# HG changeset patch
# User pesch
# Date 1464266107 -7200
# Node ID 2041bac74e8d470ccbfa0f08943a01d2d4c6f488
# Parent  ebb775c5902161c76444c2630802b6a887eb93e6
with tempfile that removes on exit of script, but not when script dies or is killed - have to fix it

diff -r ebb775c59021 -r 2041bac74e8d bin/check_tlsa-record
--- a/bin/check_tlsa-record	Thu May 26 12:27:22 2016 +0200
+++ b/bin/check_tlsa-record	Thu May 26 14:35:07 2016 +0200
@@ -133,6 +133,7 @@
 
   my $return = Nagios::Check::DNS::check_tlsa_record::main(($domain, $port, $protocol));
   say $return;
+  exit 0;
 }
 
 sub get_domains {
diff -r ebb775c59021 -r 2041bac74e8d lib/Nagios/Check/DNS/check_tlsa_record.pm
--- a/lib/Nagios/Check/DNS/check_tlsa_record.pm	Thu May 26 12:27:22 2016 +0200
+++ b/lib/Nagios/Check/DNS/check_tlsa_record.pm	Thu May 26 14:35:07 2016 +0200
@@ -3,10 +3,18 @@
 use feature qw(say switch);
 #use if $^V >= v5.0.20 => (experimental => gw(smartmatch));
 use experimental qw(smartmatch);
+use File::Temp;
 package Nagios::Check::DNS::check_tlsa_record;
 
 $Nagios::Check::DNS::check_tlsa_record::VERSION = '0.1';
 
+#@TODO use only fh of tempfile instead of filename
+my $tempfile = File::Temp->new(
+    TEMPLATE => '._tlsaXXXX',
+    DIR      => '/tmp/',
+    SUFFIX   => '.tmp'
+);
+
 sub main 
 {
   my $domain   = shift;
@@ -31,18 +39,20 @@
 {
   my $domain = shift;
   my $port   = shift;
-  my $same   = '< /dev/null 2>/dev/null | openssl x509';
   my $query;
   my $cert;
 
-  if ("$port" eq '25') {
-    $query = "openssl s_client -starttls smtp -connect $domain:$port $same";
+  if ($port == 25) {
+    $query = "openssl s_client -starttls smtp -connect $domain:$port";
       
   }   
   else {
-    $query = "openssl s_client -connect $domain:$port $same";
+    $query = "openssl s_client -connect $domain:$port";
       
   }
+  my $same   = "< /dev/null 2>/dev/null | openssl x509 -out $tempfile";
+  $query = "$query $same";
+
   $cert = qx($query);
   return $cert;
 }
@@ -51,14 +61,15 @@
 {
   my $cert = shift;
   my $hashit = shift || 'sha256';
-  my $gentlsa = 'openssl x509  -pubkey | '
+  my $gentlsa = "openssl x509  -in $tempfile -pubkey | "
     . 'openssl rsa -pubin -inform PEM -outform DER 2>/dev/null| '
     . "openssl $hashit";
 
-  my $cert_tlsa = "echo \"$cert\" | $gentlsa";
+    #my $cert_tlsa = "echo \"$cert\" | $gentlsa";
 
 
-  my $tlsa_record = qx($cert_tlsa) or die "nothing found!\n"; 
+  #my $tlsa_record = qx($cert_tlsa) or die "nothing found!\n"; 
+  my $tlsa_record = qx($gentlsa) or die "nothing found!\n"; 
   $tlsa_record =~ s/^.*= (.*$)/$1/gi;
   $tlsa_record = uc($tlsa_record);
 
@@ -124,7 +135,6 @@
 {
   my $domain = shift;
   my $port   = shift;
-  #my $dig_return = shift;
   my $cert = get_cert($domain, $port);
   my $dig_return = dig_tlsa($domain, $port);
   my $dig_tlsa = get_dig_tlsa_record($dig_return);
@@ -132,9 +142,9 @@
 
   if ("$dig_tlsa" ne "$cert_tlsa")
   {
-    return "crtical: TLSA Record for $domain is not valid";
+    return "crtical: TLSA Record for $domain:$port is not valid";
   }
-   return "OK: TLSA Record for $domain is valid";
+   return "OK: TLSA Record for $domain:$port is valid";
 }
 
 
diff -r ebb775c59021 -r 2041bac74e8d t/check_tlsa_record.t
--- a/t/check_tlsa_record.t	Thu May 26 12:27:22 2016 +0200
+++ b/t/check_tlsa_record.t	Thu May 26 14:35:07 2016 +0200
@@ -8,6 +8,7 @@
 
 require_ok('Nagios::Check::DNS::check_tlsa_record');
 
+#@TODO write tests
 #my $return = Nagios::Check::DNS::check_tlsa_record::main(($domain, $port));
 #say $return;