2017-04-23 09:22:00 +02:00
|
|
|
#! /usr/bin/perl
|
2017-04-23 09:57:16 +02:00
|
|
|
# Copyright (c) 2017 Florian Obser <florian@narrans.de>
|
|
|
|
#
|
|
|
|
# Permission to use, copy, modify, and distribute this software for any
|
|
|
|
# purpose with or without fee is hereby granted, provided that the above
|
|
|
|
# copyright notice and this permission notice appear in all copies.
|
|
|
|
#
|
|
|
|
# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
|
|
|
|
# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
|
|
|
|
# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
|
|
|
|
# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
|
|
|
|
# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
|
|
|
|
# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
|
|
|
|
# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
|
|
|
|
2017-04-23 09:22:00 +02:00
|
|
|
use strict;
|
|
|
|
use warnings;
|
|
|
|
use 5.010;
|
|
|
|
use autodie;
|
|
|
|
|
|
|
|
use Digest::SHA;
|
|
|
|
use MIME::Base64;
|
2017-04-23 09:28:03 +02:00
|
|
|
use Net::DNS;
|
2017-04-23 09:22:00 +02:00
|
|
|
|
|
|
|
use constant WAIT_BEGIN => 1;
|
|
|
|
use constant WAIT_END =>2;
|
|
|
|
|
|
|
|
sub usage {
|
|
|
|
say STDERR "$0 DNS-LABEL CERT-FILE";
|
|
|
|
exit(1);
|
|
|
|
}
|
|
|
|
|
|
|
|
usage() if (scalar(@ARGV) != 2);
|
|
|
|
|
2017-04-23 09:28:03 +02:00
|
|
|
my $tlsa = gen_tlsa(@ARGV);
|
|
|
|
|
|
|
|
say $tlsa->string();
|
2017-04-23 09:25:17 +02:00
|
|
|
|
|
|
|
sub gen_tlsa {
|
|
|
|
my ($label, $cert_file) = @_;
|
|
|
|
my $state = WAIT_BEGIN;
|
|
|
|
my $pem = '';
|
2017-04-23 09:28:03 +02:00
|
|
|
my ($fh, $line, $rr);
|
2017-04-23 09:25:17 +02:00
|
|
|
|
|
|
|
open($fh, '<', $cert_file);
|
|
|
|
while($line = <$fh>) {
|
|
|
|
if ($state == WAIT_BEGIN) {
|
|
|
|
if ($line=~/^-----BEGIN CERTIFICATE-----/) {
|
|
|
|
$state = WAIT_END;
|
|
|
|
}
|
|
|
|
} elsif ($state == WAIT_END) {
|
|
|
|
if ($line=~/^-----END CERTIFICATE-----/) {
|
|
|
|
last;
|
|
|
|
} else {
|
|
|
|
$pem.=$line;
|
|
|
|
}
|
2017-04-23 09:22:00 +02:00
|
|
|
}
|
|
|
|
}
|
2017-04-23 09:25:17 +02:00
|
|
|
close($fh);
|
2017-04-23 09:28:03 +02:00
|
|
|
$rr = new Net::DNS::RR($label.' IN TLSA 1 0 1 '.
|
|
|
|
Digest::SHA::sha256_hex(decode_base64($pem)));
|
|
|
|
return $rr;
|
2017-04-23 09:22:00 +02:00
|
|
|
}
|