package checker

import (
	"context"

	sdk "git.happydns.org/checker-sdk-go/checker"
)

// hasRecordsRule reports whether the TLSAs service declares any TLSA record
// at all. Without records there is nothing for DANE to validate.
type hasRecordsRule struct{}

func (r *hasRecordsRule) Name() string { return "dane.has_records" }
func (r *hasRecordsRule) Description() string {
	return "Verifies that at least one TLSA record is declared on the service."
}

func (r *hasRecordsRule) Evaluate(ctx context.Context, obs sdk.ObservationGetter, _ sdk.CheckerOptions) []sdk.CheckState {
	rc := loadRuleContext(ctx, obs)
	if rc.err != nil {
		return []sdk.CheckState{observationErrorState(rc.err)}
	}
	if len(rc.data.Targets) == 0 {
		return []sdk.CheckState{{
			Status:  sdk.StatusUnknown,
			Code:    "dane_no_records",
			Message: "No TLSA records declared on this service.",
		}}
	}
	return []sdk.CheckState{{
		Status:  sdk.StatusOK,
		Code:    "dane_has_records_ok",
		Message: "TLSA records are declared for all bound endpoints.",
		Meta:    map[string]any{"endpoints": len(rc.data.Targets)},
	}}
}