package checker

import (
	"time"

	sdk "git.happydns.org/checker-sdk-go/checker"
)

var Version = "built-in"

func Definition() *sdk.CheckerDefinition {
	def := &sdk.CheckerDefinition{
		ID:      "dnssec",
		Name:    "DNSSEC operational hygiene",
		Version: Version,
		Availability: sdk.CheckerAvailability{
			ApplyToDomain: true,
		},
		ObservationKeys: []sdk.ObservationKey{ObservationKeyDNSSEC},
		Options: sdk.CheckerOptionsDocumentation{
			AdminOpts: []sdk.CheckerOptionDocumentation{
				{
					Id:          "resolver",
					Type:        "string",
					Label:       "Bootstrap resolver (host:port)",
					Description: "Recursive resolver used to discover the apex name servers and to look up the parent DS. Defaults to /etc/resolv.conf.",
				},
			},
			DomainOpts: []sdk.CheckerOptionDocumentation{
				{
					Id:       "domain_name",
					Label:    "Zone apex",
					AutoFill: sdk.AutoFillDomainName,
				},
			},
		},
		Rules: []sdk.CheckRule{
			zoneSignedRule{},
			dnskeyConsistentRule{},
			dnskeyQueryOKRule{},

			algorithmAllowedRule{},
			algorithmModernRule{},
			rsaKeySizeRule{},
			kskPresentRule{},
			dnskeyCountRule{},

			rrsigPresentDNSKEYRule{},
			rrsigPresentSOARule{},
			rrsigValidityWindowRule{},
			rrsigFreshnessRule{},

			denialUsesNSEC3Rule{},
			nsec3IterationsRule{},
			nsec3SaltEmptyRule{},
			nsec3OptOutRule{},
			denialConsistentRule{},

			dnskeyTTLMinRule{},
		},
		HasHTMLReport: true,
		Interval: &sdk.CheckIntervalSpec{
			Min:     5 * time.Minute,
			Max:     24 * time.Hour,
			Default: 1 * time.Hour,
		},
	}
	def.BuildRulesInfo()
	return def
}