Skip to content

Instantly share code, notes, and snippets.

@pinheadmz

pinheadmz/tlsa.js

Created Jun 8, 2020
Embed
What would you like to do?
'use strict';
const fs = require('fs');
const os = require('os');
const Path = require('path');
const hdns = require('hdns');
const {encoding} = require('hdns/node_modules/bcrypto');
const {pem} = encoding;
const host = process.argv[2];
hdns.setServers(
['anfic6amfi2mpzjy4puf2bfogpvzfpmnu7tvn6eyq66pgtawoz53q@64.227.15.172']
);
(async () => {
// Get TLSA record
const tlsa = await hdns.resolveTLSA(host, 'tcp', 443);
console.log('Found TLSA records:\n', tlsa);
// Get certificate from host
const socket = require('tls').connect(
{port: 443, host: host, rejectUnauthorized: false},
() => {
const cert = socket.getPeerCertificate(false);
console.log('Got peer certificate:\n', cert);
// Verify TLSA record against certificate
const valid = hdns.verifyTLSA(tlsa[0], cert.raw);
console.log('TLSA/cert verification:', valid);
if (valid) {
const crt = pem.toPEM(cert.raw, 'CERTIFICATE');
console.log('Certificate is valid. Add to system:\n');
console.log(crt);
// Save certificate to disk in PEM format
fs.writeFileSync(
Path.join(os.homedir(), 'Desktop', host + '.crt'),
crt
);
}
process.exit();
}
);
})();
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment