From 85d107f7d134dabb93bef118f2ba2cbc17d60c96 Mon Sep 17 00:00:00 2001
From: Fernando Falci <falci@falci.me>
Date: Wed, 24 Jul 2024 16:10:04 +0200
Subject: [PATCH] feat(TLSA): prettify TLSA

---
 lib/index.js      |  3 +++
 lib/index.spec.js | 17 ++++++++++++++++-
 package-lock.json | 26 +++++++++++++-------------
 package.json      |  2 +-
 4 files changed, 33 insertions(+), 15 deletions(-)

diff --git a/lib/index.js b/lib/index.js
index 4aa749d..14b4251 100755
--- a/lib/index.js
+++ b/lib/index.js
@@ -247,6 +247,9 @@ function prettify(msg) {
         case 'DS':
           rr.data.digest = rr.data.digest.toString('hex');
           break;
+        case 'TLSA':
+          rr.data.certificate = rr.data.certificate.toString('hex');
+          break;
         case 'NSEC3':
           rr.data.salt = rr.data.salt.toString('hex');
           rr.data.nextDomain = base32Encode(rr.data.nextDomain, 'RFC4648-HEX').replace('=', '')
diff --git a/lib/index.spec.js b/lib/index.spec.js
index 86dc86b..07a5515 100644
--- a/lib/index.spec.js
+++ b/lib/index.spec.js
@@ -1,4 +1,4 @@
-const {makeQuery, DohResolver, sendDohMsg, MethodNotAllowedError, isMethodAllowed, dnsPacket} = require('.');
+const {makeQuery, DohResolver, sendDohMsg, MethodNotAllowedError, isMethodAllowed, dnsPacket, prettify} = require('.');
 
 test('DNS query message should be created', () => {
   expect(makeQuery('example.com')).toBeTruthy();
@@ -65,6 +65,21 @@ test('DohResolver.query() for example.com TXT contains answers', async () => {
   }
 });
 
+test('prettify can handle TLSA', async () => {
+  // From '_443._tcp.good.dane.huque.com', 'TLSA'
+  const data = Buffer.from('000081800001000100000000045f343433045f74637004676f6f640464616e6505687571756503636f6d0000340001c00c0034000100001c2000230301016e8d1119ab26b6ef204b33a4036f2835cab86b0833f36ee96642e5703b74486c', 'hex')
+  const msg = dnsPacket.decode(data);
+
+  try {
+    let response = prettify(msg);
+    expect(response.answers).toHaveLength(1);
+    expect(response.answers[0].data).toHaveProperty('certificate');
+    expect(typeof response.answers[0].data.certificate).toBe('string')
+  } catch(err) {
+      throw err;
+  }
+});
+
 test('timeout works properly (and cloudflare doesn\'t respond within 1 millisecond)', async () => {
   let msg = makeQuery('example.org');
   try {
diff --git a/package-lock.json b/package-lock.json
index 2d86bae..211d18d 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -12,7 +12,7 @@
         "argparse": "^1.0.10",
         "base32-encode": "^1.1.1",
         "browserify": "^16.5.0",
-        "dns-packet": "^5.2.1",
+        "dns-packet": "^5.6.1",
         "glob-parent": "^5.1.2",
         "ws": "^7.4.6"
       },
@@ -829,9 +829,9 @@
       }
     },
     "node_modules/@leichtgewicht/ip-codec": {
-      "version": "2.0.4",
-      "resolved": "https://registry.npmjs.org/@leichtgewicht/ip-codec/-/ip-codec-2.0.4.tgz",
-      "integrity": "sha512-Hcv+nVC0kZnQ3tD9GVu5xSMR4VVYOteQIr/hwFPVEvPdlXqgGEuRjiheChHgdM+JyqdgNcmzZOX/tnl0JOiI7A=="
+      "version": "2.0.5",
+      "resolved": "https://registry.npmjs.org/@leichtgewicht/ip-codec/-/ip-codec-2.0.5.tgz",
+      "integrity": "sha512-Vo+PSpZG2/fmgmiNzYK9qWRh8h/CHrwD0mo1h1DzL4yzHNSfWYujGTYsWGreD000gcgmZ7K4Ys6Tx9TxtsKdDw=="
     },
     "node_modules/@sinonjs/commons": {
       "version": "1.8.2",
@@ -2439,9 +2439,9 @@
       }
     },
     "node_modules/dns-packet": {
-      "version": "5.4.0",
-      "resolved": "https://registry.npmjs.org/dns-packet/-/dns-packet-5.4.0.tgz",
-      "integrity": "sha512-EgqGeaBB8hLiHLZtp/IbaDQTL8pZ0+IvwzSHA6d7VyMDM+B9hgddEMa9xjK5oYnw0ci0JQ6g2XCD7/f6cafU6g==",
+      "version": "5.6.1",
+      "resolved": "https://registry.npmjs.org/dns-packet/-/dns-packet-5.6.1.tgz",
+      "integrity": "sha512-l4gcSouhcgIKRvyy99RNVOgxXiicE+2jZoNmaNmZ6JXiGajBOJAesk1OBlJuM5k2c+eudGdLxDqXuPCKIj6kpw==",
       "dependencies": {
         "@leichtgewicht/ip-codec": "^2.0.1"
       },
@@ -8592,9 +8592,9 @@
       }
     },
     "@leichtgewicht/ip-codec": {
-      "version": "2.0.4",
-      "resolved": "https://registry.npmjs.org/@leichtgewicht/ip-codec/-/ip-codec-2.0.4.tgz",
-      "integrity": "sha512-Hcv+nVC0kZnQ3tD9GVu5xSMR4VVYOteQIr/hwFPVEvPdlXqgGEuRjiheChHgdM+JyqdgNcmzZOX/tnl0JOiI7A=="
+      "version": "2.0.5",
+      "resolved": "https://registry.npmjs.org/@leichtgewicht/ip-codec/-/ip-codec-2.0.5.tgz",
+      "integrity": "sha512-Vo+PSpZG2/fmgmiNzYK9qWRh8h/CHrwD0mo1h1DzL4yzHNSfWYujGTYsWGreD000gcgmZ7K4Ys6Tx9TxtsKdDw=="
     },
     "@sinonjs/commons": {
       "version": "1.8.2",
@@ -9946,9 +9946,9 @@
       }
     },
     "dns-packet": {
-      "version": "5.4.0",
-      "resolved": "https://registry.npmjs.org/dns-packet/-/dns-packet-5.4.0.tgz",
-      "integrity": "sha512-EgqGeaBB8hLiHLZtp/IbaDQTL8pZ0+IvwzSHA6d7VyMDM+B9hgddEMa9xjK5oYnw0ci0JQ6g2XCD7/f6cafU6g==",
+      "version": "5.6.1",
+      "resolved": "https://registry.npmjs.org/dns-packet/-/dns-packet-5.6.1.tgz",
+      "integrity": "sha512-l4gcSouhcgIKRvyy99RNVOgxXiicE+2jZoNmaNmZ6JXiGajBOJAesk1OBlJuM5k2c+eudGdLxDqXuPCKIj6kpw==",
       "requires": {
         "@leichtgewicht/ip-codec": "^2.0.1"
       }
diff --git a/package.json b/package.json
index 4dee616..5ebcc8d 100644
--- a/package.json
+++ b/package.json
@@ -7,7 +7,7 @@
     "argparse": "^1.0.10",
     "base32-encode": "^1.1.1",
     "browserify": "^16.5.0",
-    "dns-packet": "^5.2.1",
+    "dns-packet": "^5.6.1",
     "glob-parent": "^5.1.2",
     "ws": "^7.4.6"
   },