UNPKG

tlsa-builder

Version:

Creation of TLSA-Records (RFC 6698)

github.com/proux/tlsa-builder

proux/tlsa-builder

112 lines (105 loc) 3.63 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
var Promise, TlsaBuilder, crypto, https, pem; https = require('https'); crypto = require('crypto'); Promise = require('bluebird'); pem = require('pem'); TlsaBuilder = function(_domain, _port, _usage, _selector, _matchingType, _protocol) { var _kv, _record, builderPromise, createResult, getCertificate; if (_port == null) { _port = 443; } if (_usage == null) { _usage = 3; } if (_selector == null) { _selector = 0; } if (_matchingType == null) { _matchingType = 1; } if (_protocol == null) { _protocol = 'tcp'; } _kv = false; _record = false; createResult = function(dataField) { if (_record) { return '_' + _port + '._' + _protocol + '.' + _domain + '.' + ' IN ' + _usage + ' ' + _selector + ' ' + _matchingType + ' ' + dataField; } else { if (_kv) { return { 'key': '_' + _port + '._' + _protocol + '.' + _domain + '.', 'value': _usage + ' ' + _selector + ' ' + _matchingType + ' ' + dataField }; } else { return _usage + ' ' + _selector + ' ' + _matchingType + ' ' + dataField; } } }; getCertificate = function() { var httpPromise; httpPromise = function(resolve, reject) { var req; req = https.request({ hostname: _domain, port: _port }, function(res) { var cert, dataField, pubKey; dataField = void 0; if (res.connection.getPeerCertificate().raw instanceof Buffer) { cert = res.connection.getPeerCertificate().raw; if (_selector === 0) { if (_matchingType === 1) { dataField = crypto.createHash('sha256').update(cert).digest('hex'); } else if (_matchingType === 2) { dataField = crypto.createHash('sha512').update(cert).digest('hex'); } else { dataField = cert.toString('hex'); } return resolve(dataField); } else { pem.getPublicKey('-----BEGIN CERTIFICATE-----\n' + cert.toString('base64') + '\n-----END CERTIFICATE-----', function(err, result) {}); if (err) { reject(new Error('Could not receive public key from certificate')); } pubKey = new Buffer(result.publicKey.replace('-----BEGIN PUBLIC KEY-----\n', '').replace('\n-----END PUBLIC KEY-----', ''), 'base64'); if (_matchingType === 1) { dataField = crypto.createHash('sha256').update(pubKey).digest('hex'); } else if (_matchingType === 2) { dataField = crypto.createHash('sha512').update(pubKey).digest('hex'); } else { dataField = pubKey.toString('hex'); } return resolve(dataField); } } else { return reject(new Error('Could not receive certificate')); } }); req.end(); return req.on('error', function(e) { return reject(new Error('Could not connect to host')); }); }; return new Promise(httpPromise); }; builderPromise = function(resolve, reject) { if (_domain === null || _domain === void 0) { return reject(new Error('Domain need to be specified')); } else { return getCertificate().then(createResult).then(resolve)["catch"](reject); } }; this.generateKeyValue = function() { _kv = true; return new Promise(builderPromise); }; this.generateValue = function() { return new Promise(builderPromise); }; this.generateRecord = function() { _record = true; return new Promise(builderPromise); }; }; module.exports = TlsaBuilder;