// Package tlscheck provides TLS certificate inspection.
package tlscheck

import (
	"context"
	"errors"
	"log/slog"
	"time"

	"go.uber.org/fx"

	"sneak.berlin/go/dnswatcher/internal/logger"
)

// ErrNotImplemented indicates the TLS checker is not yet implemented.
var ErrNotImplemented = errors.New(
	"tls checker not yet implemented",
)

// Params contains dependencies for Checker.
type Params struct {
	fx.In

	Logger *logger.Logger
}

// Checker performs TLS certificate inspection.
type Checker struct {
	log *slog.Logger
}

// CertificateInfo holds information about a TLS certificate.
type CertificateInfo struct {
	CommonName              string
	Issuer                  string
	NotAfter                time.Time
	SubjectAlternativeNames []string
}

// New creates a new TLS Checker instance.
func New(
	_ fx.Lifecycle,
	params Params,
) (*Checker, error) {
	return &Checker{
		log: params.Logger.Get(),
	}, nil
}

// CheckCertificate connects to the given IP:port using SNI and
// returns certificate information.
func (c *Checker) CheckCertificate(
	_ context.Context,
	_ string,
	_ string,
) (*CertificateInfo, error) {
	return nil, ErrNotImplemented
}