A library for using DANE for public key discovery.

Navigation

Project links

Statistics

View statistics for this project via Libraries.io, or by using our public dataset on Google BigQuery

Meta

License: BSD License (BSD)

Author: Ash Wilson

Tags dane, tlsa, dns, certificate, discovery

Maintainers

Avatar for ashdwilson from gravatar.com ashdwilson Avatar for Valimail from gravatar.com Valimail

Classifiers

Project description

A library for using DANE TLSA records for certificate discovery.

Documentation Status https://circleci.com/gh/ValiMail/dane-discovery.svg?style=shield Maintainability Test Coverage

Quick Start

Installation

pip install dane-discovery

Load a certificate from DNS and print the PEM representation

from dane_discovery.dane import DANE
from dane_discovery.pki import PKI
dns_name = "dns.name.having.a.tlsa.record"
tlsa_record = DANE.get_first_leaf_certificate(dns_name)
if not tlsa_record:
    raise ValueError("No leaf certificate found for {}.".format(dns_name))

der_cert = PKI.certificate_association_to_der(tlsa_record["certificate_association"])
print(PKI.der_to_pem(der_cert))

Load a DANE identity from DNS and print the request context

from dane_discovery.identity import Identity
dns_name = "dns.name.having.a.tlsa.record"
dane_identity = Identity(dns_name)
print(dane_identity.report())

Name: abc123.air-quality-sensor._device.example.net
Request context:
  DNSSEC: False
  TLS: False
  TCP: True
Credential index: 0
  certificate usage: DANE-EE
  selector: Full certificate match
  matching type: Exact match against certificate association
  x509 attributes:
    {'extensions': {'BasicConstrints': {'ca': False, 'path_length': None},
                    'KeyUsage': {'content_commitment': True,
                                 'crl_sign': False,
                                 'data_encipherment': False,
                                 'digital_signature': True,
                                 'key_agreement': False,
                                 'key_cert_sign': False,
                                 'key_encipherment': True}},
     'subject': {'commonName': 'abc123.air-quality-sensor._device.example.net',
                 'countryName': 'US',
                 'organizationName': 'Example Networks',
                 'stateOrProvinceName': 'CA'}}

More examples

Project details

Project links

Statistics

View statistics for this project via Libraries.io, or by using our public dataset on Google BigQuery

Meta

License: BSD License (BSD)

Author: Ash Wilson

Tags dane, tlsa, dns, certificate, discovery

Maintainers

Avatar for ashdwilson from gravatar.com ashdwilson Avatar for Valimail from gravatar.com Valimail

Classifiers


Release history Release notifications | RSS feed

This version

0.22

0.21

0.20

0.19

0.18

0.17

0.16

0.15

0.14

0.13

0.12

0.11

0.10

0.9

0.8

0.7

0.6

0.5

0.4

0.3

0.2

0.1

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

dane_discovery-0.22.tar.gz (21.2 kB view hashes)

Uploaded source

Built Distribution

dane_discovery-0.22-py3-none-any.whl (21.4 kB view hashes)

Uploaded py3

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page