checker-xmpp/checker/provider.go

package checker

import (
	"strconv"

	sdk "git.happydns.org/checker-sdk-go/checker"
)

func Provider() sdk.ObservationProvider {
	return &xmppProvider{}
}

type xmppProvider struct{}

func (p *xmppProvider) Key() sdk.ObservationKey {
	return ObservationKeyXMPP
}

// Definition implements sdk.CheckerDefinitionProvider.
func (p *xmppProvider) Definition() *sdk.CheckerDefinition {
	return Definition()
}

// DiscoverEndpoints implements sdk.EndpointDiscoverer.
//
// It publishes the (host, port) pairs of every SRV target we found, so a
// downstream TLS checker can verify the certificate chain / SAN / expiry on
// each one without re-doing the SRV lookup. The XMPP checker itself does not
// perform certificate verification — that posture lives in the TLS checker.
//
// SNI is set to the bare JID domain rather than the SRV target, because XMPP
// certificates must be valid for the source domain (RFC 6120 §13.7.2.1),
// which is typically different from the SRV target hostname.
func (p *xmppProvider) DiscoverEndpoints(data any) ([]sdk.DiscoveredEndpoint, error) {
	d, ok := data.(*XMPPData)
	if !ok || d == nil {
		return nil, nil
	}

	// Carry over the STARTTLS-required posture observed during probing.
	starttlsRequired := map[string]bool{}
	for _, ep := range d.Endpoints {
		if ep.STARTTLSRequired {
			starttlsRequired[endpointKey(ep.Target, ep.Port)] = true
		}
	}

	var out []sdk.DiscoveredEndpoint
	emit := func(epType string, recs []SRVRecord, directTLS bool) {
		for _, r := range recs {
			ep := sdk.DiscoveredEndpoint{
				Type: epType,
				Host: r.Target,
				Port: r.Port,
				SNI:  d.Domain,
			}
			if !directTLS {
				mode := "opportunistic"
				if starttlsRequired[endpointKey(r.Target, r.Port)] {
					mode = "required"
				}
				ep.Meta = map[string]any{"starttls": mode}
			}
			out = append(out, ep)
		}
	}
	emit("starttls-xmpp-client", d.SRV.Client, false)
	emit("starttls-xmpp-server", d.SRV.Server, false)
	emit("tls", d.SRV.ClientSecure, true)
	emit("tls", d.SRV.ServerSecure, true)

	return out, nil
}

func endpointKey(host string, port uint16) string {
	return host + ":" + strconv.Itoa(int(port))
}