A library for using DANE for public key discovery.
Project description
A library for using DANE TLSA records for certificate discovery.
Quick Start
Installation
pip install dane-discovery
Load a certificate from DNS and print the PEM representation
from dane_discovery.dane import DANE
dns_name = "dns.name.having.a.tlsa.record"
tlsa_record = DANE.get_first_leaf_certificate(dns_name)
if not tlsa_record:
raise ValueError("No leaf certificate found for {}.".format(dns_name))
der_cert = DANE.certificate_association_to_der(tlsa_record["certificate_association"])
print(DANE.der_to_pem(der_cert))
Load a DANE identity from DNS and print the request context
-----------------------------------------------------------
from dane_discovery.identity import Identity
dns_name = "dns.name.having.a.tlsa.record"
dane_identity = Identity(dns_name)
print(dane_identity)
Name: abc123.air-quality-sensor._device.example.net
Request context:
DNSSEC: False
TLS: False
TCP: True
Credential index: 0
certificate usage: DANE-EE
selector: Full certificate match
matching type: Exact match against certificate association
x509 attributes:
{'extensions': {'BasicConstrints': {'ca': False, 'path_length': None},
'KeyUsage': {'content_commitment': True,
'crl_sign': False,
'data_encipherment': False,
'digital_signature': True,
'key_agreement': False,
'key_cert_sign': False,
'key_encipherment': True}},
'subject': {'commonName': 'abc123.air-quality-sensor._device.example.net',
'countryName': 'US',
'organizationName': 'Example Networks',
'stateOrProvinceName': 'CA'}}
Changelog
v0.4
Fix
Fix parsing of full DNS response message. [Ash Wilson]
v0.3 (2020-10-15)
New
Identity __repr__() indicates request context and x509 extensions. [Ash Wilson]
Changes
DANE.get_tlsa_records() returns request context. [Ash Wilson]
v0.2 (2020-08-13)
New
Support generating TLSA records for matching type 1, 2. [Ash Wilson]
Closes #3
v0.1 (2020-08-04)
New
Add certificate_association_to_der() and der_to_pem() for formatting certs from TLSA RRs. [Ash Wilson]
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
dane_discovery-0.4.tar.gz
(8.9 kB
view hashes)
Built Distribution
Close
Hashes for dane_discovery-0.4-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | a3eb2c3d4626eebfe73140f7a2bb6b1662509e6837defeaf81b1025c9258b815 |
|
MD5 | 39b9ed6d03ef9d630f92710619631ed7 |
|
BLAKE2b-256 | 2e7ae7deb30219d3bc614034b33605c5af4f437ecaf1c5a0ab0ff29550b06602 |