20 local type = type; |
20 local type = type; |
21 local t_insert = table.insert; |
21 local t_insert = table.insert; |
22 local set = require"util.set"; |
22 local set = require"util.set"; |
23 local dns_lookup = require"net.adns".lookup; |
23 local dns_lookup = require"net.adns".lookup; |
24 local hashes = require"util.hashes"; |
24 local hashes = require"util.hashes"; |
25 local base64 = require"util.encodings".base64; |
|
26 local idna_to_ascii = require "util.encodings".idna.to_ascii; |
25 local idna_to_ascii = require "util.encodings".idna.to_ascii; |
27 local idna_to_unicode = require"util.encodings".idna.to_unicode; |
26 local idna_to_unicode = require"util.encodings".idna.to_unicode; |
28 local nameprep = require"util.encodings".stringprep.nameprep; |
27 local nameprep = require"util.encodings".stringprep.nameprep; |
29 local cert_verify_identity = require "util.x509".verify_identity; |
28 local cert_verify_identity = require "util.x509".verify_identity; |
|
29 local pem2der = require"util.x509".pem2der; |
30 |
30 |
31 if not dns_lookup.types or not dns_lookup.types.TLSA then |
31 if not dns_lookup.types or not dns_lookup.types.TLSA then |
32 module:log("error", "No TLSA support available, DANE will not be supported"); |
32 module:log("error", "No TLSA support available, DANE will not be supported"); |
33 return |
33 return |
34 end |
34 end |
35 |
35 |
36 local pat = "%-%-%-%-%-BEGIN ([A-Z ]+)%-%-%-%-%-\r?\n".. |
|
37 "([0-9A-Za-z=+/\r\n]*)\r?\n%-%-%-%-%-END %1%-%-%-%-%-"; |
|
38 local function pem2der(pem) |
|
39 local typ, data = pem:match(pat); |
|
40 if typ and data then |
|
41 return base64.decode(data), typ; |
|
42 end |
|
43 end |
|
44 local use_map = { ["DANE-EE"] = 3; ["DANE-TA"] = 2; ["PKIX-EE"] = 1; ["PKIX-CA"] = 0 } |
36 local use_map = { ["DANE-EE"] = 3; ["DANE-TA"] = 2; ["PKIX-EE"] = 1; ["PKIX-CA"] = 0 } |
45 |
37 |
46 local implemented_uses = set.new { "DANE-EE", "PKIX-EE" }; |
38 local implemented_uses = set.new { "DANE-EE", "PKIX-EE" }; |
47 local configured_uses = module:get_option_set("dane_uses", { "DANE-EE" }); |
39 local configured_uses = module:get_option_set("dane_uses", { "DANE-EE" }); |
48 local enabled_uses = set.intersection(implemented_uses, configured_uses) / function(use) return use_map[use] end; |
40 local enabled_uses = set.intersection(implemented_uses, configured_uses) / function(use) return use_map[use] end; |