#!/bin/bash

source /opt/aninix/Uniglot/Bash/dns.bash

domain="$1"

function checkTLSA() {
    ### Usage: $0 "${domain}" tlsa _443._tcp
    identity="$1"
    git diff --no-index <(GenerateTLSA "${identity}" | sed 's/\s\+//g' | tr '[[:upper:]]' '[[:lower:]]' | sort) <(dig _443._tcp."${domain}" TLSA +short | sed 's/\s\+//g' | tr '[[:upper:]]' '[[:lower:]]' | sort)

}

function checkSSHFP() {
    git diff --no-index <(GenerateSSHFP | sed 's/\s\+//g' | tr '[[:upper:]]' '[[:lower:]]' | sort) <(dig "${domain}" SSHFP +short | sed 's/\s\+//g' | tr '[[:upper:]]' '[[:lower:]]' | sort)
}

function checkCAA() {
    ### Usage: $0 "${domain}" caa
    caa="$(dig "${domain}" CAA +short)"
    if [ "$caa" != '128 issue "letsencrypt.org"' ]; then
        exit 1
    else
        exit 0
    fi
}

case "$2" in
  "tlsa") checkTLSA "$3" ;;
  "sshfp") checkSSHFP ;;
  "caa") checkCAA ;;
esac