// Package checker implements a TLS checker for happyDomain. See README for
// the payload shape and consumer contract.
package checker

import "time"

// ObservationKeyTLSProbes is the observation key this checker writes.
const ObservationKeyTLSProbes = "tls_probes"

// Option ids on CheckerOptions.
const (
	OptionEndpoints      = "endpoints"
	OptionProbeTimeoutMs = "probeTimeoutMs"
)

// Defaults shared between the definition's Default field and the runtime
// fallback when probeTimeoutMs is unset or invalid.
const (
	DefaultProbeTimeoutMs = 10000
	// MaxConcurrentProbes caps parallel probes per collect run to avoid
	// exhausting file descriptors on domains with many endpoints.
	MaxConcurrentProbes = 32
)

// Severity values used in Issue.Severity (lowercase, ascii).
const (
	SeverityCrit = "crit"
	SeverityWarn = "warn"
	SeverityInfo = "info"
)

// TLSData is the full collected payload written under ObservationKeyTLSProbes.
type TLSData struct {
	Probes      map[string]TLSProbe `json:"probes"`
	CollectedAt time.Time           `json:"collected_at"`
}

// TLSProbe captures the outcome of probing a single endpoint. Field names
// mirror what consumers already parse (checker-xmpp's tlsProbeView).
type TLSProbe struct {
	Host          string    `json:"host"`
	Port          uint16    `json:"port"`
	Endpoint      string    `json:"endpoint"`
	Type          string    `json:"type"`
	SNI           string    `json:"sni,omitempty"`
	TLSVersion    string    `json:"tls_version,omitempty"`
	CipherSuite   string    `json:"cipher_suite,omitempty"`
	HostnameMatch *bool     `json:"hostname_match,omitempty"`
	ChainValid    *bool     `json:"chain_valid,omitempty"`
	NotAfter      time.Time `json:"not_after,omitempty"`
	Issuer        string    `json:"issuer,omitempty"`
	Subject       string    `json:"subject,omitempty"`
	DNSNames      []string  `json:"dns_names,omitempty"`
	ElapsedMS     int64     `json:"elapsed_ms,omitempty"`
	Error         string    `json:"error,omitempty"`
	Issues        []Issue   `json:"issues,omitempty"`
}

// Issue is a single TLS finding surfaced to the consumer.
type Issue struct {
	Code     string `json:"code"`
	Severity string `json:"severity"`
	Message  string `json:"message,omitempty"`
	Fix      string `json:"fix,omitempty"`
}