Getting Started¶
Create a TLSA record¶
Generate a TLSA record for a certificate.
from dane_discovery.dane import DANE
with open("path/to/your/cert.pem", "rb") as file:
certificate = file.read()
print(DANE.generate_tlsa_record(3, 0, 0, certificate))
TLSA to PEM¶
Load a certificate from DNS and print the PEM representation
from dane_discovery.dane import DANE
from dane_discovery.pki import PKI
dns_name = "dns.name.where.a.cert.tlsa.can.be.found"
tlsa_record = DANE.get_first_leaf_certificate(dns_name)
if not tlsa_record:
raise ValueError("No leaf certificate found for {}.".format(dns_name))
der_cert = PKI.certificate_association_to_der(tlsa_record["certificate_association"])
print(PKI.der_to_pem(der_cert))
TLSA to x.509¶
Generate an x.509 object from a certificate in a TLSA record
from dane_discovery.dane import DANE
from dane_discovery.pki import PKI
dns_name = "dns.name.of.tlsa_record"
tlsa_records = DANE.get_tlsa_records(dns_name)
tlsa_record = tlsa_records[0]
if tlsa_record["matching_type"] != 0:
print("This is not configured as a certificate-bearing TLSA record.")
certificate_association = tlsa_record["certificate_association"]
x509_obj = PKI.build_x509_object(certificate_association)
print(x509_obj.subject)
Further Exploration¶
From the Certificate object we retrieved in the prior example, we can extract the public key, and read the various attributes of the certificate. For more information, continue reading in the Python cryptography library