clients

type CertificateDistinguishedName struct {
	Country            []string `json:"country,omitempty"`
	Organization       []string `json:"organization,omitempty"`
	OrganizationalUnit []string `json:"organizational_unit,omitempty"`
	Locality           []string `json:"locality,omitempty"`
	Province           []string `json:"province,omitempty"`
	StreetAddress      []string `json:"street_address,omitempty"`
	CommonName         string   `json:"common_name,omitempty"`
}

type CertificateResponse struct {
	// Expired specifies whether the certificate has expired
	Expired bool `json:"expired,omitempty"`
	// SelfSigned returns true if the certificate is self-signed
	SelfSigned bool `json:"self_signed,omitempty"`
	// MisMatched returns true if the certificate is mismatched
	MisMatched bool `json:"mismatched,omitempty"`
	// Revoked returns true if the certificate is revoked
	Revoked bool `json:"revoked,omitempty"`
	// Untrusted is true if the certificate is untrusted
	Untrusted bool `json:"untrusted,omitempty"`
	// NotBefore is the not-before time for certificate
	NotBefore time.Time `json:"not_before,omitempty"`
	// NotAfter is the not-after time for certificate
	NotAfter time.Time `json:"not_after,omitempty"`
	// SubjectDN is the distinguished name for cert
	SubjectDN string `json:"subject_dn,omitempty"`
	// SubjectCN is the common name for cert
	SubjectCN string `json:"subject_cn,omitempty"`
	// SubjectOrg is the organization for cert subject
	SubjectOrg []string `json:"subject_org,omitempty"`
	// SubjectAN is a list of Subject Alternative Names for the certificate
	SubjectAN []string `json:"subject_an,omitempty"`
	// Domains is list of  deduplicated subject_cn + subject_an
	Domains []string `json:"domains,omitempty"`
	//Serial is the certificate serial number
	Serial string `json:"serial,omitempty"`
	// IssuerDN is the distinguished name for cert
	IssuerDN string `json:"issuer_dn,omitempty"`
	// IssuerCN is the common name for cert
	IssuerCN string `json:"issuer_cn,omitempty"`
	// IssuerOrg is the organization for cert issuer
	IssuerOrg []string `json:"issuer_org,omitempty"`
	// Emails is a list of Emails for the certificate
	Emails []string `json:"emails,omitempty"`
	// FingerprintHash is the hashes for certificate
	FingerprintHash CertificateResponseFingerprintHash `json:"fingerprint_hash,omitempty"`
	// Certificate is the raw certificate in PEM format
	Certificate string `json:"certificate,omitempty"`
	// WildCardCert is true if tls certificate is a wildcard certificate
	WildCardCert bool `json:"wildcard_certificate,omitempty"`
}

type CertificateResponseFingerprintHash struct {
	// MD5 is the md5 hash for certificate
	MD5 string `json:"md5,omitempty"`
	// SHA1 is the sha1 hash for certificate
	SHA1 string `json:"sha1,omitempty"`
	// SHA256 is the sha256 hash for certificate
	SHA256 string `json:"sha256,omitempty"`
}

type CipherSecLevel uint

type CipherTypes struct {
	Weak     []string `json:"weak,omitempty"`
	Insecure []string `json:"insecure,omitempty"`
	Secure   []string `json:"secure,omitempty"`
	Unknown  []string `json:"unknown,omitempty"` // cipher type not know to tlsx
}

type ConnectOptions struct {
	SNI         string
	VersionTLS  string
	Ciphers     []string
	CipherLevel []CipherSecLevel // Only used in cipher enum mode
	EnumMode    EnumMode         // Enumeration Mode (version or ciphers)
}

type EnumMode uint

type Implementation interface {
	// Connect connects to a host and grabs the response data
	ConnectWithOptions(hostname, ip, port string, options ConnectOptions) (*Response, error)

	EnumerateCiphers(hostname, ip, port string, options ConnectOptions) ([]string, error)

	// SupportedTLSVersions returns the list of supported tls versions
	SupportedTLSVersions() ([]string, error)
	// SupportedTLSCiphers returns the list of supported tls ciphers
	SupportedTLSCiphers() ([]string, error)
}

type Options struct {
	// OutputFile is the file to write output to
	OutputFile string
	// Inputs is a list of inputs to process
	Inputs goflags.StringSlice
	// InputList is the list of inputs to process
	InputList string
	// ServerName is the optional server-name for tls connection
	ServerName goflags.StringSlice
	// RandomForEmptyServerName in case of empty sni
	RandomForEmptyServerName bool
	// ReversePtrSNI performs a reverse PTR query to obtain SNI from IP
	ReversePtrSNI bool
	// Verbose enables display of verbose output
	Verbose bool
	// Version shows the version of the program
	Version bool
	// JSON enables display of JSON output
	JSON bool
	// DisplayDns enables display of unique hostname from SSL certificate response
	DisplayDns bool
	// TLSChain enables printing TLS chain information to output
	TLSChain bool
	// Deprecated: AllCiphers exists for historical compatibility and should not be used
	AllCiphers bool
	// ProbeStatus enables writing of errors with json output
	ProbeStatus bool
	// CertsOnly enables early SSL termination using ztls flag
	CertsOnly bool
	// RespOnly displays TLS respones only in CLI output
	RespOnly bool
	// Silent enables silent output display
	Silent bool
	// NoColor disables coloring of CLI output
	NoColor bool
	// Retries is the number of times to retry TLS connection
	Retries int
	// Timeout is the number of seconds to wait for connection
	Timeout int
	// Concurrency is the number of concurrent threads to process
	Concurrency int
	// Delay is the duration to wait between requests in each thread
	Delay string
	// Port is the ports to make request to
	Ports goflags.StringSlice
	// Ciphers is a list of custom ciphers to use for connection
	Ciphers goflags.StringSlice
	// CACertificate is the CA certificate for connection
	CACertificate string
	// MinVersion is the minimum tls version that is acceptable
	MinVersion string
	// MaxVersion is the maximum tls version that is acceptable
	MaxVersion string
	// Resolvers contains custom resolvers for the tlsx client
	Resolvers goflags.StringSlice
	// ScanMode is the tls connection mode to use
	ScanMode string
	// VerifyServerCertificate enables optional verification of server certificates
	VerifyServerCertificate bool
	// OpenSSL Binary Path
	OpenSSLBinary string
	// SAN displays Subject Alternative Names
	SAN bool
	// CN displays Subject Common Name
	CN bool
	// SO displays Subject Organization Name
	SO bool
	// TLSVersion displays used TLS version
	TLSVersion bool
	// Cipher displays used cipher
	Cipher bool
	// Expired displays validity of TLS certificate
	Expired bool
	// SelfSigned displays if cert is self-signed
	SelfSigned bool
	// Untrusted displays if cert is untrusted
	Untrusted bool
	// MisMatched displays if the cert is mismatched
	MisMatched bool
	// Revoked displays if the cert is revoked
	Revoked bool
	// HardFail defines Revoke status when there are parse failures or other errors
	// If HardFail is true then on any error certificate is considered as revoked
	HardFail bool
	// Hash is the hash to display for certificate
	Hash string
	// Jarm calculate jarm fingerprinting with multiple probes
	Jarm bool
	// Cert displays certificate in pem format
	Cert bool
	// Ja3 displays ja3 fingerprint hash
	Ja3 bool
	// Scan all IP's
	ScanAllIPs bool
	// IP Version to use for scanning
	IPVersion goflags.StringSlice
	// WildcardCertCheck enables wildcard certificate check
	WildcardCertCheck bool
	// TlsVersionsEnum enumerates supported tls versions
	TlsVersionsEnum bool
	// TlsCiphersEnum enumerates supported ciphers per TLS protocol
	TlsCiphersEnum bool
	// TLSCipherSecLevel
	TLsCipherLevel []string
	// ClientHello include client hello (only ztls)
	ClientHello bool
	// ServerHello include server hello (only ztls)
	ServerHello bool
	// HealthCheck performs a capabilities healthcheck
	HealthCheck bool
	// DisableUpdateCheck disables checking update
	DisableUpdateCheck bool
	// CipherConcurrency
	CipherConcurrency int

	// Fastdialer is a fastdialer dialer instance
	Fastdialer *fastdialer.Dialer
	// Serail displays certiface serial number
	Serial bool
}

type Response struct {
	// Timestamp is the timestamp for certificate response
	Timestamp *time.Time `json:"timestamp,omitempty"`
	// Host is the host to make request to
	Host string `json:"host"`
	// IP is the IP address the request was made to
	IP string `json:"ip,omitempty"`
	// Port is the port to make request to
	Port string `json:"port"`
	// ProbeStatus is false if the tls probe failed
	ProbeStatus bool `json:"probe_status"`
	// Error is the optional error for tls request included
	// with errors_json flag.
	Error string `json:"error,omitempty"`
	// Version is the tls version responded by the server
	Version string `json:"tls_version,omitempty"`
	// Cipher is the cipher for the tls request
	Cipher string `json:"cipher,omitempty"`
	// CertificateResponse is the leaf certificate embedded in json
	*CertificateResponse `json:",inline"`
	// TLSConnection is the client used for TLS connection
	// when ran using scan-mode auto.
	TLSConnection string `json:"tls_connection,omitempty"`
	// Chain is the chain of certificates
	Chain       []*CertificateResponse `json:"chain,omitempty"`
	JarmHash    string                 `json:"jarm_hash,omitempty"`
	Ja3Hash     string                 `json:"ja3_hash,omitempty"`
	ServerName  string                 `json:"sni,omitempty"`
	VersionEnum []string               `json:"version_enum,omitempty"`
	TlsCiphers  []TlsCiphers           `json:"cipher_enum,omitempty"`
	ClientHello *ztls.ClientHello      `json:"client_hello,omitempty"`
	ServerHello *ztls.ServerHello      `json:"servers_hello,omitempty"`
}

type TlsCiphers struct {
	Version string      `json:"version,omitempty"`
	Ciphers CipherTypes `json:"ciphers,omitempty"`
}