Metadata-Version: 1.1
Name: dane-discovery
Version: 0.11
Summary: A library for using DANE for public key discovery.
Home-page: https://github.com/valimail/dane_discovery
Author: Ash Wilson
Author-email: ash.d.wilson@gmail.com
License: BSD
Description: ==============
        dane-discovery
        ==============
        
        
        A library for using
        `DANE TLSA records <https://tools.ietf.org/html/rfc6698>`_ for
        certificate discovery.
        
        
        .. image:: https://readthedocs.org/projects/dane-discovery/badge/?version=latest
            :target: https://dane-discovery.readthedocs.io/en/latest/?badge=latest
            :alt: Documentation Status
        
        
        .. image:: https://circleci.com/gh/ValiMail/dane-discovery.svg?style=shield
            :target: https://circleci.com/gh/ValiMail/dane-discovery
        
        
        .. image:: https://api.codeclimate.com/v1/badges/ec76c78dc4ac97b4b5f7/maintainability
            :target: https://codeclimate.com/github/ValiMail/dane-discovery/maintainability
            :alt: Maintainability
        
        
        .. image:: https://api.codeclimate.com/v1/badges/ec76c78dc4ac97b4b5f7/test_coverage
           :target: https://codeclimate.com/github/ValiMail/dane-discovery/test_coverage
           :alt: Test Coverage
        
        
        Quick Start
        ===========
        
        Installation
        ------------
        
        ``pip install dane-discovery``
        
        
        Load a certificate from DNS and print the PEM representation
        ------------------------------------------------------------
        
        .. code-block:: python
        
            from dane_discovery.dane import DANE
            dns_name = "dns.name.having.a.tlsa.record"
            tlsa_record = DANE.get_first_leaf_certificate(dns_name)
            if not tlsa_record:
                raise ValueError("No leaf certificate found for {}.".format(dns_name))
        
            der_cert = DANE.certificate_association_to_der(tlsa_record["certificate_association"])
            print(DANE.der_to_pem(der_cert))
        
        
            Load a DANE identity from DNS and print the request context
            -----------------------------------------------------------
        
        .. code-block:: python
        
            from dane_discovery.identity import Identity
            dns_name = "dns.name.having.a.tlsa.record"
            dane_identity = Identity(dns_name)
            print(dane_identity)
        
            Name: abc123.air-quality-sensor._device.example.net
            Request context:
              DNSSEC: False
              TLS: False
              TCP: True
            Credential index: 0
              certificate usage: DANE-EE
              selector: Full certificate match
              matching type: Exact match against certificate association
              x509 attributes:
                {'extensions': {'BasicConstrints': {'ca': False, 'path_length': None},
                                'KeyUsage': {'content_commitment': True,
                                             'crl_sign': False,
                                             'data_encipherment': False,
                                             'digital_signature': True,
                                             'key_agreement': False,
                                             'key_cert_sign': False,
                                             'key_encipherment': True}},
                 'subject': {'commonName': 'abc123.air-quality-sensor._device.example.net',
                             'countryName': 'US',
                             'organizationName': 'Example Networks',
                             'stateOrProvinceName': 'CA'}}
        
        
        
        
        
        `More examples <https://dane-discovery.readthedocs.io/en/latest/getting_started.html>`_
        
        Changelog
        =========
        
        
        v0.10
        -----
        
        Changes
        ~~~~~~~
        - Generate DER certificates, include as a control in testing when
          changing representations between PEM, TLSA, DER. [Ash Wilson]
        
        Other
        ~~~~~
        - Build(deps): update requests requirement from ~=2.24.0 to
          >=2.24,<2.26. [dependabot[bot]]
        
          Updates the requirements on [requests](https://github.com/psf/requests) to permit the latest version.
          - [Release notes](https://github.com/psf/requests/releases)
          - [Changelog](https://github.com/psf/requests/blob/master/HISTORY.md)
          - [Commits](https://github.com/psf/requests/compare/v2.24.0...v2.25.1)
        - Build(deps): bump dnspython from 2.0.0 to 2.1.0. [dependabot[bot]]
        
          Bumps [dnspython](https://github.com/rthalley/dnspython) from 2.0.0 to 2.1.0.
          - [Release notes](https://github.com/rthalley/dnspython/releases)
          - [Changelog](https://github.com/rthalley/dnspython/blob/master/doc/whatsnew.rst)
          - [Commits](https://github.com/rthalley/dnspython/compare/v2.0.0...v2.1.0)
        - Build(deps): update pytest-cov requirement from ~=2.10 to ~=2.11.
          [dependabot[bot]]
        
          Updates the requirements on [pytest-cov](https://github.com/pytest-dev/pytest-cov) to permit the latest version.
          - [Release notes](https://github.com/pytest-dev/pytest-cov/releases)
          - [Changelog](https://github.com/pytest-dev/pytest-cov/blob/master/CHANGELOG.rst)
          - [Commits](https://github.com/pytest-dev/pytest-cov/compare/v2.10.0...v2.11.1)
        - Build(deps): update requests-mock requirement from ~=1.8.0 to ~=1.9.2.
          [dependabot[bot]]
        
          Updates the requirements on [requests-mock](https://github.com/jamielennox/requests-mock) to permit the latest version.
          - [Release notes](https://github.com/jamielennox/requests-mock/releases)
          - [Commits](https://github.com/jamielennox/requests-mock/compare/1.8.0...1.9.2)
        - Build(deps): update sphinx requirement from ~=3.1 to ~=4.0.
          [dependabot[bot]]
        
          Updates the requirements on [sphinx](https://github.com/sphinx-doc/sphinx) to permit the latest version.
          - [Release notes](https://github.com/sphinx-doc/sphinx/releases)
          - [Changelog](https://github.com/sphinx-doc/sphinx/blob/4.x/CHANGES)
          - [Commits](https://github.com/sphinx-doc/sphinx/compare/v3.1.0...v4.0.1)
        - Build(deps): update pytest requirement from ~=6.0 to ~=6.2.
          [dependabot[bot]]
        
          Updates the requirements on [pytest](https://github.com/pytest-dev/pytest) to permit the latest version.
          - [Release notes](https://github.com/pytest-dev/pytest/releases)
          - [Changelog](https://github.com/pytest-dev/pytest/blob/main/CHANGELOG.rst)
          - [Commits](https://github.com/pytest-dev/pytest/compare/6.0.0...6.2.4)
        - Create dependabot.yml. [Peter Goldstein]
        
        
        v0.9 (2021-03-02)
        -----------------
        
        Changes
        ~~~~~~~
        - Add filtering to certificate retrieval tool. [Ash Wilson]
        
          Close #39
        - Rename CLI sc8ripts to align with package name. [Ash Wilson]
        
          Close #38
        
        
        v0.8 (2021-02-27)
        -----------------
        
        New
        ~~~
        - Add dane_pkix_cd_get_ca_certificates. [Ash Wilson]
        
          Close #32
        - Add dane_pkix_cd_get_certificates. [Ash Wilson]
        
          Close #31
        - Add authenticate_pkix_cd script. [Ash Wilson]
        
          Close #29
        - Add PKIX-CD validation for local certificates. [Ash Wilson]
        
          Close #28
        
        
        v0.7 (2021-02-18)
        -----------------
        
        New
        ~~~
        - Add certificate_object to output from Identity.process_tlsa() [Ash
          Wilson]
        
          Close #23
        - Add support for EC certificates and keys. [Ash Wilson]
        
          Close #24
        
        
        v0.6 (2020-11-10)
        -----------------
        
        New
        ~~~
        - Add support for PKIX-CD. [Ash Wilson]
        
          Breaking changes! Test thoroughly before updating to this version!
        
          Close #20
        - Add Identity.get_ca_certificate_for_identity() [Ash Wilson]
        
          Close #18
        - Add Identity.verify_certificate_signature(). [Ash Wilson]
        
        
        v0.5 (2020-10-15)
        -----------------
        
        Fix
        ~~~
        - Clean up parsing of TLSA records when DNSSEC is in use. [Ash Wilson]
        
        
        v0.4 (2020-10-15)
        -----------------
        
        Fix
        ~~~
        - Fix parsing of full DNS response message. [Ash Wilson]
        
        
        v0.3 (2020-10-15)
        -----------------
        
        New
        ~~~
        - Identity __repr__() indicates request context and x509 extensions.
          [Ash Wilson]
        
        Changes
        ~~~~~~~
        - DANE.get_tlsa_records() returns request context. [Ash Wilson]
        
        
        v0.2 (2020-08-13)
        -----------------
        
        New
        ~~~
        - Support generating TLSA records for matching type 1, 2. [Ash Wilson]
        
          Closes #3
        
        
        v0.1 (2020-08-04)
        -----------------
        
        New
        ~~~
        - Add certificate_association_to_der() and der_to_pem() for formatting
          certs from TLSA RRs. [Ash Wilson]
        
        
        
Keywords: dane tlsa dns certificate discovery
Platform: UNKNOWN
Classifier: Development Status :: 4 - Beta
Classifier: Intended Audience :: Developers
Classifier: Operating System :: MacOS :: MacOS X
Classifier: Operating System :: POSIX :: Linux
Classifier: Programming Language :: Python :: 3.7
Classifier: Topic :: Security
Classifier: License :: OSI Approved :: BSD License
