash-string defined by mtype and selector
  # @return depending on mtype and selector a proper hash will be returned
  # @raise Cryptorecord::MatchTypeError
  def fingerprint
    raise Cryptorecord::MatchTypeError, 'No certificate defined' if @cert.nil?

    case @mtype.to_i
    when 0
      return bin_to_hex(msg)
    when 1
      return OpenSSL::Digest::SHA256.new(msg).to_s
    when 2
      return OpenSSL::Digest::SHA512.new(msg).to_s
    end
  end

  # This method concats the tlsa-record
  #
  # @return [String] tlsa dns-record as defined in rfc6698
  def to_s
    "_#{@port}._#{@proto}.#{@host}. IN TLSA"\
    " #{@usage} #{@selector} #{@mtype} #{fingerprint}"
  end

  private

  # This function selects the msg to hash using the selector
  #
  # @return if selector = 0 it returns cert.to_der,
  # if selector = 1 it returns cert.public_key.to_der
  def msg
    case @selector.to_i
    when 0
      @cert.to_der
    when 1
      @cert.public_key.to_der
    end
  end

  # This helper-function converts binary data into hex
  #
  # @param [String] str Binary-string
  # @return hex-string
  def bin_to_hex(str)
    str.each_byte.map { |b| b.to_s(16).rjust(2, '0') }.join
  end
end

#port ⇒ `String`

Returns the network port.

Returns:

(String) —

the network port

# File 'lib/cryptorecord/tlsa.rb', line 41

class Tlsa
  attr_reader :selector, :mtype, :usage, :cert
  attr_accessor :host, :proto, :port

  # constructor for the tlsa-object
  #
  # @param [Hash] args
  # @option args [Integer] mtype the matching type
  # @option args [Integer] selector the selector for the tlsa-record
  # @option args [String] host host-part for the tlsa-record
  # @option args [String] proto the network-protocol for the tlsa-record
  # @option args [Integer] port the network-port for the tlsa-record
  # @option args [Integer] usage the usage for this record
  # @option args [String] cert the certificate as a string
  def initialize(args = {})
    self.mtype = args.fetch(:mtype, 1)
    self.selector = args.fetch(:selector, 0)
    @host = args.fetch(:host, 'localhost')
    @proto = args.fetch(:proto, 'tcp')
    @port = args.fetch(:port, 443)
    self.usage = args.fetch(:usage, 3)
    self.cert = args.fetch(:cert, nil)
  end

  # This setter initializes the selector
  #
  # @param [Integer] val Selector for the association.
  #  0 = Full Cert, 1 = SubjectPublicKeyInfo
  def selector=(val)
    if val.to_i < 0 || val.to_i > 1
      raise ArgumentError, 'Invalid selector. Has to be 0 or 1'
    end
    @selector = val
  end

  # This setter initializes the mtype
  #
  # @param [Integer] val The Matching Type of the association.
  # 0 = Exact Match, 1 = SHA-256, 2 = SHA-512
  def mtype=(val)
    if val.to_i < 0 || val.to_i > 2
      raise ArgumentError, 'Invalid match type.'\
  'Has to be 0,1 or 2'
    end
    @mtype = val
  end

  # This setter initializes the usage
  #
  # @param [Integer] val Usage for the association.
  #   0 = PKIX-CA, 1 = PKIX-EE, 2 = DANE-TA, 3 = DANE-EE
  # @raise Cryptorecord::ArgumentError
  def usage=(val)
    if val.to_i < 0 || val.to_i > 3
      raise ArgumentError, 'Invalid usage. Has to be 0,1,2 or 3'
    end
    @usage = val
  end

  # this setter initializes the certificate
  #
  # @param [OpenSSL::X509::Certificate] val the x509 certificate
  # @raise Cryptorecord::ArgumentError
  def cert=(val)
    unless val.is_a?(OpenSSL::X509::Certificate) || val.nil?
      raise ArgumentError, 'cert has to be a OpenSSL::X509::Certificate'
    end

    @cert = val
  end

  # This function reads in the certificate from file
  #
  # @param [String] file path to certificate-file
  def read_file(file)
    data = File.read(file)
    self.cert = OpenSSL::X509::Certificate.new(data)
  end

  # this function creates a hash-string defined by mtype and selector
  # @return depending on mtype and selector a proper hash will be returned
  # @raise Cryptorecord::MatchTypeError
  def fingerprint
    raise Cryptorecord::MatchTypeError, 'No certificate defined' if @cert.nil?

    case @mtype.to_i
    when 0
      return bin_to_hex(msg)
    when 1
      return OpenSSL::Digest::SHA256.new(msg).to_s
    when 2
      return OpenSSL::Digest::SHA512.new(msg).to_s
    end
  end

  # This method concats the tlsa-record
  #
  # @return [String] tlsa dns-record as defined in rfc6698
  def to_s
    "_#{@port}._#{@proto}.#{@host}. IN TLSA"\
    " #{@usage} #{@selector} #{@mtype} #{fingerprint}"
  end

  private

  # This function selects the msg to hash using the selector
  #
  # @return if selector = 0 it returns cert.to_der,
  # if selector = 1 it returns cert.public_key.to_der
  def msg
    case @selector.to_i
    when 0
      @cert.to_der
    when 1
      @cert.public_key.to_der
    end
  end

  # This helper-function converts binary data into hex
  #
  # @param [String] str Binary-string
  # @return hex-string
  def bin_to_hex(str)
    str.each_byte.map { |b| b.to_s(16).rjust(2, '0') }.join
  end
end

#proto ⇒ `String`

Returns the network protocol.

Returns:

(String) —

the network protocol

# File 'lib/cryptorecord/tlsa.rb', line 41

class Tlsa
  attr_reader :selector, :mtype, :usage, :cert
  attr_accessor :host, :proto, :port

  # constructor for the tlsa-object
  #
  # @param [Hash] args
  # @option args [Integer] mtype the matching type
  # @option args [Integer] selector the selector for the tlsa-record
  # @option args [String] host host-part for the tlsa-record
  # @option args [String] proto the network-protocol for the tlsa-record
  # @option args [Integer] port the network-port for the tlsa-record
  # @option args [Integer] usage the usage for this record
  # @option args [String] cert the certificate as a string
  def initialize(args = {})
    self.mtype = args.fetch(:mtype, 1)
    self.selector = args.fetch(:selector, 0)
    @host = args.fetch(:host, 'localhost')
    @proto = args.fetch(:proto, 'tcp')
    @port = args.fetch(:port, 443)
    self.usage = args.fetch(:usage, 3)
    self.cert = args.fetch(:cert, nil)
  end

  # This setter initializes the selector
  #
  # @param [Integer] val Selector for the association.
  #  0 = Full Cert, 1 = SubjectPublicKeyInfo
  def selector=(val)
    if val.to_i < 0 || val.to_i > 1
      raise ArgumentError, 'Invalid selector. Has to be 0 or 1'
    end
    @selector = val
  end

  # This setter initializes the mtype
  #
  # @param [Integer] val The Matching Type of the association.
  # 0 = Exact Match, 1 = SHA-256, 2 = SHA-512
  def mtype=(val)
    if val.to_i < 0 || val.to_i > 2
      raise ArgumentError, 'Invalid match type.'\
  'Has to be 0,1 or 2'
    end
    @mtype = val
  end

  # This setter initializes the usage
  #
  # @param [Integer] val Usage for the association.
  #   0 = PKIX-CA, 1 = PKIX-EE, 2 = DANE-TA, 3 = DANE-EE
  # @raise Cryptorecord::ArgumentError
  def usage=(val)
    if val.to_i < 0 || val.to_i > 3
      raise ArgumentError, 'Invalid usage. Has to be 0,1,2 or 3'
    end
    @usage = val
  end

  # this setter initializes the certificate
  #
  # @param [OpenSSL::X509::Certificate] val the x509 certificate
  # @raise Cryptorecord::ArgumentError
  def cert=(val)
    unless val.is_a?(OpenSSL::X509::Certificate) || val.nil?
      raise ArgumentError, 'cert has to be a OpenSSL::X509::Certificate'
    end

    @cert = val
  end

  # This function reads in the certificate from file
  #
  # @param [String] file path to certificate-file
  def read_file(file)
    data = File.read(file)
    self.cert = OpenSSL::X509::Certificate.new(data)
  end

  # this function creates a hash-string defined by mtype and selector
  # @return depending on mtype and selector a proper hash will be returned
  # @raise Cryptorecord::MatchTypeError
  def fingerprint
    raise Cryptorecord::MatchTypeError, 'No certificate defined' if @cert.nil?

    case @mtype.to_i
    when 0
      return bin_to_hex(msg)
    when 1
      return OpenSSL::Digest::SHA256.new(msg).to_s
    when 2
      return OpenSSL::Digest::SHA512.new(msg).to_s
    end
  end

  # This method concats the tlsa-record
  #
  # @return [String] tlsa dns-record as defined in rfc6698
  def to_s
    "_#{@port}._#{@proto}.#{@host}. IN TLSA"\
    " #{@usage} #{@selector} #{@mtype} #{fingerprint}"
  end

  private

  # This function selects the msg to hash using the selector
  #
  # @return if selector = 0 it returns cert.to_der,
  # if selector = 1 it returns cert.public_key.to_der
  def msg
    case @selector.to_i
    when 0
      @cert.to_der
    when 1
      @cert.public_key.to_der
    end
  end

  # This helper-function converts binary data into hex
  #
  # @param [String] str Binary-string
  # @return hex-string
  def bin_to_hex(str)
    str.each_byte.map { |b| b.to_s(16).rjust(2, '0') }.join
  end
end

#selector ⇒ `Integer`

Returns the selector.

Returns:

(Integer) —

the selector

# File 'lib/cryptorecord/tlsa.rb', line 41

class Tlsa
  attr_reader :selector, :mtype, :usage, :cert
  attr_accessor :host, :proto, :port

  # constructor for the tlsa-object
  #
  # @param [Hash] args
  # @option args [Integer] mtype the matching type
  # @option args [Integer] selector the selector for the tlsa-record
  # @option args [String] host host-part for the tlsa-record
  # @option args [String] proto the network-protocol for the tlsa-record
  # @option args [Integer] port the network-port for the tlsa-record
  # @option args [Integer] usage the usage for this record
  # @option args [String] cert the certificate as a string
  def initialize(args = {})
    self.mtype = args.fetch(:mtype, 1)
    self.selector = args.fetch(:selector, 0)
    @host = args.fetch(:host, 'localhost')
    @proto = args.fetch(:proto, 'tcp')
    @port = args.fetch(:port, 443)
    self.usage = args.fetch(:usage, 3)
    self.cert = args.fetch(:cert, nil)
  end

  # This setter initializes the selector
  #
  # @param [Integer] val Selector for the association.
  #  0 = Full Cert, 1 = SubjectPublicKeyInfo
  def selector=(val)
    if val.to_i < 0 || val.to_i > 1
      raise ArgumentError, 'Invalid selector. Has to be 0 or 1'
    end
    @selector = val
  end

  # This setter initializes the mtype
  #
  # @param [Integer] val The Matching Type of the association.
  # 0 = Exact Match, 1 = SHA-256, 2 = SHA-512
  def mtype=(val)
    if val.to_i < 0 || val.to_i > 2
      raise ArgumentError, 'Invalid match type.'\
  'Has to be 0,1 or 2'
    end
    @mtype = val
  end

  # This setter initializes the usage
  #
  # @param [Integer] val Usage for the association.
  #   0 = PKIX-CA, 1 = PKIX-EE, 2 = DANE-TA, 3 = DANE-EE
  # @raise Cryptorecord::ArgumentError
  def usage=(val)
    if val.to_i < 0 || val.to_i > 3
      raise ArgumentError, 'Invalid usage. Has to be 0,1,2 or 3'
    end
    @usage = val
  end

  # this setter initializes the certificate
  #
  # @param [OpenSSL::X509::Certificate] val the x509 certificate
  # @raise Cryptorecord::ArgumentError
  def cert=(val)
    unless val.is_a?(OpenSSL::X509::Certificate) || val.nil?
      raise ArgumentError, 'cert has to be a OpenSSL::X509::Certificate'
    end

    @cert = val
  end

  # This function reads in the certificate from file
  #
  # @param [String] file path to certificate-file
  def read_file(file)
    data = File.read(file)
    self.cert = OpenSSL::X509::Certificate.new(data)
  end

  # this function creates a hash-string defined by mtype and selector
  # @return depending on mtype and selector a proper hash will be returned
  # @raise Cryptorecord::MatchTypeError
  def fingerprint
    raise Cryptorecord::MatchTypeError, 'No certificate defined' if @cert.nil?

    case @mtype.to_i
    when 0
      return bin_to_hex(msg)
    when 1
      return OpenSSL::Digest::SHA256.new(msg).to_s
    when 2
      return OpenSSL::Digest::SHA512.new(msg).to_s
    end
  end

  # This method concats the tlsa-record
  #
  # @return [String] tlsa dns-record as defined in rfc6698
  def to_s
    "_#{@port}._#{@proto}.#{@host}. IN TLSA"\
    " #{@usage} #{@selector} #{@mtype} #{fingerprint}"
  end

  private

  # This function selects the msg to hash using the selector
  #
  # @return if selector = 0 it returns cert.to_der,
  # if selector = 1 it returns cert.public_key.to_der
  def msg
    case @selector.to_i
    when 0
      @cert.to_der
    when 1
      @cert.public_key.to_der
    end
  end

  # This helper-function converts binary data into hex
  #
  # @param [String] str Binary-string
  # @return hex-string
  def bin_to_hex(str)
    str.each_byte.map { |b| b.to_s(16).rjust(2, '0') }.join
  end
end

#usage ⇒ `Integer`

Returns the usage.

Returns:

(Integer) —

the usage

# File 'lib/cryptorecord/tlsa.rb', line 41

class Tlsa
  attr_reader :selector, :mtype, :usage, :cert
  attr_accessor :host, :proto, :port

  # constructor for the tlsa-object
  #
  # @param [Hash] args
  # @option args [Integer] mtype the matching type
  # @option args [Integer] selector the selector for the tlsa-record
  # @option args [String] host host-part for the tlsa-record
  # @option args [String] proto the network-protocol for the tlsa-record
  # @option args [Integer] port the network-port for the tlsa-record
  # @option args [Integer] usage the usage for this record
  # @option args [String] cert the certificate as a string
  def initialize(args = {})
    self.mtype = args.fetch(:mtype, 1)
    self.selector = args.fetch(:selector, 0)
    @host = args.fetch(:host, 'localhost')
    @proto = args.fetch(:proto, 'tcp')
    @port = args.fetch(:port, 443)
    self.usage = args.fetch(:usage, 3)
    self.cert = args.fetch(:cert, nil)
  end

  # This setter initializes the selector
  #
  # @param [Integer] val Selector for the association.
  #  0 = Full Cert, 1 = SubjectPublicKeyInfo
  def selector=(val)
    if val.to_i < 0 || val.to_i > 1
      raise ArgumentError, 'Invalid selector. Has to be 0 or 1'
    end
    @selector = val
  end

  # This setter initializes the mtype
  #
  # @param [Integer] val The Matching Type of the association.
  # 0 = Exact Match, 1 = SHA-256, 2 = SHA-512
  def mtype=(val)
    if val.to_i < 0 || val.to_i > 2
      raise ArgumentError, 'Invalid match type.'\
  'Has to be 0,1 or 2'
    end
    @mtype = val
  end

  # This setter initializes the usage
  #
  # @param [Integer] val Usage for the association.
  #   0 = PKIX-CA, 1 = PKIX-EE, 2 = DANE-TA, 3 = DANE-EE
  # @raise Cryptorecord::ArgumentError
  def usage=(val)
    if val.to_i < 0 || val.to_i > 3
      raise ArgumentError, 'Invalid usage. Has to be 0,1,2 or 3'
    end
    @usage = val
  end

  # this setter initializes the certificate
  #
  # @param [OpenSSL::X509::Certificate] val the x509 certificate
  # @raise Cryptorecord::ArgumentError
  def cert=(val)
    unless val.is_a?(OpenSSL::X509::Certificate) || val.nil?
      raise ArgumentError, 'cert has to be a OpenSSL::X509::Certificate'
    end

    @cert = val
  end

  # This function reads in the certificate from file
  #
  # @param [String] file path to certificate-file
  def read_file(file)
    data = File.read(file)
    self.cert = OpenSSL::X509::Certificate.new(data)
  end

  # this function creates a hash-string defined by mtype and selector
  # @return depending on mtype and selector a proper hash will be returned
  # @raise Cryptorecord::MatchTypeError
  def fingerprint
    raise Cryptorecord::MatchTypeError, 'No certificate defined' if @cert.nil?

    case @mtype.to_i
    when 0
      return bin_to_hex(msg)
    when 1
      return OpenSSL::Digest::SHA256.new(msg).to_s
    when 2
      return OpenSSL::Digest::SHA512.new(msg).to_s
    end
  end

  # This method concats the tlsa-record
  #
  # @return [String] tlsa dns-record as defined in rfc6698
  def to_s
    "_#{@port}._#{@proto}.#{@host}. IN TLSA"\
    " #{@usage} #{@selector} #{@mtype} #{fingerprint}"
  end

  private

  # This function selects the msg to hash using the selector
  #
  # @return if selector = 0 it returns cert.to_der,
  # if selector = 1 it returns cert.public_key.to_der
  def msg
    case @selector.to_i
    when 0
      @cert.to_der
    when 1
      @cert.public_key.to_der
    end
  end

  # This helper-function converts binary data into hex
  #
  # @param [String] str Binary-string
  # @return hex-string
  def bin_to_hex(str)
    str.each_byte.map { |b| b.to_s(16).rjust(2, '0') }.join
  end
end

Instance Method Details

#fingerprint ⇒ `Object`

this function creates a hash-string defined by mtype and selector

Returns:

depending on mtype and selector a proper hash will be returned

Raises:

Cryptorecord::MatchTypeError

# File 'lib/cryptorecord/tlsa.rb', line 123

def fingerprint
  raise Cryptorecord::MatchTypeError, 'No certificate defined' if @cert.nil?

  case @mtype.to_i
  when 0
    return bin_to_hex(msg)
  when 1
    return OpenSSL::Digest::SHA256.new(msg).to_s
  when 2
    return OpenSSL::Digest::SHA512.new(msg).to_s
  end
end

#read_file(file) ⇒ `Object`

This function reads in the certificate from file

Parameters:

file (String) —

path to certificate-file

# File 'lib/cryptorecord/tlsa.rb', line 115

def read_file(file)
  data = File.read(file)
  self.cert = OpenSSL::X509::Certificate.new(data)
end

#to_s ⇒ `String`

This method concats the tlsa-record

Returns:

(String) —

tlsa dns-record as defined in rfc6698

# File 'lib/cryptorecord/tlsa.rb', line 139

def to_s
  "_#{@port}._#{@proto}.#{@host}. IN TLSA"\
  " #{@usage} #{@selector} #{@mtype} #{fingerprint}"
end

Class: Cryptorecord::Tlsa

Overview

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(args = {}) ⇒ Tlsa

Instance Attribute Details

#cert ⇒ String

#host ⇒ String

#mtype ⇒ Integer

#port ⇒ String

#proto ⇒ String

#selector ⇒ Integer

#usage ⇒ Integer

Instance Method Details

#fingerprint ⇒ Object

#read_file(file) ⇒ Object

#to_s ⇒ String

#initialize(args = {}) ⇒ `Tlsa`

#cert ⇒ `String`

#host ⇒ `String`

#mtype ⇒ `Integer`

#port ⇒ `String`

#proto ⇒ `String`

#selector ⇒ `Integer`

#usage ⇒ `Integer`

#fingerprint ⇒ `Object`

#read_file(file) ⇒ `Object`

#to_s ⇒ `String`