| Name | pyDANETLSA JSON |
| Version |
1.0.11
JSON |
| download |
| home_page | None |
| Summary | Python library to generate a TLSA record format based on the active certificate on a host. |
| upload_time | 2025-02-09 21:57:51 |
| maintainer | None |
| docs_url | None |
| author | None |
| requires_python | >=3.8 |
| license | MIT |
| keywords |
dane
tlsa
x.509
x509
certificate
|
| VCS |
 |
| bugtrack_url |
|
| requirements |
No requirements were recorded.
|
| Travis-CI |
No Travis.
|
| coveralls test coverage |
No coveralls.
|
Author: Oscar Koeroo
# pyDANETLSA
Generate TLSA record for DANE. Generated either by probing the resource and using a StartTLS or plain TLS handshake to extract the certificate, public key and formulate a TLSA 3 1 1 format. Also a X.509 in PEM or DER file format is possible.
## Class: danetlsa
### Initializer / __init__():
Start a new instance of pyDANETLSA and initialize it with the following named attributes:
* fqdn: Fully Qualified Domain Name which sets the full name of a host, e.g. smtp.koeroo.net. From this value the domain and host part is extracted. However, the algorithm expects a zone of two components, being the TLD and the zone name. If this is either three or one for gTLDs the calculation is borked. Use the ***domain*** attribute to force the calculation to become relative to the provided domain instead of guessing the zone structure.
* port: The TCP or UDP port number for with the DANE TLSA record is to be generated.
* tlsa\_protocol: Select the output TLSA protocol. Options are limited to 'tcp', 'udp' and 'sctp'. Default is 'tcp'.
* probe\_protocol: Selects the probe method/read method. Choices are fixed to:
* ***DANETLSA_IMAP***: Probes IMAP with StartTLS on the provided port.
* ***DANETLSA_POP3***: Probes POP3 with StartTLS on the provided port.
* ***DANETLSA_SMTP***: Probes SMTP with StartTLS on the provided port.
* ***DANETLSA_TLS***: Probes with plain TLS on the provided port.
* ***DANETLSA_PEM***: Reads a certificate from the ***certfile*** property. The file must be in PEM format.
* ***DANETLSA_DER***: Reads a certificate from the ***certfile*** property. The file must be in DER format.
* certfile: Optional for network probe ***protocol*** selections. File path to a PEM or DER certificate to read. File must exist and must be a file (or symlink to a file).
### connect()
This will trigger the reading of the file or start the network connection to the selected ***protocol*** to extract the certificate, transform the certificate in the right internal formats and generate the information required for a DANE TLSA record. This information can then be retried with other methods.
### subject_dn()
Returns the Subject DN in classic OpenSSL subject format.
```
/C=NL/ST=Zuid-Holland/L='s-Gravenhage/O=Rijksoverheid/CN=ncsc.nl
```
### process_pubkey_hex()
Internal function to process the public key hex value from the fetched certificate.
Returns the hex value
```
78a80c6362af724f11433375890632cc099cd55a985c6e4a4a8ad741fe032f35
```
### pubkey_hex()
Returns the hex value of the public key.
```
78a80c6362af724f11433375890632cc099cd55a985c6e4a4a8ad741fe032f35
```
### tlsa_rdata_3_1_1()
Returns the ***3 1 1*** format value.
```
3 1 1 78a80c6362af724f11433375890632cc099cd55a985c6e4a4a8ad741fe032f35
```
### tlsa_rr_name_host()
Returns the resource record name for TLSA appropriate for the service.
```
_25._tcp.smtp
```
### tlsa_rr_name_fqdn()
Returns the resource record name as full FQDN value for TLSA appropriate for the service.
```
_25._tcp.smtp.koeroo.net.
```
### tlsa_rr()
Returns full resource record, which looks a lot like a zone file.
```
_25._tcp.smtp IN TLSA 3 1 1 78a80c6362af724f11433375890632cc099cd55a985c6e4a4a8ad741fe032f35
```
### tlsa_rr_fqdn()
Returns full resource record, which looks a lot like a zone file, the host is now an absolute name.
```
_465._tcp.smtp.koeroo.net. IN TLSA 3 1 1 78a80c6362af724f11433375890632cc099cd55a985c6e4a4a8ad741fe032f35
```
### dns_tlsa()
Returns the TLSA resources records.
```
['2 1 1 8d02536c887482bc34ff54e41d2ba659bf85b341a0a20afadb5813dcfbcf286d', '3 1 1 3cf4ab0c2bf87ddb8b9425c2537d3b7841422eab3a8c5323fbdbd64e419b0a54']
```
### x509_not_valid_after()
Returns X.509 not valid after ISO8601 format.
```
2025-03-16T01:48:24
```
### match_cert_with_tlsa_rr()
Does the certificate match the TLSA resource record, false or true.
```
False (boolean)
```
### results_to_dict()
Results as a dictionary
```
dict
```
## Example:
```python
#!/usr/bin/env python3
import pyDANETLSA
print("Protocol support list:", pyDANETLSA.DANETLS_protocols)
d = pyDANETLSA.danetlsa(fqdn='smtp.koeroo.net.', port=25, protocol=pyDANETLSA.DANETLSA_SMTP)
d.connect()
print("TLSA RR with FQDN", d.tlsa_rr_fqdn())
print("Match DNS TLSA records with X.509 certificate:", d.match_cert_with_tlsa_rr())
```
Raw data
{
"_id": null,
"home_page": null,
"name": "pyDANETLSA",
"maintainer": null,
"docs_url": null,
"requires_python": ">=3.8",
"maintainer_email": null,
"keywords": "DANE, TLSA, X.509, X509, certificate",
"author": null,
"author_email": "Oscar Koeroo <okoeroo@gmail.com>",
"download_url": "https://files.pythonhosted.org/packages/b8/9f/9149889e89d8cc77ed1c23d8de1e1f4563d2bce8d36aa7c743425d7321b7/pydanetlsa-1.0.11.tar.gz",
"platform": null,
"description": "Author: Oscar Koeroo\n\n\n# pyDANETLSA\nGenerate TLSA record for DANE. Generated either by probing the resource and using a StartTLS or plain TLS handshake to extract the certificate, public key and formulate a TLSA 3 1 1 format. Also a X.509 in PEM or DER file format is possible.\n\n## Class: danetlsa\n### Initializer / __init__():\nStart a new instance of pyDANETLSA and initialize it with the following named attributes:\n\n* fqdn: Fully Qualified Domain Name which sets the full name of a host, e.g. smtp.koeroo.net. From this value the domain and host part is extracted. However, the algorithm expects a zone of two components, being the TLD and the zone name. If this is either three or one for gTLDs the calculation is borked. Use the ***domain*** attribute to force the calculation to become relative to the provided domain instead of guessing the zone structure.\n* port: The TCP or UDP port number for with the DANE TLSA record is to be generated.\n* tlsa\\_protocol: Select the output TLSA protocol. Options are limited to 'tcp', 'udp' and 'sctp'. Default is 'tcp'.\n* probe\\_protocol: Selects the probe method/read method. Choices are fixed to:\n\n * ***DANETLSA_IMAP***: Probes IMAP with StartTLS on the provided port.\n * ***DANETLSA_POP3***: Probes POP3 with StartTLS on the provided port.\n * ***DANETLSA_SMTP***: Probes SMTP with StartTLS on the provided port.\n * ***DANETLSA_TLS***: Probes with plain TLS on the provided port.\n * ***DANETLSA_PEM***: Reads a certificate from the ***certfile*** property. The file must be in PEM format.\n * ***DANETLSA_DER***: Reads a certificate from the ***certfile*** property. The file must be in DER format.\n\n* certfile: Optional for network probe ***protocol*** selections. File path to a PEM or DER certificate to read. File must exist and must be a file (or symlink to a file).\n\n### connect()\nThis will trigger the reading of the file or start the network connection to the selected ***protocol*** to extract the certificate, transform the certificate in the right internal formats and generate the information required for a DANE TLSA record. This information can then be retried with other methods.\n\n### subject_dn()\nReturns the Subject DN in classic OpenSSL subject format.\n```\n/C=NL/ST=Zuid-Holland/L='s-Gravenhage/O=Rijksoverheid/CN=ncsc.nl\n```\n\n### process_pubkey_hex()\nInternal function to process the public key hex value from the fetched certificate.\nReturns the hex value\n```\n78a80c6362af724f11433375890632cc099cd55a985c6e4a4a8ad741fe032f35\n```\n\n### pubkey_hex()\nReturns the hex value of the public key.\n```\n78a80c6362af724f11433375890632cc099cd55a985c6e4a4a8ad741fe032f35\n```\n\n### tlsa_rdata_3_1_1()\nReturns the ***3 1 1*** format value.\n```\n3 1 1 78a80c6362af724f11433375890632cc099cd55a985c6e4a4a8ad741fe032f35\n```\n\n### tlsa_rr_name_host()\nReturns the resource record name for TLSA appropriate for the service.\n```\n_25._tcp.smtp\n```\n\n### tlsa_rr_name_fqdn()\nReturns the resource record name as full FQDN value for TLSA appropriate for the service.\n```\n_25._tcp.smtp.koeroo.net.\n```\n\n### tlsa_rr()\nReturns full resource record, which looks a lot like a zone file.\n```\n_25._tcp.smtp IN TLSA 3 1 1 78a80c6362af724f11433375890632cc099cd55a985c6e4a4a8ad741fe032f35\n```\n\n### tlsa_rr_fqdn()\nReturns full resource record, which looks a lot like a zone file, the host is now an absolute name.\n```\n_465._tcp.smtp.koeroo.net. IN TLSA 3 1 1 78a80c6362af724f11433375890632cc099cd55a985c6e4a4a8ad741fe032f35\n```\n\n### dns_tlsa()\nReturns the TLSA resources records.\n```\n['2 1 1 8d02536c887482bc34ff54e41d2ba659bf85b341a0a20afadb5813dcfbcf286d', '3 1 1 3cf4ab0c2bf87ddb8b9425c2537d3b7841422eab3a8c5323fbdbd64e419b0a54']\n```\n\n### x509_not_valid_after()\nReturns X.509 not valid after ISO8601 format.\n```\n2025-03-16T01:48:24\n```\n\n### match_cert_with_tlsa_rr()\nDoes the certificate match the TLSA resource record, false or true.\n```\nFalse (boolean)\n```\n\n### results_to_dict()\nResults as a dictionary\n```\ndict\n```\n\n\n## Example:\n```python\n#!/usr/bin/env python3\n\nimport pyDANETLSA\n\nprint(\"Protocol support list:\", pyDANETLSA.DANETLS_protocols)\n\nd = pyDANETLSA.danetlsa(fqdn='smtp.koeroo.net.', port=25, protocol=pyDANETLSA.DANETLSA_SMTP)\nd.connect()\nprint(\"TLSA RR with FQDN\", d.tlsa_rr_fqdn())\nprint(\"Match DNS TLSA records with X.509 certificate:\", d.match_cert_with_tlsa_rr())\n```\n\n",
"bugtrack_url": null,
"license": "MIT",
"summary": "Python library to generate a TLSA record format based on the active certificate on a host.",
"version": "1.0.11",
"project_urls": {
"Homepage": "https://github.com/okoeroo/pyDANETLSA",
"Issues": "https://github.com/okoeroo/pyDANETLSA/issues",
"Repository": "https://github.com/okoeroo/pyDANETLSA"
},
"split_keywords": [
"dane",
" tlsa",
" x.509",
" x509",
" certificate"
],
"urls": [
{
"comment_text": null,
"digests": {
"blake2b_256": "e61514b19ad8d02d156e21e2398f298472f6b36edc9723f97da57d53b9ddd33b",
"md5": "de4bb72d21c6d465b8a15a0ee821dbca",
"sha256": "d0765c7079c438ca41064be6f262107c6124bd8446872b9ba93d8a6cdb0c0e93"
},
"downloads": -1,
"filename": "pyDANETLSA-1.0.11-py3-none-any.whl",
"has_sig": false,
"md5_digest": "de4bb72d21c6d465b8a15a0ee821dbca",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": ">=3.8",
"size": 11688,
"upload_time": "2025-02-09T21:57:49",
"upload_time_iso_8601": "2025-02-09T21:57:49.678476Z",
"url": "https://files.pythonhosted.org/packages/e6/15/14b19ad8d02d156e21e2398f298472f6b36edc9723f97da57d53b9ddd33b/pyDANETLSA-1.0.11-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": null,
"digests": {
"blake2b_256": "b89f9149889e89d8cc77ed1c23d8de1e1f4563d2bce8d36aa7c743425d7321b7",
"md5": "4afce207b114597001036e055f0f581b",
"sha256": "3885cf3b4acc6a60fff963fd4b278024545684b160c3600c2ff290ae5f3824cb"
},
"downloads": -1,
"filename": "pydanetlsa-1.0.11.tar.gz",
"has_sig": false,
"md5_digest": "4afce207b114597001036e055f0f581b",
"packagetype": "sdist",
"python_version": "source",
"requires_python": ">=3.8",
"size": 11875,
"upload_time": "2025-02-09T21:57:51",
"upload_time_iso_8601": "2025-02-09T21:57:51.575703Z",
"url": "https://files.pythonhosted.org/packages/b8/9f/9149889e89d8cc77ed1c23d8de1e1f4563d2bce8d36aa7c743425d7321b7/pydanetlsa-1.0.11.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2025-02-09 21:57:51",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "okoeroo",
"github_project": "pyDANETLSA",
"travis_ci": false,
"coveralls": false,
"github_actions": false,
"lcname": "pydanetlsa"
}
