#! /usr/bin/perl
use strict;
use warnings;
use 5.010;
use autodie;

use Digest::SHA;
use MIME::Base64;


use constant WAIT_BEGIN => 1;
use constant WAIT_END =>2;

sub usage {
    say STDERR "$0 DNS-LABEL CERT-FILE";
    exit(1);
}

usage() if (scalar(@ARGV) != 2);

my $state = WAIT_BEGIN;
my $pem = '';

open(my $fh, '<', $ARGV[1]);
while(my $line = <$fh>) {
    if ($state == WAIT_BEGIN) {
	if ($line=~/^-----BEGIN CERTIFICATE-----/) {
	    $state = WAIT_END;
	}
    } elsif ($state == WAIT_END) {
	if ($line=~/^-----END CERTIFICATE-----/) {
	    last;
	} else {
	    $pem.=$line;
	}
    }
}
close($fh);
say $ARGV[0], ' IN TLSA 1 0 1 ', Digest::SHA::sha256_hex(decode_base64($pem));

#say $pem;