Class: Cryptorecord::Tlsa
- Inherits:
-
Object
- Object
- Cryptorecord::Tlsa
- Defined in:
- lib/cryptorecord/tlsa.rb
Overview
Cryptorecord::Tlsa-class generates tlsa-dns-records.
Instance Attribute Summary collapse
-
#cert ⇒ String
The x509 certificate.
-
#host ⇒ String
The fqdn for the record.
-
#mtype ⇒ Integer
The match-type.
-
#port ⇒ String
The network port.
-
#proto ⇒ String
The network protocol.
-
#selector ⇒ Integer
The selector.
-
#usage ⇒ Integer
The usage.
Instance Method Summary collapse
-
#fingerprint ⇒ Object
this function creates a hash-string defined by mtype and selector.
-
#initialize(args = {}) ⇒ Tlsa
constructor
constructor for the tlsa-object.
-
#read_file(file) ⇒ Object
This function reads in the certificate from file.
-
#to_s ⇒ String
This method concats the tlsa-record.
Constructor Details
#initialize(args = {}) ⇒ Tlsa
constructor for the tlsa-object
55 56 57 58 59 60 61 62 63 |
# File 'lib/cryptorecord/tlsa.rb', line 55 def initialize(args = {}) self.mtype = args.fetch(:mtype, 1) self.selector = args.fetch(:selector, 0) @host = args.fetch(:host, 'localhost') @proto = args.fetch(:proto, 'tcp') @port = args.fetch(:port, 443) self.usage = args.fetch(:usage, 3) self.cert = args.fetch(:cert, nil) end |
Instance Attribute Details
#cert ⇒ String
Returns the x509 certificate.
41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 |
# File 'lib/cryptorecord/tlsa.rb', line 41 class Tlsa attr_reader :selector, :mtype, :usage, :cert attr_accessor :host, :proto, :port # constructor for the tlsa-object # # @param [Hash] args # @option args [Integer] mtype the matching type # @option args [Integer] selector the selector for the tlsa-record # @option args [String] host host-part for the tlsa-record # @option args [String] proto the network-protocol for the tlsa-record # @option args [Integer] port the network-port for the tlsa-record # @option args [Integer] usage the usage for this record # @option args [String] cert the certificate as a string def initialize(args = {}) self.mtype = args.fetch(:mtype, 1) self.selector = args.fetch(:selector, 0) @host = args.fetch(:host, 'localhost') @proto = args.fetch(:proto, 'tcp') @port = args.fetch(:port, 443) self.usage = args.fetch(:usage, 3) self.cert = args.fetch(:cert, nil) end # This setter initializes the selector # # @param [Integer] val Selector for the association. # 0 = Full Cert, 1 = SubjectPublicKeyInfo def selector=(val) if val.to_i < 0 || val.to_i > 1 raise ArgumentError, 'Invalid selector. Has to be 0 or 1' end @selector = val end # This setter initializes the mtype # # @param [Integer] val The Matching Type of the association. # 0 = Exact Match, 1 = SHA-256, 2 = SHA-512 def mtype=(val) if val.to_i < 0 || val.to_i > 2 raise ArgumentError, 'Invalid match type.'\ 'Has to be 0,1 or 2' end @mtype = val end # This setter initializes the usage # # @param [Integer] val Usage for the association. # 0 = PKIX-CA, 1 = PKIX-EE, 2 = DANE-TA, 3 = DANE-EE # @raise Cryptorecord::ArgumentError def usage=(val) if val.to_i < 0 || val.to_i > 3 raise ArgumentError, 'Invalid usage. Has to be 0,1,2 or 3' end @usage = val end # this setter initializes the certificate # # @param [OpenSSL::X509::Certificate] val the x509 certificate # @raise Cryptorecord::ArgumentError def cert=(val) unless val.is_a?(OpenSSL::X509::Certificate) || val.nil? raise ArgumentError, 'cert has to be a OpenSSL::X509::Certificate' end @cert = val end # This function reads in the certificate from file # # @param [String] file path to certificate-file def read_file(file) data = File.read(file) self.cert = OpenSSL::X509::Certificate.new(data) end # this function creates a hash-string defined by mtype and selector # @return depending on mtype and selector a proper hash will be returned # @raise Cryptorecord::MatchTypeError def fingerprint raise Cryptorecord::MatchTypeError, 'No certificate defined' if @cert.nil? case @mtype.to_i when 0 return bin_to_hex(msg) when 1 return OpenSSL::Digest::SHA256.new(msg).to_s when 2 return OpenSSL::Digest::SHA512.new(msg).to_s end end # This method concats the tlsa-record # # @return [String] tlsa dns-record as defined in rfc6698 def to_s "_#{@port}._#{@proto}.#{@host}. IN TLSA"\ " #{@usage} #{@selector} #{@mtype} #{fingerprint}" end private # This function selects the msg to hash using the selector # # @return if selector = 0 it returns cert.to_der, # if selector = 1 it returns cert.public_key.to_der def msg case @selector.to_i when 0 @cert.to_der when 1 @cert.public_key.to_der end end # This helper-function converts binary data into hex # # @param [String] str Binary-string # @return hex-string def bin_to_hex(str) str.each_byte.map { |b| b.to_s(16).rjust(2, '0') }.join end end |
#host ⇒ String
Returns the fqdn for the record.
41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 |
# File 'lib/cryptorecord/tlsa.rb', line 41 class Tlsa attr_reader :selector, :mtype, :usage, :cert attr_accessor :host, :proto, :port # constructor for the tlsa-object # # @param [Hash] args # @option args [Integer] mtype the matching type # @option args [Integer] selector the selector for the tlsa-record # @option args [String] host host-part for the tlsa-record # @option args [String] proto the network-protocol for the tlsa-record # @option args [Integer] port the network-port for the tlsa-record # @option args [Integer] usage the usage for this record # @option args [String] cert the certificate as a string def initialize(args = {}) self.mtype = args.fetch(:mtype, 1) self.selector = args.fetch(:selector, 0) @host = args.fetch(:host, 'localhost') @proto = args.fetch(:proto, 'tcp') @port = args.fetch(:port, 443) self.usage = args.fetch(:usage, 3) self.cert = args.fetch(:cert, nil) end # This setter initializes the selector # # @param [Integer] val Selector for the association. # 0 = Full Cert, 1 = SubjectPublicKeyInfo def selector=(val) if val.to_i < 0 || val.to_i > 1 raise ArgumentError, 'Invalid selector. Has to be 0 or 1' end @selector = val end # This setter initializes the mtype # # @param [Integer] val The Matching Type of the association. # 0 = Exact Match, 1 = SHA-256, 2 = SHA-512 def mtype=(val) if val.to_i < 0 || val.to_i > 2 raise ArgumentError, 'Invalid match type.'\ 'Has to be 0,1 or 2' end @mtype = val end # This setter initializes the usage # # @param [Integer] val Usage for the association. # 0 = PKIX-CA, 1 = PKIX-EE, 2 = DANE-TA, 3 = DANE-EE # @raise Cryptorecord::ArgumentError def usage=(val) if val.to_i < 0 || val.to_i > 3 raise ArgumentError, 'Invalid usage. Has to be 0,1,2 or 3' end @usage = val end # this setter initializes the certificate # # @param [OpenSSL::X509::Certificate] val the x509 certificate # @raise Cryptorecord::ArgumentError def cert=(val) unless val.is_a?(OpenSSL::X509::Certificate) || val.nil? raise ArgumentError, 'cert has to be a OpenSSL::X509::Certificate' end @cert = val end # This function reads in the certificate from file # # @param [String] file path to certificate-file def read_file(file) data = File.read(file) self.cert = OpenSSL::X509::Certificate.new(data) end # this function creates a hash-string defined by mtype and selector # @return depending on mtype and selector a proper hash will be returned # @raise Cryptorecord::MatchTypeError def fingerprint raise Cryptorecord::MatchTypeError, 'No certificate defined' if @cert.nil? case @mtype.to_i when 0 return bin_to_hex(msg) when 1 return OpenSSL::Digest::SHA256.new(msg).to_s when 2 return OpenSSL::Digest::SHA512.new(msg).to_s end end # This method concats the tlsa-record # # @return [String] tlsa dns-record as defined in rfc6698 def to_s "_#{@port}._#{@proto}.#{@host}. IN TLSA"\ " #{@usage} #{@selector} #{@mtype} #{fingerprint}" end private # This function selects the msg to hash using the selector # # @return if selector = 0 it returns cert.to_der, # if selector = 1 it returns cert.public_key.to_der def msg case @selector.to_i when 0 @cert.to_der when 1 @cert.public_key.to_der end end # This helper-function converts binary data into hex # # @param [String] str Binary-string # @return hex-string def bin_to_hex(str) str.each_byte.map { |b| b.to_s(16).rjust(2, '0') }.join end end |
#mtype ⇒ Integer
Returns the match-type.
41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 |
# File 'lib/cryptorecord/tlsa.rb', line 41 class Tlsa attr_reader :selector, :mtype, :usage, :cert attr_accessor :host, :proto, :port # constructor for the tlsa-object # # @param [Hash] args # @option args [Integer] mtype the matching type # @option args [Integer] selector the selector for the tlsa-record # @option args [String] host host-part for the tlsa-record # @option args [String] proto the network-protocol for the tlsa-record # @option args [Integer] port the network-port for the tlsa-record # @option args [Integer] usage the usage for this record # @option args [String] cert the certificate as a string def initialize(args = {}) self.mtype = args.fetch(:mtype, 1) self.selector = args.fetch(:selector, 0) @host = args.fetch(:host, 'localhost') @proto = args.fetch(:proto, 'tcp') @port = args.fetch(:port, 443) self.usage = args.fetch(:usage, 3) self.cert = args.fetch(:cert, nil) end # This setter initializes the selector # # @param [Integer] val Selector for the association. # 0 = Full Cert, 1 = SubjectPublicKeyInfo def selector=(val) if val.to_i < 0 || val.to_i > 1 raise ArgumentError, 'Invalid selector. Has to be 0 or 1' end @selector = val end # This setter initializes the mtype # # @param [Integer] val The Matching Type of the association. # 0 = Exact Match, 1 = SHA-256, 2 = SHA-512 def mtype=(val) if val.to_i < 0 || val.to_i > 2 raise ArgumentError, 'Invalid match type.'\ 'Has to be 0,1 or 2' end @mtype = val end # This setter initializes the usage # # @param [Integer] val Usage for the association. # 0 = PKIX-CA, 1 = PKIX-EE, 2 = DANE-TA, 3 = DANE-EE # @raise Cryptorecord::ArgumentError def usage=(val) if val.to_i < 0 || val.to_i > 3 raise ArgumentError, 'Invalid usage. Has to be 0,1,2 or 3' end @usage = val end # this setter initializes the certificate # # @param [OpenSSL::X509::Certificate] val the x509 certificate # @raise Cryptorecord::ArgumentError def cert=(val) unless val.is_a?(OpenSSL::X509::Certificate) || val.nil? raise ArgumentError, 'cert has to be a OpenSSL::X509::Certificate' end @cert = val end # This function reads in the certificate from file # # @param [String] file path to certificate-file def read_file(file) data = File.read(file) self.cert = OpenSSL::X509::Certificate.new(data) end # this function creates a hash-string defined by mtype and selector # @return depending on mtype and selector a proper hash will be returned # @raise Cryptorecord::MatchTypeError def fingerprint raise Cryptorecord::MatchTypeError, 'No certificate defined' if @cert.nil? case @mtype.to_i when 0 return bin_to_hex(msg) when 1 return OpenSSL::Digest::SHA256.new(msg).to_s when 2 return OpenSSL::Digest::SHA512.new(msg).to_s end end # This method concats the tlsa-record # # @return [String] tlsa dns-record as defined in rfc6698 def to_s "_#{@port}._#{@proto}.#{@host}. IN TLSA"\ " #{@usage} #{@selector} #{@mtype} #{fingerprint}" end private # This function selects the msg to hash using the selector # # @return if selector = 0 it returns cert.to_der, # if selector = 1 it returns cert.public_key.to_der def msg case @selector.to_i when 0 @cert.to_der when 1 @cert.public_key.to_der end end # This helper-function converts binary data into hex # # @param [String] str Binary-string # @return hex-string def bin_to_hex(str) str.each_byte.map { |b| b.to_s(16).rjust(2, '0') }.join end end |
#port ⇒ String
Returns the network port.
41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 |
# File 'lib/cryptorecord/tlsa.rb', line 41 class Tlsa attr_reader :selector, :mtype, :usage, :cert attr_accessor :host, :proto, :port # constructor for the tlsa-object # # @param [Hash] args # @option args [Integer] mtype the matching type # @option args [Integer] selector the selector for the tlsa-record # @option args [String] host host-part for the tlsa-record # @option args [String] proto the network-protocol for the tlsa-record # @option args [Integer] port the network-port for the tlsa-record # @option args [Integer] usage the usage for this record # @option args [String] cert the certificate as a string def initialize(args = {}) self.mtype = args.fetch(:mtype, 1) self.selector = args.fetch(:selector, 0) @host = args.fetch(:host, 'localhost') @proto = args.fetch(:proto, 'tcp') @port = args.fetch(:port, 443) self.usage = args.fetch(:usage, 3) self.cert = args.fetch(:cert, nil) end # This setter initializes the selector # # @param [Integer] val Selector for the association. # 0 = Full Cert, 1 = SubjectPublicKeyInfo def selector=(val) if val.to_i < 0 || val.to_i > 1 raise ArgumentError, 'Invalid selector. Has to be 0 or 1' end @selector = val end # This setter initializes the mtype # # @param [Integer] val The Matching Type of the association. # 0 = Exact Match, 1 = SHA-256, 2 = SHA-512 def mtype=(val) if val.to_i < 0 || val.to_i > 2 raise ArgumentError, 'Invalid match type.'\ 'Has to be 0,1 or 2' end @mtype = val end # This setter initializes the usage # # @param [Integer] val Usage for the association. # 0 = PKIX-CA, 1 = PKIX-EE, 2 = DANE-TA, 3 = DANE-EE # @raise Cryptorecord::ArgumentError def usage=(val) if val.to_i < 0 || val.to_i > 3 raise ArgumentError, 'Invalid usage. Has to be 0,1,2 or 3' end @usage = val end # this setter initializes the certificate # # @param [OpenSSL::X509::Certificate] val the x509 certificate # @raise Cryptorecord::ArgumentError def cert=(val) unless val.is_a?(OpenSSL::X509::Certificate) || val.nil? raise ArgumentError, 'cert has to be a OpenSSL::X509::Certificate' end @cert = val end # This function reads in the certificate from file # # @param [String] file path to certificate-file def read_file(file) data = File.read(file) self.cert = OpenSSL::X509::Certificate.new(data) end # this function creates a hash-string defined by mtype and selector # @return depending on mtype and selector a proper hash will be returned # @raise Cryptorecord::MatchTypeError def fingerprint raise Cryptorecord::MatchTypeError, 'No certificate defined' if @cert.nil? case @mtype.to_i when 0 return bin_to_hex(msg) when 1 return OpenSSL::Digest::SHA256.new(msg).to_s when 2 return OpenSSL::Digest::SHA512.new(msg).to_s end end # This method concats the tlsa-record # # @return [String] tlsa dns-record as defined in rfc6698 def to_s "_#{@port}._#{@proto}.#{@host}. IN TLSA"\ " #{@usage} #{@selector} #{@mtype} #{fingerprint}" end private # This function selects the msg to hash using the selector # # @return if selector = 0 it returns cert.to_der, # if selector = 1 it returns cert.public_key.to_der def msg case @selector.to_i when 0 @cert.to_der when 1 @cert.public_key.to_der end end # This helper-function converts binary data into hex # # @param [String] str Binary-string # @return hex-string def bin_to_hex(str) str.each_byte.map { |b| b.to_s(16).rjust(2, '0') }.join end end |
#proto ⇒ String
Returns the network protocol.
41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 |
# File 'lib/cryptorecord/tlsa.rb', line 41 class Tlsa attr_reader :selector, :mtype, :usage, :cert attr_accessor :host, :proto, :port # constructor for the tlsa-object # # @param [Hash] args # @option args [Integer] mtype the matching type # @option args [Integer] selector the selector for the tlsa-record # @option args [String] host host-part for the tlsa-record # @option args [String] proto the network-protocol for the tlsa-record # @option args [Integer] port the network-port for the tlsa-record # @option args [Integer] usage the usage for this record # @option args [String] cert the certificate as a string def initialize(args = {}) self.mtype = args.fetch(:mtype, 1) self.selector = args.fetch(:selector, 0) @host = args.fetch(:host, 'localhost') @proto = args.fetch(:proto, 'tcp') @port = args.fetch(:port, 443) self.usage = args.fetch(:usage, 3) self.cert = args.fetch(:cert, nil) end # This setter initializes the selector # # @param [Integer] val Selector for the association. # 0 = Full Cert, 1 = SubjectPublicKeyInfo def selector=(val) if val.to_i < 0 || val.to_i > 1 raise ArgumentError, 'Invalid selector. Has to be 0 or 1' end @selector = val end # This setter initializes the mtype # # @param [Integer] val The Matching Type of the association. # 0 = Exact Match, 1 = SHA-256, 2 = SHA-512 def mtype=(val) if val.to_i < 0 || val.to_i > 2 raise ArgumentError, 'Invalid match type.'\ 'Has to be 0,1 or 2' end @mtype = val end # This setter initializes the usage # # @param [Integer] val Usage for the association. # 0 = PKIX-CA, 1 = PKIX-EE, 2 = DANE-TA, 3 = DANE-EE # @raise Cryptorecord::ArgumentError def usage=(val) if val.to_i < 0 || val.to_i > 3 raise ArgumentError, 'Invalid usage. Has to be 0,1,2 or 3' end @usage = val end # this setter initializes the certificate # # @param [OpenSSL::X509::Certificate] val the x509 certificate # @raise Cryptorecord::ArgumentError def cert=(val) unless val.is_a?(OpenSSL::X509::Certificate) || val.nil? raise ArgumentError, 'cert has to be a OpenSSL::X509::Certificate' end @cert = val end # This function reads in the certificate from file # # @param [String] file path to certificate-file def read_file(file) data = File.read(file) self.cert = OpenSSL::X509::Certificate.new(data) end # this function creates a hash-string defined by mtype and selector # @return depending on mtype and selector a proper hash will be returned # @raise Cryptorecord::MatchTypeError def fingerprint raise Cryptorecord::MatchTypeError, 'No certificate defined' if @cert.nil? case @mtype.to_i when 0 return bin_to_hex(msg) when 1 return OpenSSL::Digest::SHA256.new(msg).to_s when 2 return OpenSSL::Digest::SHA512.new(msg).to_s end end # This method concats the tlsa-record # # @return [String] tlsa dns-record as defined in rfc6698 def to_s "_#{@port}._#{@proto}.#{@host}. IN TLSA"\ " #{@usage} #{@selector} #{@mtype} #{fingerprint}" end private # This function selects the msg to hash using the selector # # @return if selector = 0 it returns cert.to_der, # if selector = 1 it returns cert.public_key.to_der def msg case @selector.to_i when 0 @cert.to_der when 1 @cert.public_key.to_der end end # This helper-function converts binary data into hex # # @param [String] str Binary-string # @return hex-string def bin_to_hex(str) str.each_byte.map { |b| b.to_s(16).rjust(2, '0') }.join end end |
#selector ⇒ Integer
Returns the selector.
41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 |
# File 'lib/cryptorecord/tlsa.rb', line 41 class Tlsa attr_reader :selector, :mtype, :usage, :cert attr_accessor :host, :proto, :port # constructor for the tlsa-object # # @param [Hash] args # @option args [Integer] mtype the matching type # @option args [Integer] selector the selector for the tlsa-record # @option args [String] host host-part for the tlsa-record # @option args [String] proto the network-protocol for the tlsa-record # @option args [Integer] port the network-port for the tlsa-record # @option args [Integer] usage the usage for this record # @option args [String] cert the certificate as a string def initialize(args = {}) self.mtype = args.fetch(:mtype, 1) self.selector = args.fetch(:selector, 0) @host = args.fetch(:host, 'localhost') @proto = args.fetch(:proto, 'tcp') @port = args.fetch(:port, 443) self.usage = args.fetch(:usage, 3) self.cert = args.fetch(:cert, nil) end # This setter initializes the selector # # @param [Integer] val Selector for the association. # 0 = Full Cert, 1 = SubjectPublicKeyInfo def selector=(val) if val.to_i < 0 || val.to_i > 1 raise ArgumentError, 'Invalid selector. Has to be 0 or 1' end @selector = val end # This setter initializes the mtype # # @param [Integer] val The Matching Type of the association. # 0 = Exact Match, 1 = SHA-256, 2 = SHA-512 def mtype=(val) if val.to_i < 0 || val.to_i > 2 raise ArgumentError, 'Invalid match type.'\ 'Has to be 0,1 or 2' end @mtype = val end # This setter initializes the usage # # @param [Integer] val Usage for the association. # 0 = PKIX-CA, 1 = PKIX-EE, 2 = DANE-TA, 3 = DANE-EE # @raise Cryptorecord::ArgumentError def usage=(val) if val.to_i < 0 || val.to_i > 3 raise ArgumentError, 'Invalid usage. Has to be 0,1,2 or 3' end @usage = val end # this setter initializes the certificate # # @param [OpenSSL::X509::Certificate] val the x509 certificate # @raise Cryptorecord::ArgumentError def cert=(val) unless val.is_a?(OpenSSL::X509::Certificate) || val.nil? raise ArgumentError, 'cert has to be a OpenSSL::X509::Certificate' end @cert = val end # This function reads in the certificate from file # # @param [String] file path to certificate-file def read_file(file) data = File.read(file) self.cert = OpenSSL::X509::Certificate.new(data) end # this function creates a hash-string defined by mtype and selector # @return depending on mtype and selector a proper hash will be returned # @raise Cryptorecord::MatchTypeError def fingerprint raise Cryptorecord::MatchTypeError, 'No certificate defined' if @cert.nil? case @mtype.to_i when 0 return bin_to_hex(msg) when 1 return OpenSSL::Digest::SHA256.new(msg).to_s when 2 return OpenSSL::Digest::SHA512.new(msg).to_s end end # This method concats the tlsa-record # # @return [String] tlsa dns-record as defined in rfc6698 def to_s "_#{@port}._#{@proto}.#{@host}. IN TLSA"\ " #{@usage} #{@selector} #{@mtype} #{fingerprint}" end private # This function selects the msg to hash using the selector # # @return if selector = 0 it returns cert.to_der, # if selector = 1 it returns cert.public_key.to_der def msg case @selector.to_i when 0 @cert.to_der when 1 @cert.public_key.to_der end end # This helper-function converts binary data into hex # # @param [String] str Binary-string # @return hex-string def bin_to_hex(str) str.each_byte.map { |b| b.to_s(16).rjust(2, '0') }.join end end |
#usage ⇒ Integer
Returns the usage.
41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 |
# File 'lib/cryptorecord/tlsa.rb', line 41 class Tlsa attr_reader :selector, :mtype, :usage, :cert attr_accessor :host, :proto, :port # constructor for the tlsa-object # # @param [Hash] args # @option args [Integer] mtype the matching type # @option args [Integer] selector the selector for the tlsa-record # @option args [String] host host-part for the tlsa-record # @option args [String] proto the network-protocol for the tlsa-record # @option args [Integer] port the network-port for the tlsa-record # @option args [Integer] usage the usage for this record # @option args [String] cert the certificate as a string def initialize(args = {}) self.mtype = args.fetch(:mtype, 1) self.selector = args.fetch(:selector, 0) @host = args.fetch(:host, 'localhost') @proto = args.fetch(:proto, 'tcp') @port = args.fetch(:port, 443) self.usage = args.fetch(:usage, 3) self.cert = args.fetch(:cert, nil) end # This setter initializes the selector # # @param [Integer] val Selector for the association. # 0 = Full Cert, 1 = SubjectPublicKeyInfo def selector=(val) if val.to_i < 0 || val.to_i > 1 raise ArgumentError, 'Invalid selector. Has to be 0 or 1' end @selector = val end # This setter initializes the mtype # # @param [Integer] val The Matching Type of the association. # 0 = Exact Match, 1 = SHA-256, 2 = SHA-512 def mtype=(val) if val.to_i < 0 || val.to_i > 2 raise ArgumentError, 'Invalid match type.'\ 'Has to be 0,1 or 2' end @mtype = val end # This setter initializes the usage # # @param [Integer] val Usage for the association. # 0 = PKIX-CA, 1 = PKIX-EE, 2 = DANE-TA, 3 = DANE-EE # @raise Cryptorecord::ArgumentError def usage=(val) if val.to_i < 0 || val.to_i > 3 raise ArgumentError, 'Invalid usage. Has to be 0,1,2 or 3' end @usage = val end # this setter initializes the certificate # # @param [OpenSSL::X509::Certificate] val the x509 certificate # @raise Cryptorecord::ArgumentError def cert=(val) unless val.is_a?(OpenSSL::X509::Certificate) || val.nil? raise ArgumentError, 'cert has to be a OpenSSL::X509::Certificate' end @cert = val end # This function reads in the certificate from file # # @param [String] file path to certificate-file def read_file(file) data = File.read(file) self.cert = OpenSSL::X509::Certificate.new(data) end # this function creates a hash-string defined by mtype and selector # @return depending on mtype and selector a proper hash will be returned # @raise Cryptorecord::MatchTypeError def fingerprint raise Cryptorecord::MatchTypeError, 'No certificate defined' if @cert.nil? case @mtype.to_i when 0 return bin_to_hex(msg) when 1 return OpenSSL::Digest::SHA256.new(msg).to_s when 2 return OpenSSL::Digest::SHA512.new(msg).to_s end end # This method concats the tlsa-record # # @return [String] tlsa dns-record as defined in rfc6698 def to_s "_#{@port}._#{@proto}.#{@host}. IN TLSA"\ " #{@usage} #{@selector} #{@mtype} #{fingerprint}" end private # This function selects the msg to hash using the selector # # @return if selector = 0 it returns cert.to_der, # if selector = 1 it returns cert.public_key.to_der def msg case @selector.to_i when 0 @cert.to_der when 1 @cert.public_key.to_der end end # This helper-function converts binary data into hex # # @param [String] str Binary-string # @return hex-string def bin_to_hex(str) str.each_byte.map { |b| b.to_s(16).rjust(2, '0') }.join end end |
Instance Method Details
#fingerprint ⇒ Object
this function creates a hash-string defined by mtype and selector
123 124 125 126 127 128 129 130 131 132 133 134 |
# File 'lib/cryptorecord/tlsa.rb', line 123 def fingerprint raise Cryptorecord::MatchTypeError, 'No certificate defined' if @cert.nil? case @mtype.to_i when 0 return bin_to_hex(msg) when 1 return OpenSSL::Digest::SHA256.new(msg).to_s when 2 return OpenSSL::Digest::SHA512.new(msg).to_s end end |
#read_file(file) ⇒ Object
This function reads in the certificate from file
115 116 117 118 |
# File 'lib/cryptorecord/tlsa.rb', line 115 def read_file(file) data = File.read(file) self.cert = OpenSSL::X509::Certificate.new(data) end |
#to_s ⇒ String
This method concats the tlsa-record
139 140 141 142 |
# File 'lib/cryptorecord/tlsa.rb', line 139 def to_s "_#{@port}._#{@proto}.#{@host}. IN TLSA"\ " #{@usage} #{@selector} #{@mtype} #{fingerprint}" end |