docs/source/getting_started.rst
Getting Started
===============
.. toctree::
Create a TLSA record
--------------------
Generate a TLSA record for a certificate.
.. code-block:: python
from dane_discovery.dane import DANE
with open("path/to/your/cert.pem", "rb") as file:
certificate = file.read()
print(DANE.generate_tlsa_record(3, 0, 0, certificate))
TLSA to PEM
-----------
Load a certificate from DNS and print the PEM representation
.. code-block:: python
from dane_discovery.dane import DANE
from dane_discovery.pki import PKI
dns_name = "dns.name.where.a.cert.tlsa.can.be.found"
tlsa_record = DANE.get_first_leaf_certificate(dns_name)
if not tlsa_record:
raise ValueError("No leaf certificate found for {}.".format(dns_name))
der_cert = PKI.certificate_association_to_der(tlsa_record["certificate_association"])
print(PKI.der_to_pem(der_cert))
TLSA to x.509
-------------
Generate an x.509 object from a certificate in a TLSA record
.. code-block:: python
from dane_discovery.dane import DANE
from dane_discovery.pki import PKI
dns_name = "dns.name.of.tlsa_record"
tlsa_records = DANE.get_tlsa_records(dns_name)
tlsa_record = tlsa_records[0]
if tlsa_record["matching_type"] != 0:
print("This is not configured as a certificate-bearing TLSA record.")
certificate_association = tlsa_record["certificate_association"]
x509_obj = PKI.build_x509_object(certificate_association)
print(x509_obj.subject)
Further Exploration
-------------------
From the Certificate object we retrieved in the prior example, we can extract
the public key, and read the various attributes of the certificate. For more
information, continue reading in the
`Python cryptography library <https://cryptography.io/en/latest/x509/reference/#x-509-certificate-object>`_