UNPKG

@nictool/dns-resource-record

Version:

DNS Resource Records

github.com/NicTool/dns-resource-record

NicTool/dns-resource-record

130 lines (104 loc) 3.41 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
import RR from '../rr.js' import * as TINYDNS from '../lib/tinydns.js' export default class TLSA extends RR { constructor(opts) { super(opts) } /****** Resource record specific setters *******/ setCertificateUsage(val) { if (!this.getCertificateUsageOptions().has(val)) this.throwHelp(`TLSA: certificate usage invalid`) this.set('certificate usage', val) } getCertificateUsageOptions() { return new Map([ [0, 'CA certificate'], [1, 'an end entity certificate'], [2, 'the trust anchor'], [3, 'domain-issued certificate'], ]) } setSelector(val) { if (!this.getSelectorOptions().has(val)) this.throwHelp(`TLSA: selector invalid`) this.set('selector', val) } getSelectorOptions() { return new Map([ [0, 'Full certificate'], [1, 'SubjectPublicKeyInfo'], ]) } setMatchingType(val) { if (!this.getMatchingTypeOptions().has(val)) this.throwHelp(`TLSA: matching type`) this.set('matching type', val) } getMatchingTypeOptions() { return new Map([ [0, 'Exact match'], [1, 'SHA-256 hash'], [2, 'SHA-512 hash'], ]) } setCertificateAssociationData(val) { this.set('certificate association data', val) } getDescription() { return 'TLSA certificate association' } getRdataFields(arg) { return ['certificate usage', 'selector', 'matching type', 'certificate association data'] } getRFCs() { return [6698] } getTypeId() { return 52 } getQuotedFields() { return [] } /****** IMPORTERS *******/ fromBind(opts) { // test.example.com 3600 IN TLSA, usage, selector, match, data const regex = /^(?<owner>\S+)\s+(?<ttl>\d{1,10})\s+(?<cls>IN)\s+(?<type>TLSA)\s+(?<usage>\d+)\s+(?<selector>\d+)\s+(?<matchtype>\d+)\s+(?<cad>.+)$/i const match = opts.bindline.trim().match(regex) if (!match) this.throwHelp(`unable to parse TLSA: ${opts.bindline}`) const { owner, ttl, cls, type, usage, selector, matchtype, cad } = match.groups return new TLSA({ owner: this.fullyQualify(owner), ttl: parseInt(ttl, 10), class: cls.toUpperCase(), type: type.toUpperCase(), 'certificate usage': parseInt(usage, 10), selector: parseInt(selector, 10), 'matching type': parseInt(matchtype, 10), 'certificate association data': cad, }) } fromTinydns(opts) { const [fqdn, n, rdata, ttl, ts, loc] = opts.tinyline.substring(1).split(':') if (n != 52) this.throwHelp('TLSA fromTinydns, invalid n') const bytes = Buffer.from(TINYDNS.octalToChar(rdata), 'binary') return new TLSA({ owner: this.fullyQualify(fqdn), ttl: parseInt(ttl, 10), type: 'TLSA', 'certificate usage': bytes.readUInt8(0), selector: bytes.readUInt8(1), 'matching type': bytes.readUInt8(2), 'certificate association data': bytes.slice(3).toString(), timestamp: ts, location: loc !== '' && loc !== '\n' ? loc : '', }) } /****** EXPORTERS *******/ toTinydns() { const dataRe = new RegExp(/[\r\n\t:\\/]/, 'g') return this.getTinydnsGeneric( TINYDNS.UInt8toOctal(this.get('certificate usage')) + TINYDNS.UInt8toOctal(this.get('selector')) + TINYDNS.UInt8toOctal(this.get('matching type')) + TINYDNS.escapeOctal(dataRe, this.get('certificate association data')), ) } }