{# templates/_macros_ssl_tls.html #}
{% macro ssl_tls_card(ssl_tls) %}
<div class="card" id="ssl">
  <h2 class="card-title">SSL/TLS Intelligence</h2>

  {# -------- 1) Error branch -------- #}
  {% if ssl_tls is none or 'error' in ssl_tls %}
    <div class="badge badge-danger">Error</div>
    <p class="muted">SSL/TLS enrichment failed or is unavailable.</p>
    {% if ssl_tls and ssl_tls.error %}<pre class="prewrap">{{ ssl_tls.error }}</pre>{% endif %}

  {# -------- 2) Skipped branch -------- #}
  {% elif ssl_tls.skipped %}
    <div class="badge badge-muted">Skipped</div>
    {% if ssl_tls.reason %}<span class="muted small">{{ ssl_tls.reason }}</span>{% endif %}

    <div class="section">
      <button class="badge badge-muted" data-toggle="tls-raw">Toggle raw</button>
      <pre id="tls-raw" hidden>{{ ssl_tls|tojson(indent=2) }}</pre>
    </div>

  {# -------- 3) Normal branch (render probe + crt.sh) -------- #}
  {% else %}

    {# ===================== LIVE PROBE ===================== #}
    {% set probe = ssl_tls.probe if ssl_tls else None %}
    <section class="section">
      <div class="section-header">
        <h3>Live TLS Probe</h3>
        {% if probe %}
          <span class="muted">Host:</span> <code>{{ probe.hostname }}:{{ probe.port }}</code>
        {% endif %}
      </div>

      {% if not probe %}
        <p class="muted">No probe data.</p>
      {% else %}
        <div class="tls-matrix">
          {% set versions = ['TLS1.0','TLS1.1','TLS1.2','TLS1.3'] %}
          {% for v in versions %}
            {% set r = probe.results_by_version.get(v) if probe.results_by_version else None %}
            <div class="tls-matrix-row">
              <div class="tls-cell version">{{ v }}</div>

              {% if r and r.supported %}
                <div class="tls-cell status"><span class="badge badge-ok">Supported</span></div>
                <div class="tls-cell cipher">
                  {% if r.selected_cipher %}
                    <span class="chip">{{ r.selected_cipher }}</span>
                  {% else %}
                    <span class="muted">cipher: n/a</span>
                  {% endif %}
                </div>
                <div class="tls-cell latency">
                  {% if r.handshake_seconds is not none %}
                    <span class="muted">{{ '%.0f' % (r.handshake_seconds*1000) }} ms</span>
                  {% else %}
                    <span class="muted">—</span>
                  {% endif %}
                </div>
              {% else %}
                <div class="tls-cell status"><span class="badge badge-muted">Not Supported</span></div>
                <div class="tls-cell cipher">
                  {% if r and r.error %}
                    <span class="muted small">({{ r.error }})</span>
                  {% else %}
                    <span class="muted">—</span>
                  {% endif %}
                </div>
                <div class="tls-cell latency"><span class="muted">—</span></div>
              {% endif %}
            </div>
          {% endfor %}
        </div>

        <div class="flag-row">
          {% if probe.weak_protocols and probe.weak_protocols|length > 0 %}
            <span class="badge badge-warn">Weak Protocols</span>
            {% for wp in probe.weak_protocols %}
              <span class="chip chip-warn">{{ wp }}</span>
            {% endfor %}
          {% endif %}
          {% if probe.weak_ciphers and probe.weak_ciphers|length > 0 %}
            <span class="badge badge-warn">Weak Ciphers</span>
            {% for wc in probe.weak_ciphers %}
              <span class="chip chip-warn">{{ wc }}</span>
            {% endfor %}
          {% endif %}
        </div>

        {% if probe.errors and probe.errors|length > 0 %}
          <details class="details">
            <summary>Probe Notes</summary>
            <ul class="list">
              {% for e in probe.errors %}
                <li class="muted small">{{ e }}</li>
              {% endfor %}
            </ul>
          </details>
        {% endif %}
      {% endif %}
    </section>

    <hr class="divider"/>

    {# ===================== CRT.SH ===================== #}
    {% set crtsh = ssl_tls.crtsh if ssl_tls else None %}
    <section class="section">
      <div class="section-header">
        <h3>Certificate Transparency (crt.sh)</h3>
        {% if crtsh %}
          <span class="muted">Parsed:</span>
          <code>{{ crtsh.hostname or 'n/a' }}</code>
          {% if crtsh.root_domain %}
            <span class="muted"> • Root:</span> <code>{{ crtsh.root_domain }}</code>
            {% if crtsh.is_root_domain %}<span class="badge badge-ok">Root</span>{% else %}<span class="badge badge-muted">Subdomain</span>{% endif %}
          {% endif %}
        {% endif %}
      </div>

      {% if not crtsh %}
        <p class="muted">No CT data.</p>
      {% else %}
        <div class="grid two">
          <div>
            <h4 class="muted">Host Certificates</h4>
            {% set host_certs = crtsh.crtsh.host_certs if 'crtsh' in crtsh and crtsh.crtsh else None %}
            {% if host_certs and host_certs|length > 0 %}
              <ul class="list">
                {% for c in host_certs[:10] %}
                  <li class="mono small">
                    <span class="chip">{{ c.get('issuer_name','issuer n/a') }}</span>
                    <span class="muted"> • </span>
                    <strong>{{ c.get('name_value','(name n/a)') }}</strong>
                    <span class="muted"> • not_before:</span> {{ c.get('not_before','?') }}
                  </li>
                {% endfor %}
              </ul>
              {% if host_certs|length > 10 %}
                <div class="muted small">(+ {{ host_certs|length - 10 }} more)</div>
              {% endif %}
            {% else %}
              <p class="muted">No active host certs found.</p>
            {% endif %}
          </div>

          <div>
            <h4 class="muted">Wildcard on Root</h4>
            {% set wc = crtsh.crtsh.wildcard_root_certs if 'crtsh' in crtsh and crtsh.crtsh else None %}
            {% if wc and wc|length > 0 %}
              <ul class="list">
                {% for c in wc[:10] %}
                  <li class="mono small">
                    <span class="chip">{{ c.get('issuer_name','issuer n/a') }}</span>
                    <span class="muted"> • </span>
                    <strong>{{ c.get('name_value','(name n/a)') }}</strong>
                    <span class="muted"> • not_before:</span> {{ c.get('not_before','?') }}
                  </li>
                {% endfor %}
              </ul>
              {% if wc|length > 10 %}
                <div class="muted small">(+ {{ wc|length - 10 }} more)</div>
              {% endif %}
            {% else %}
              <p class="muted">No wildcard/root certs found.</p>
            {% endif %}
          </div>
        </div>
      {% endif %}
    </section>

    {# ===================== RAW JSON TOGGLE ===================== #}
    <div class="section">
      <button class="badge badge-muted" data-toggle="tls-raw">Toggle raw</button>
      <pre id="tls-raw" hidden>{{ ssl_tls|tojson(indent=2) }}</pre>
    </div>

  {% endif %}

  <p><a href="#top-jump-list">Back to top</a></p>
</div>
{% endmacro %}