Metadata-Version: 1.1
Name: dane-discovery
Version: 0.8
Summary: A library for using DANE for public key discovery.
Home-page: https://github.com/valimail/dane_discovery
Author: Ash Wilson
Author-email: ash.d.wilson@gmail.com
License: BSD
Description: ==============
        dane-discovery
        ==============
        
        
        A library for using
        `DANE TLSA records <https://tools.ietf.org/html/rfc6698>`_ for
        certificate discovery.
        
        
        .. image:: https://readthedocs.org/projects/dane-discovery/badge/?version=latest
            :target: https://dane-discovery.readthedocs.io/en/latest/?badge=latest
            :alt: Documentation Status
        
        
        .. image:: https://circleci.com/gh/ValiMail/dane-discovery.svg?style=shield
            :target: https://circleci.com/gh/ValiMail/dane-discovery
        
        
        .. image:: https://api.codeclimate.com/v1/badges/ec76c78dc4ac97b4b5f7/maintainability
            :target: https://codeclimate.com/github/ValiMail/dane-discovery/maintainability
            :alt: Maintainability
        
        
        .. image:: https://api.codeclimate.com/v1/badges/ec76c78dc4ac97b4b5f7/test_coverage
           :target: https://codeclimate.com/github/ValiMail/dane-discovery/test_coverage
           :alt: Test Coverage
        
        
        Quick Start
        ===========
        
        Installation
        ------------
        
        ``pip install dane-discovery``
        
        
        Load a certificate from DNS and print the PEM representation
        ------------------------------------------------------------
        
        .. code-block:: python
        
            from dane_discovery.dane import DANE
            dns_name = "dns.name.having.a.tlsa.record"
            tlsa_record = DANE.get_first_leaf_certificate(dns_name)
            if not tlsa_record:
                raise ValueError("No leaf certificate found for {}.".format(dns_name))
        
            der_cert = DANE.certificate_association_to_der(tlsa_record["certificate_association"])
            print(DANE.der_to_pem(der_cert))
        
        
            Load a DANE identity from DNS and print the request context
            -----------------------------------------------------------
        
        .. code-block:: python
        
            from dane_discovery.identity import Identity
            dns_name = "dns.name.having.a.tlsa.record"
            dane_identity = Identity(dns_name)
            print(dane_identity)
        
            Name: abc123.air-quality-sensor._device.example.net
            Request context:
              DNSSEC: False
              TLS: False
              TCP: True
            Credential index: 0
              certificate usage: DANE-EE
              selector: Full certificate match
              matching type: Exact match against certificate association
              x509 attributes:
                {'extensions': {'BasicConstrints': {'ca': False, 'path_length': None},
                                'KeyUsage': {'content_commitment': True,
                                             'crl_sign': False,
                                             'data_encipherment': False,
                                             'digital_signature': True,
                                             'key_agreement': False,
                                             'key_cert_sign': False,
                                             'key_encipherment': True}},
                 'subject': {'commonName': 'abc123.air-quality-sensor._device.example.net',
                             'countryName': 'US',
                             'organizationName': 'Example Networks',
                             'stateOrProvinceName': 'CA'}}
        
        
        
        
        
        `More examples <https://dane-discovery.readthedocs.io/en/latest/getting_started.html>`_
        
        Changelog
        =========
        
        
        v0.8
        ----
        
        New
        ~~~
        - Add dane_pkix_cd_get_ca_certificates. [Ash Wilson]
        
          Close #32
        - Add dane_pkix_cd_get_certificates. [Ash Wilson]
        
          Close #31
        - Add authenticate_pkix_cd script. [Ash Wilson]
        
          Close #29
        - Add PKIX-CD validation for local certificates. [Ash Wilson]
        
          Close #28
        
        
        v0.7 (2021-02-18)
        -----------------
        
        New
        ~~~
        - Add certificate_object to output from Identity.process_tlsa() [Ash
          Wilson]
        
          Close #23
        - Add support for EC certificates and keys. [Ash Wilson]
        
          Close #24
        
        
        v0.6 (2020-11-10)
        -----------------
        
        New
        ~~~
        - Add support for PKIX-CD. [Ash Wilson]
        
          Breaking changes! Test thoroughly before updating to this version!
        
          Close #20
        - Add Identity.get_ca_certificate_for_identity() [Ash Wilson]
        
          Close #18
        - Add Identity.verify_certificate_signature(). [Ash Wilson]
        
        
        v0.5 (2020-10-15)
        -----------------
        
        Fix
        ~~~
        - Clean up parsing of TLSA records when DNSSEC is in use. [Ash Wilson]
        
        
        v0.4 (2020-10-15)
        -----------------
        
        Fix
        ~~~
        - Fix parsing of full DNS response message. [Ash Wilson]
        
        
        v0.3 (2020-10-15)
        -----------------
        
        New
        ~~~
        - Identity __repr__() indicates request context and x509 extensions.
          [Ash Wilson]
        
        Changes
        ~~~~~~~
        - DANE.get_tlsa_records() returns request context. [Ash Wilson]
        
        
        v0.2 (2020-08-13)
        -----------------
        
        New
        ~~~
        - Support generating TLSA records for matching type 1, 2. [Ash Wilson]
        
          Closes #3
        
        
        v0.1 (2020-08-04)
        -----------------
        
        New
        ~~~
        - Add certificate_association_to_der() and der_to_pem() for formatting
          certs from TLSA RRs. [Ash Wilson]
        
        
        
Keywords: dane tlsa dns certificate discovery
Platform: UNKNOWN
Classifier: Development Status :: 4 - Beta
Classifier: Intended Audience :: Developers
Classifier: Operating System :: MacOS :: MacOS X
Classifier: Operating System :: POSIX :: Linux
Classifier: Programming Language :: Python :: 3.7
Classifier: Topic :: Security
Classifier: License :: OSI Approved :: BSD License
