#! /bin/bash
# @(#)(CAcert) $Id: mk-tlsa-recs,v 1.1 2015/12/09 10:37:58 root Exp $
# mk-tlsa-recs - generate TLSA records for domains found in the certs subdirectory

PORT=443	# HTTPS

USAGE=3		# 0: CA constraint
		# 1: Service certificate constraint
		# 2: Trust anchor assertion
		# 3: Domain-issued certificate

SELECTOR=1	# 0: Full certificate
		# 1: SubjectPublicKeyInfo

TYPE=1		# 0: No hash used
		# 1: SHA-256
		# 2: SHA-512

for crt in certs/*.crt
do
	DOMAIN=`basename ${crt} .crt`
	/usr/local/bin/ldns-dane -c ${crt} create \
		${DOMAIN} ${PORT} ${USAGE} ${SELECTOR} ${TYPE}
done