X-Git-Url: https://git.siccegge.de//index.cgi?p=tools.git;a=blobdiff_plain;f=make-tlsa;h=9625f8d566f4679ef920536f6e93e091f062f181;hp=f050fa41b87b3160406493cc40ba21301c9c4418;hb=HEAD;hpb=7083277560a833ce4dab801c9ce608ce5df27fe0 diff --git a/make-tlsa b/make-tlsa index f050fa4..9625f8d 100755 --- a/make-tlsa +++ b/make-tlsa @@ -1,6 +1,5 @@ #!/usr/bin/python3 -from pyasn1_modules import pem, rfc2459 from pyasn1_modules import pem, rfc2459 from pyasn1.codec.der import decoder from pyasn1.type import univ @@ -9,18 +8,33 @@ import os import subprocess def main(): + records = dict() for root, _, files in os.walk(sys.argv[1]): for filename in files: if filename == 'cert.pem': certname = os.path.join(root, filename) -# print(certname) altnames = parse_cert(certname) for altname in altnames: - subprocess.Popen(["ldns-dane", "create", "-c", certname, - altname, "443", "3", "1", "1"]) - + nameparts = altname.split('.') + zone = '.'.join(nameparts[-2:]) + domain = '.'.join(nameparts[:-2]) + if domain == "": + continue + + ldns = subprocess.Popen(["ldns-dane", "create", "-c", certname, + altname, "443", "3", "1", "1"], + stdout=subprocess.PIPE) + data = ldns.stdout.read().decode().strip().split('\t') + record = "{0:<35s}\t{1}".format(data[0], '\t'.join(data[2:])) + if not zone in records: + records[zone] = [] + records[zone].append(record) + + for zone, data in records.items(): + with open(os.path.join("output", zone), "w") as zonefile: + zonefile.write('\n'.join(data)) + - def parse_cert(fname): names = [] with open(fname) as fhd: @@ -40,7 +54,7 @@ def parse_cert(fname): names.append(str(result)) return names - + if __name__ == '__main__': main()