package checker

import (
	sdk "git.happydns.org/checker-sdk-go/checker"
	tlsct "git.happydns.org/checker-tls/contract"
)

func Provider() sdk.ObservationProvider {
	return &sipProvider{}
}

type sipProvider struct{}

func (p *sipProvider) Key() sdk.ObservationKey {
	return ObservationKeySIP
}

// Definition implements sdk.CheckerDefinitionProvider.
func (p *sipProvider) Definition() *sdk.CheckerDefinition {
	return Definition()
}

// DiscoverEntries implements sdk.DiscoveryPublisher.
//
// It publishes every _sips._tcp SRV target as a tls.endpoint.v1 entry so
// the downstream TLS checker can verify certificate chain, SAN and
// expiry without re-doing the SRV lookup. SNI is set to the SRV target —
// SIPS certificates are expected to cover the server hostname (unlike
// XMPP where it's the bare JID domain).
//
// _sip._udp and _sip._tcp are plaintext with no historical STARTTLS
// convention, so nothing is emitted for them.
func (p *sipProvider) DiscoverEntries(data any) ([]sdk.DiscoveryEntry, error) {
	d, ok := data.(*SIPData)
	if !ok || d == nil {
		return nil, nil
	}
	var out []sdk.DiscoveryEntry
	for _, r := range d.SRV.SIPS {
		e, err := tlsct.NewEntry(tlsct.TLSEndpoint{
			Host: r.Target,
			Port: r.Port,
			SNI:  r.Target,
		})
		if err != nil {
			return nil, err
		}
		out = append(out, e)
	}
	return out, nil
}