101 lines
2.9 KiB
Go
101 lines
2.9 KiB
Go
package checker
|
|
|
|
import (
|
|
"time"
|
|
|
|
sdk "git.happydns.org/checker-sdk-go/checker"
|
|
)
|
|
|
|
// Version defaults to "built-in"; standalone and plugin builds override
|
|
// it via -ldflags "-X .../checker.Version=...".
|
|
var Version = "built-in"
|
|
|
|
// Option ids.
|
|
const (
|
|
OptionResolver = "resolver"
|
|
OptionCertExpiryWarnDays = "certExpiryWarnDays"
|
|
OptionRequireDNSSEC = "requireDNSSEC"
|
|
OptionRequireEmailProtection = "requireEmailProtection"
|
|
)
|
|
|
|
// Definition is the package-level helper returned to the host by the
|
|
// plugin entrypoint and used by sdk.NewServer via the provider's
|
|
// CheckerDefinitionProvider implementation.
|
|
func Definition() *sdk.CheckerDefinition {
|
|
return &sdk.CheckerDefinition{
|
|
ID: "openpgpkey-smimea",
|
|
Name: "OPENPGPKEY & SMIMEA",
|
|
Version: Version,
|
|
Availability: sdk.CheckerAvailability{
|
|
ApplyToService: true,
|
|
LimitToServices: []string{
|
|
ServiceOpenPGP,
|
|
ServiceSMimeCert,
|
|
},
|
|
},
|
|
ObservationKeys: []sdk.ObservationKey{ObservationKey},
|
|
Options: sdk.CheckerOptionsDocumentation{
|
|
UserOpts: []sdk.CheckerOptionDocumentation{
|
|
{
|
|
Id: OptionResolver,
|
|
Type: "string",
|
|
Label: "DNS resolver",
|
|
Placeholder: "1.1.1.1",
|
|
Description: "Validating resolver to query (comma-separated list accepted). Defaults to the system resolver when empty.",
|
|
},
|
|
{
|
|
Id: OptionCertExpiryWarnDays,
|
|
Type: "number",
|
|
Label: "Expiry warning threshold (days)",
|
|
Description: "Emit a warning when the primary key or S/MIME certificate expires in less than this many days.",
|
|
Default: float64(30),
|
|
},
|
|
{
|
|
Id: OptionRequireDNSSEC,
|
|
Type: "bool",
|
|
Label: "Require DNSSEC",
|
|
Description: "When enabled, a non-DNSSEC-validated lookup is reported as critical (otherwise as warning). RFC 7929 and RFC 8162 mandate DNSSEC.",
|
|
Default: true,
|
|
},
|
|
{
|
|
Id: OptionRequireEmailProtection,
|
|
Type: "bool",
|
|
Label: "Require emailProtection EKU",
|
|
Description: "When enabled, an S/MIME certificate without the emailProtection Extended Key Usage is reported as critical.",
|
|
Default: true,
|
|
},
|
|
},
|
|
DomainOpts: []sdk.CheckerOptionDocumentation{
|
|
{
|
|
Id: "domain_name",
|
|
Label: "Zone origin",
|
|
AutoFill: sdk.AutoFillDomainName,
|
|
},
|
|
{
|
|
Id: "subdomain",
|
|
Label: "Subdomain",
|
|
AutoFill: sdk.AutoFillSubdomain,
|
|
},
|
|
},
|
|
ServiceOpts: []sdk.CheckerOptionDocumentation{
|
|
{
|
|
Id: "service",
|
|
Label: "Service",
|
|
AutoFill: sdk.AutoFillService,
|
|
},
|
|
{
|
|
Id: "service_type",
|
|
Label: "Service type",
|
|
AutoFill: sdk.AutoFillServiceType,
|
|
Hide: true,
|
|
},
|
|
},
|
|
},
|
|
Rules: []sdk.CheckRule{Rule()},
|
|
Interval: &sdk.CheckIntervalSpec{
|
|
Min: 1 * time.Hour,
|
|
Max: 7 * 24 * time.Hour,
|
|
Default: 12 * time.Hour,
|
|
},
|
|
}
|
|
}
|