ol.clave.acme.impl.revocation

Pure helpers for certificate revocation payload construction and validation.

This namespace handles: - Extracting DER bytes from X509Certificate or raw bytes - Constructing revocation payloads with base64url-encoded certificates - Validating RFC 5280 reason codes for ACME revocation

valid-reason?

(valid-reason? reason)

Return true if reason is a valid RFC 5280 revocation reason code for ACME.

Valid codes are 0-6 and 8-10. Code 7 is unused in RFC 5280. Returns false for non-integer values.

source

certificate→der

(certificate->der certificate)

Extract DER-encoded bytes from a certificate.

Accepts either: - java.security.cert.X509Certificate - extracts via .getEncoded() - byte[] - returns as-is

Returns the DER-encoded certificate bytes.

source

payload

(payload certificate)
(payload certificate opts)

Construct a revocation request payload.

Parameters: - certificate - X509Certificate or DER bytes - opts - optional map with :reason (RFC 5280 reason code)

Returns a map with: - :certificate - base64url-encoded DER - :reason - reason code (when provided in opts)

source