Initial commit

checker/provider.go

@@ -0,0 +1,51 @@
+package checker
+
+import (
+	sdk "git.happydns.org/checker-sdk-go/checker"
+	tlsct "git.happydns.org/checker-tls/contract"
+)
+
+func Provider() sdk.ObservationProvider {
+	return &sipProvider{}
+}
+
+type sipProvider struct{}
+
+func (p *sipProvider) Key() sdk.ObservationKey {
+	return ObservationKeySIP
+}
+
+// Definition implements sdk.CheckerDefinitionProvider.
+func (p *sipProvider) Definition() *sdk.CheckerDefinition {
+	return Definition()
+}
+
+// DiscoverEntries implements sdk.DiscoveryPublisher.
+//
+// It publishes every _sips._tcp SRV target as a tls.endpoint.v1 entry so
+// the downstream TLS checker can verify certificate chain, SAN and
+// expiry without re-doing the SRV lookup. SNI is set to the SRV target —
+// SIPS certificates are expected to cover the server hostname (unlike
+// XMPP where it's the bare JID domain).
+//
+// _sip._udp and _sip._tcp are plaintext with no historical STARTTLS
+// convention, so nothing is emitted for them.
+func (p *sipProvider) DiscoverEntries(data any) ([]sdk.DiscoveryEntry, error) {
+	d, ok := data.(*SIPData)
+	if !ok || d == nil {
+		return nil, nil
+	}
+	var out []sdk.DiscoveryEntry
+	for _, r := range d.SRV.SIPS {
+		e, err := tlsct.NewEntry(tlsct.TLSEndpoint{
+			Host: r.Target,
+			Port: r.Port,
+			SNI:  r.Target,
+		})
+		if err != nil {
+			return nil, err
+		}
+		out = append(out, e)
+	}
+	return out, nil
+}