package checker

import (
	"context"
	"fmt"

	sdk "git.happydns.org/checker-sdk-go/checker"
)

type dnskeyTTLMinRule struct{}

func (dnskeyTTLMinRule) Name() string { return "dnssec_dnskey_ttl_min" }
func (dnskeyTTLMinRule) Description() string {
	return "Warns when the DNSKEY TTL is too short to be useful for caching."
}

func (dnskeyTTLMinRule) Evaluate(ctx context.Context, obs sdk.ObservationGetter, opts sdk.CheckerOptions) []sdk.CheckState {
	data, errState := loadDNSSEC(ctx, obs)
	if errState != nil {
		return errState
	}
	if !hasAnyDNSKEY(data) {
		return skipped("zone not signed")
	}
	minTTL := optionUint(opts, "dnskeyTTLMin", defaultDNSKEYTTLMinSec)

	for _, name := range sortedServers(data) {
		v := data.Servers[name]
		if v.DNSKEYTTL == 0 {
			continue
		}
		if uint(v.DNSKEYTTL) < minTTL {
			return []sdk.CheckState{withMeta(sdk.CheckState{
				Status:  sdk.StatusWarn,
				Subject: name,
				Message: fmt.Sprintf("DNSKEY TTL on %s = %ds (recommended ≥ %ds)", name, v.DNSKEYTTL, minTTL),
			}, "Increase the DNSKEY TTL so resolvers cache the keys; short TTLs increase load and break key-rollover prepublish strategies.", "dnssec.dnskey_ttl_low")}
		}
	}
	return okState(data.Domain, "DNSKEY TTL is at or above the recommended minimum")
}