package checker

import (
	"fmt"

	sdk "git.happydns.org/checker-sdk-go/checker"
)

// DiscoverEndpoints implements sdk.EndpointDiscoverer. It publishes every
// TLS/DTLS endpoint seen during collection so a downstream TLS checker can
// verify certificates without re-parsing the observation.
//
// stuns:/turns: speak TLS immediately after the TCP handshake (no STARTTLS),
// so we emit Type="tls". DTLS endpoints are published as Type="dtls" — an
// open-string convention, consumed by DTLS-aware probes.
func (p *stunTurnProvider) DiscoverEndpoints(data any) ([]sdk.DiscoveredEndpoint, error) {
	d, ok := data.(*StunTurnData)
	if !ok {
		return nil, fmt.Errorf("unexpected data type %T", data)
	}
	seen := make(map[string]struct{})
	var out []sdk.DiscoveredEndpoint
	for _, ep := range d.Endpoints {
		if !ep.Endpoint.Secure {
			continue
		}
		epType := "tls"
		if ep.Endpoint.Transport == TransportDTLS {
			epType = "dtls"
		}
		key := fmt.Sprintf("%s|%s|%d", epType, ep.Endpoint.Host, ep.Endpoint.Port)
		if _, dup := seen[key]; dup {
			continue
		}
		seen[key] = struct{}{}
		out = append(out, sdk.DiscoveredEndpoint{
			Type: epType,
			Host: ep.Endpoint.Host,
			Port: ep.Endpoint.Port,
			Meta: map[string]any{
				"source": "stun-turn",
				"uri":    ep.Endpoint.URI,
			},
		})
	}
	return out, nil
}