-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathtls_failures.go
More file actions
122 lines (111 loc) · 4.07 KB
/
Copy pathtls_failures.go
File metadata and controls
122 lines (111 loc) · 4.07 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
package store
import (
"fmt"
"time"
)
// RecordTLSFailure records a TLS connection failure for TLS-RPT report generation
func (db *DB) RecordTLSFailure(recipientDomain, failureReason, sendingMTAIP, receivingMXHostname, receivingIP string) error {
_, err := db.Exec(`
INSERT INTO tls_failures (recipient_domain, failure_reason, sending_mta_ip, receiving_mx_hostname, receiving_ip, attempted_at)
VALUES (?, ?, ?, ?, ?, datetime('now'))
`, recipientDomain, failureReason, sendingMTAIP, receivingMXHostname, receivingIP)
return err
}
// TLSFailureRecord represents a single TLS failure entry
type TLSFailureRecord struct {
RecipientDomain string
FailureReason string
SendingMTAIP string
ReceivingMXHostname string
ReceivingIP string
AttemptedAt time.Time
}
// GetTLSFailuresForReport retrieves aggregated TLS failures for a domain within a time range
// Returns: list of failure records and count summary
func (db *DB) GetTLSFailuresForReport(domain string, startTime, endTime time.Time) ([]TLSFailureRecord, error) {
rows, err := db.Query(`
SELECT recipient_domain, failure_reason, sending_mta_ip, receiving_mx_hostname, receiving_ip, attempted_at
FROM tls_failures
WHERE recipient_domain = ? AND attempted_at >= datetime(?) AND attempted_at < datetime(?) AND sent_at IS NULL
ORDER BY attempted_at DESC
`, domain, startTime.Format(time.RFC3339), endTime.Format(time.RFC3339))
if err != nil {
return nil, fmt.Errorf("querying TLS failures: %w", err)
}
defer rows.Close()
var failures []TLSFailureRecord
for rows.Next() {
var record TLSFailureRecord
var attemptedAtStr string
if err := rows.Scan(&record.RecipientDomain, &record.FailureReason, &record.SendingMTAIP,
&record.ReceivingMXHostname, &record.ReceivingIP, &attemptedAtStr); err != nil {
return nil, err
}
record.AttemptedAt, _ = time.Parse(time.RFC3339, attemptedAtStr)
failures = append(failures, record)
}
return failures, rows.Err()
}
// GetDomainsWithTLSFailures returns list of domains that have unreported TLS failures
func (db *DB) GetDomainsWithTLSFailures() ([]string, error) {
rows, err := db.Query(`
SELECT DISTINCT recipient_domain
FROM tls_failures
WHERE sent_at IS NULL
ORDER BY recipient_domain
`)
if err != nil {
return nil, fmt.Errorf("querying domains with TLS failures: %w", err)
}
defer rows.Close()
var domains []string
for rows.Next() {
var domain string
if err := rows.Scan(&domain); err != nil {
return nil, err
}
domains = append(domains, domain)
}
return domains, rows.Err()
}
// CountTLSFailuresByReason returns count of failures grouped by reason for a domain and time range
func (db *DB) CountTLSFailuresByReason(domain string, startTime, endTime time.Time) (map[string]int, error) {
rows, err := db.Query(`
SELECT failure_reason, COUNT(*) as count
FROM tls_failures
WHERE recipient_domain = ? AND attempted_at >= datetime(?) AND attempted_at < datetime(?) AND sent_at IS NULL
GROUP BY failure_reason
ORDER BY count DESC
`, domain, startTime.Format(time.RFC3339), endTime.Format(time.RFC3339))
if err != nil {
return nil, err
}
defer rows.Close()
results := make(map[string]int)
for rows.Next() {
var reason string
var count int
if err := rows.Scan(&reason, &count); err != nil {
return nil, err
}
results[reason] = count
}
return results, rows.Err()
}
// MarkTLSFailuresAsReported marks all unsent records for a domain in a time range as sent
func (db *DB) MarkTLSFailuresAsReported(domain string, startTime, endTime time.Time) error {
_, err := db.Exec(`
UPDATE tls_failures
SET sent_at = datetime('now')
WHERE recipient_domain = ? AND attempted_at >= datetime(?) AND attempted_at < datetime(?) AND sent_at IS NULL
`, domain, startTime.Format(time.RFC3339), endTime.Format(time.RFC3339))
return err
}
// CleanOldTLSFailures removes records older than retentionDays days
func (db *DB) CleanOldTLSFailures(retentionDays int) error {
cutoff := time.Now().AddDate(0, 0, -retentionDays)
_, err := db.Exec(`
DELETE FROM tls_failures WHERE attempted_at < datetime(?)
`, cutoff.Format(time.RFC3339))
return err
}