// tofuproxy -- flexible HTTP/HTTPS proxy, TLS terminator, X.509 TOFU
//              manager, WARC/geminispace browser
// Copyright (C) 2021-2024 Sergey Matveev <stargrave@stargrave.org>
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, version 3 of the License.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with this program.  If not, see <http://www.gnu.org/licenses/>.

package main

import (
	"flag"
	"fmt"
	"log"

	"go.cypherpunks.ru/ucspi"
	ttls "go.stargrave.org/tofuproxy/tls"
)

func main() {
	dnsSrv := flag.String("dns", "[::1]:53", "DNS server")
	crtPath := flag.String("cert", "cert.pem", "Path to X.509 certificate")
	addr := flag.String("addr", "", "Domain name")
	flag.Parse()
	log.SetFlags(log.Lshortfile)
	_, cert, err := ucspi.CertificateFromFile(*crtPath)
	if err != nil {
		log.Fatalln(err)
	}
	ttls.DNSSrv = *dnsSrv
	exists, valid := ttls.DANE(*addr, cert)
	fmt.Println("Exists:", exists)
	fmt.Println("Valid:", valid)
}