cryptorecord 0.9.1

data/lib/cryptorecord/tlsa.rb

@@ -0,0 +1,167 @@
+#--
+# Copyright (C) 2018 Wolfgang Hotwagner <code@feedyourhead.at>
+#
+# This file is part of the cryptorecord gem
+#
+# This cryptorecord gem is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+#
+# This cryptorecord gem is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this cryptorecord gem; if not, write to the
+# Free Software Foundation, Inc., 51 Franklin St, Fifth Floor,
+# Boston, MA  02110-1301  USA
+#++
+
+# This module provides the api for cryptorecords
+module Cryptorecord
+  require 'openssl'
+  # Cryptorecord::Tlsa-class generates
+  # tlsa-dns-records.
+  # @!attribute [r] selector
+  #   @return [Integer] the selector
+  # @!attribute [r] mtype
+  #   @return [Integer] the match-type
+  # @!attribute [r] usage
+  #   @return [Integer] the usage
+  # @!attribute cert
+  #   @return [String] the x509 certificate
+  # @!attribute host
+  #   @return [String] the fqdn for the record
+  # @!attribute proto
+  #   @return [String] the network protocol
+  # @!attribute port
+  #   @return [String] the network port
+  class Tlsa
+    attr_reader :selector, :mtype, :usage, :cert
+    attr_accessor :host, :proto, :port
+
+    # constructor for the tlsa-object
+    #
+    # @param [Hash] args
+    # @option args [Integer] mtype the matching type
+    # @option args [Integer] selector the selector for the tlsa-record
+    # @option args [String] host host-part for the tlsa-record
+    # @option args [String] proto the network-protocol for the tlsa-record
+    # @option args [Integer] port the network-port for the tlsa-record
+    # @option args [Integer] usage the usage for this record
+    # @option args [String] cert the certificate as a string
+    def initialize(args = {})
+      self.mtype = args.fetch(:mtype, 1)
+      self.selector = args.fetch(:selector, 0)
+      @host = args.fetch(:host, 'localhost')
+      @proto = args.fetch(:proto, 'tcp')
+      @port = args.fetch(:port, 443)
+      self.usage = args.fetch(:usage, 3)
+      self.cert = args.fetch(:cert, nil)
+    end
+
+    # This setter initializes the selector
+    #
+    # @param [Integer] val Selector for the association.
+    #  0 = Full Cert, 1 = SubjectPublicKeyInfo
+    def selector=(val)
+      if val.to_i < 0 || val.to_i > 1
+        raise ArgumentError, 'Invalid selector. Has to be 0 or 1'
+      end
+      @selector = val
+    end
+
+    # This setter initializes the mtype
+    #
+    # @param [Integer] val The Matching Type of the association.
+    # 0 = Exact Match, 1 = SHA-256, 2 = SHA-512
+    def mtype=(val)
+      if val.to_i < 0 || val.to_i > 2
+        raise ArgumentError, 'Invalid match type.'\
+	'Has to be 0,1 or 2'
+      end
+      @mtype = val
+    end
+
+    # This setter initializes the usage
+    #
+    # @param [Integer] val Usage for the association.
+    #   0 = PKIX-CA, 1 = PKIX-EE, 2 = DANE-TA, 3 = DANE-EE
+    # @raise Cryptorecord::ArgumentError
+    def usage=(val)
+      if val.to_i < 0 || val.to_i > 3
+        raise ArgumentError, 'Invalid usage. Has to be 0,1,2 or 3'
+      end
+      @usage = val
+    end
+
+    # this setter initializes the certificate
+    #
+    # @param [OpenSSL::X509::Certificate] val the x509 certificate
+    # @raise Cryptorecord::ArgumentError
+    def cert=(val)
+      unless val.is_a?(OpenSSL::X509::Certificate) || val.nil?
+        raise ArgumentError, 'cert has to be a OpenSSL::X509::Certificate'
+      end
+
+      @cert = val
+    end
+
+    # This function reads in the certificate from file
+    #
+    # @param [String] file path to certificate-file
+    def read_file(file)
+      data = File.read(file)
+      self.cert = OpenSSL::X509::Certificate.new(data)
+    end
+
+    # this function creates a hash-string defined by mtype and selector
+    # @return depending on mtype and selector a proper hash will be returned
+    # @raise Cryptorecord::MatchTypeError
+    def fingerprint
+      raise Cryptorecord::MatchTypeError, 'No certificate defined' if @cert.nil?
+
+      case @mtype.to_i
+      when 0
+        return bin_to_hex(msg)
+      when 1
+        return OpenSSL::Digest::SHA256.new(msg).to_s
+      when 2
+        return OpenSSL::Digest::SHA512.new(msg).to_s
+      end
+    end
+
+    # This method concats the tlsa-record
+    #
+    # @return [String] tlsa dns-record as defined in rfc6698
+    def to_s
+      "_#{@port}._#{@proto}.#{@host}. IN TLSA"\
+      " #{@usage} #{@selector} #{@mtype} #{fingerprint}"
+    end
+
+    private
+
+    # This function selects the msg to hash using the selector
+    #
+    # @return if selector = 0 it returns cert.to_der,
+    # if selector = 1 it returns cert.public_key.to_der
+    def msg
+      case @selector.to_i
+      when 0
+        @cert.to_der
+      when 1
+        @cert.public_key.to_der
+      end
+    end
+
+    # This helper-function converts binary data into hex
+    #
+    # @param [String] str Binary-string
+    # @return hex-string
+    def bin_to_hex(str)
+      str.each_byte.map { |b| b.to_s(16).rjust(2, '0') }.join
+    end
+  end
+end

data/lib/cryptorecord/version.rb

@@ -0,0 +1,24 @@
+#--
+# Copyright (C) 2018 Wolfgang Hotwagner <code@feedyourhead.at>
+#
+# This file is part of the cryptorecord gem
+#
+# This cryptorecord gem is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+#
+# This cryptorecord gem is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this cryptorecord gem; if not, write to the
+# Free Software Foundation, Inc., 51 Franklin St, Fifth Floor,
+# Boston, MA  02110-1301  USA
+#++
+module Cryptorecord
+  # Guess what..
+  VERSION = '0.9.1'.freeze
+end

metadata

@@ -0,0 +1,131 @@
+--- !ruby/object:Gem::Specification
+name: cryptorecord
+version: !ruby/object:Gem::Version
+  version: 0.9.1
+platform: ruby
+authors:
+- Wolfgang Hotwagner
+autorequire: 
+bindir: exe
+cert_chain: []
+date: 2018-05-07 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.13'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.13'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+description: "This gem provides an API and scripts for creating crypto-related dns-records(e.g.
+  DANE).   \nAt the moment the following records are supported:\n  * TLSA\n  * SSHFP\n
+  \ * OPENPGPKEYS\n\nThis API does not create nor provide any public keys or certificates.
+  It uses existing keys\nto create the dns-records.\n"
+email:
+- code@feedyourhead.at
+executables:
+- openpgpkeysrecord
+- sshfprecord
+- tlsarecord
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- ".rspec"
+- ".rubocop.yml"
+- ".travis.yml"
+- Gemfile
+- LICENSE.txt
+- README.md
+- Rakefile
+- bin/console
+- bin/setup
+- cryptorecord.gemspec
+- exe/openpgpkeysrecord
+- exe/sshfprecord
+- exe/tlsarecord
+- lib/cryptorecord.rb
+- lib/cryptorecord/.yardoc/checksums
+- lib/cryptorecord/.yardoc/complete
+- lib/cryptorecord/.yardoc/object_types
+- lib/cryptorecord/.yardoc/objects/root.dat
+- lib/cryptorecord/.yardoc/proxy_types
+- lib/cryptorecord/doc/_index.html
+- lib/cryptorecord/doc/class_list.html
+- lib/cryptorecord/doc/css/common.css
+- lib/cryptorecord/doc/css/full_list.css
+- lib/cryptorecord/doc/css/style.css
+- lib/cryptorecord/doc/file_list.html
+- lib/cryptorecord/doc/frames.html
+- lib/cryptorecord/doc/index.html
+- lib/cryptorecord/doc/js/app.js
+- lib/cryptorecord/doc/js/full_list.js
+- lib/cryptorecord/doc/js/jquery.js
+- lib/cryptorecord/doc/method_list.html
+- lib/cryptorecord/doc/top-level-namespace.html
+- lib/cryptorecord/exceptions.rb
+- lib/cryptorecord/openpgpkeys.rb
+- lib/cryptorecord/sshfp.rb
+- lib/cryptorecord/tlsa.rb
+- lib/cryptorecord/version.rb
+homepage: https://github.com/whotwagner/cryptorecord
+licenses:
+- GPL
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.7.6
+signing_key: 
+specification_version: 4
+summary: cryptorecord is a ruby-gem that helps creating crypto-related dns-records
+  like tlsa/sshfp/openpgpkey
+test_files: []