#! /usr/bin/perl

use strict;
use warnings;
use feature qw(say);
use Nagios::Check::DNS::check_tlsa_record;
use File::Basename;
use Monitoring::Plugin;

my $ME      = basename $0;
my $blurb   = 'This Plugin is intended to check validity of TLSA Records';
my $url     = 'http://www.schlittermann.de';
my $author  = 'Heike Yvonne Pesch';
my $email   = '<pesch@schlittermann.de>';
my $usage   = <<_;
Usage: %s [ -v|--verbose ] -H <host> [-t <timeout>] 
                         [ -f|--hostlist=<hostlist> ] 
                         [ -c|--critical=<critical threshold> ] 
                         [ -w|--warning=<warning threshold> ] 
                         [ -p|--port=<portnumber> ] 
                         [ -q|--queryserver=<DNS-Server-IP> ] 
_

my $extra   = <<_;

NOTICE
If you want to use a hostlist, you have to put entries like this:

host
host:port


EXAMPLES
$ME -H ssl.schlittermann.de 
$ME -H hh.schlittermann.de -p25
$ME -H hh.schlittermann.de:25
$ME -f hostlist.txt

Author: $author $email
For more information visit $url
_


my $nagios_tlsa  = Monitoring::Plugin->new(
  usage   => $usage,
  blurb   => $blurb,
  extra   => $extra,
  url     => $url,
  plugin  => $ME,
  timeout => 120,

);

#@TODO exit 1 &Co in eigenes die || oh_shit
$nagios_tlsa->add_arg(
  spec     => 'host|H=s',
  help     => 'Host/Domain to check',
  required => 0,
);

$nagios_tlsa->add_arg(
  spec     => 'hostlist|f=s',
  help     => 'Host/Domainlist in file to check',
  required => 0,
);

$nagios_tlsa->add_arg(
  spec     => 'expiry|e',
  help     => 'check expiry of Certificate',
  required => 0,
);

$nagios_tlsa->add_arg(
  spec     => 'port|p=i',
  help     => 'Port of Domain to check the TLSA (default: 443)',
  required => 0,
  default  => 443,
);

$nagios_tlsa->add_arg(
  spec     => 'queryserver|q=s',
  required => 0,
  help     =>
  'DNS Server to ask to check the TLSA (default: defined in resolve.conf)',

);

$nagios_tlsa->add_arg(
  spec     => 'protocol|P=s',
  help     => 'Protocol to ask to check the TLSA record of domain (default: tcp)',
  required => 0,
  default  => 'tcp',
);

$nagios_tlsa->add_arg(
  spec     => 'timeout|t=i',
  help     => 'Timeout in seconds for check (default: 120)',
  required => 0,
  default  => 120,
);

$nagios_tlsa->getopts;

my $domain     = $nagios_tlsa->opts->host;
my $port       = $nagios_tlsa->opts->port;
my $protocol   = $nagios_tlsa->opts->protocol;
my $domainlist = $nagios_tlsa->opts->hostlist;
my $expiry     = $nagios_tlsa->opts->expiry;

if (!$domain && !$domainlist) {
    my $script = basename $0;
    say "Please set -H <domain> or -f <domainlist>\n"
    . "For all options try $script --help";

    exit 1;
}

if ($domainlist)
{
  get_domains();
  exit 0;
}

if ($domain) {

  if ($domain =~ /^(?<domain>\S*\.[a-z]{2,4}?):{1}(?<port>[0-9]+$)/gi) {
    $domain = $+{domain};
    $port   = $+{port};
  }

  if (not $port or $port eq '') {
    $port = 443;
  }

  if (not $protocol or $protocol ne 'tcp' or $protocol ne 'udp') {
    $protocol = 'tcp';
  }

  my $return = Nagios::Check::DNS::check_tlsa_record::main(($domain, $port, $protocol));
  say $return;
  exit 0;
}

sub get_domains {
    open(my $filehandle, '<', $domainlist);

    while (<$filehandle>) {
        if (/^(?<domain>\S*\.[a-z]{2,4}?):{0,1}(?<port>[0-9]*$)/ig) {
            $domain = $+{domain};

            if ("$+{port}" =~ /^\s*$/) { $port = '443'; }
            else { $port   = $+{port}; }

            my $return = Nagios::Check::DNS::check_tlsa_record::main(($domain, $port));
            say $return;
        }
        else {
            die "$domainlist has wrong or malformed content\n";
        }

    }
}

# vim: ft=perl ts=2 sw=2
