Initial commit
This commit is contained in:
commit
2c2fb07129
18 changed files with 2504 additions and 0 deletions
77
checker/provider.go
Normal file
77
checker/provider.go
Normal file
|
|
@ -0,0 +1,77 @@
|
|||
package checker
|
||||
|
||||
import (
|
||||
"strconv"
|
||||
|
||||
sdk "git.happydns.org/checker-sdk-go/checker"
|
||||
)
|
||||
|
||||
func Provider() sdk.ObservationProvider {
|
||||
return &xmppProvider{}
|
||||
}
|
||||
|
||||
type xmppProvider struct{}
|
||||
|
||||
func (p *xmppProvider) Key() sdk.ObservationKey {
|
||||
return ObservationKeyXMPP
|
||||
}
|
||||
|
||||
// Definition implements sdk.CheckerDefinitionProvider.
|
||||
func (p *xmppProvider) Definition() *sdk.CheckerDefinition {
|
||||
return Definition()
|
||||
}
|
||||
|
||||
// DiscoverEndpoints implements sdk.EndpointDiscoverer.
|
||||
//
|
||||
// It publishes the (host, port) pairs of every SRV target we found, so a
|
||||
// downstream TLS checker can verify the certificate chain / SAN / expiry on
|
||||
// each one without re-doing the SRV lookup. The XMPP checker itself does not
|
||||
// perform certificate verification — that posture lives in the TLS checker.
|
||||
//
|
||||
// SNI is set to the bare JID domain rather than the SRV target, because XMPP
|
||||
// certificates must be valid for the source domain (RFC 6120 §13.7.2.1),
|
||||
// which is typically different from the SRV target hostname.
|
||||
func (p *xmppProvider) DiscoverEndpoints(data any) ([]sdk.DiscoveredEndpoint, error) {
|
||||
d, ok := data.(*XMPPData)
|
||||
if !ok || d == nil {
|
||||
return nil, nil
|
||||
}
|
||||
|
||||
// Carry over the STARTTLS-required posture observed during probing.
|
||||
starttlsRequired := map[string]bool{}
|
||||
for _, ep := range d.Endpoints {
|
||||
if ep.STARTTLSRequired {
|
||||
starttlsRequired[endpointKey(ep.Target, ep.Port)] = true
|
||||
}
|
||||
}
|
||||
|
||||
var out []sdk.DiscoveredEndpoint
|
||||
emit := func(epType string, recs []SRVRecord, directTLS bool) {
|
||||
for _, r := range recs {
|
||||
ep := sdk.DiscoveredEndpoint{
|
||||
Type: epType,
|
||||
Host: r.Target,
|
||||
Port: r.Port,
|
||||
SNI: d.Domain,
|
||||
}
|
||||
if !directTLS {
|
||||
mode := "opportunistic"
|
||||
if starttlsRequired[endpointKey(r.Target, r.Port)] {
|
||||
mode = "required"
|
||||
}
|
||||
ep.Meta = map[string]any{"starttls": mode}
|
||||
}
|
||||
out = append(out, ep)
|
||||
}
|
||||
}
|
||||
emit("starttls-xmpp-client", d.SRV.Client, false)
|
||||
emit("starttls-xmpp-server", d.SRV.Server, false)
|
||||
emit("tls", d.SRV.ClientSecure, true)
|
||||
emit("tls", d.SRV.ServerSecure, true)
|
||||
|
||||
return out, nil
|
||||
}
|
||||
|
||||
func endpointKey(host string, port uint16) string {
|
||||
return host + ":" + strconv.Itoa(int(port))
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue