ol.clave.automation.impl.cache
In-memory certificate cache for the automation layer.
The cache provides fast certificate lookup for TLS handshakes and iteration for maintenance loop. Certificates are indexed by SAN for efficient domain-based lookups.
cache-certificate
(cache-certificate cache_ bundle)
Add or update a certificate in the cache.
If :capacity is set in the cache and adding would exceed it,
one random certificate is evicted first.
| key | description |
|---|---|
|
Atom containing {:certs {} :index {} :capacity nil} |
|
Certificate bundle with :hash and :names |
lookup-cert
(lookup-cert cache_ hostname)
Find certificate for hostname.
Tries exact match first, then wildcard match.
| key | description |
|---|---|
|
Atom containing {:certs {} :index {}} |
|
Hostname to look up |
remove-certificate
(remove-certificate cache_ bundle)
Remove a certificate from the cache.
| key | description |
|---|---|
|
Atom containing {:certs {} :index {} :capacity nil} |
|
Certificate bundle with :hash and :names to remove |
update-ocsp-staple
(update-ocsp-staple cache_ hash ocsp-response)
Update OCSP staple in existing cached bundle.
| key | description |
|---|---|
|
Atom containing {:certs {} :index {} :capacity nil} |
|
Hash of the certificate to update |
|
New OCSP staple data |
update-ari-data
(update-ari-data cache_ hash ari-data)
Update ARI data in existing cached bundle.
| key | description |
|---|---|
|
Atom containing {:certs {} :index {} :capacity nil} |
|
Hash of the certificate to update |
|
ARI data with |
mark-managed
(mark-managed cache_ hash)
Set the :managed flag on a cached bundle.
Used when a previously-cached (unmanaged) certificate becomes managed
via manage-domains after passing validation.
| key | description |
|---|---|
|
Atom containing {:certs {} :index {}} |
|
Hash of the certificate to update |
newer-than-cache?
(newer-than-cache? stored-bundle cached-bundle)
Check if a stored certificate is newer than the cached version.
Compares certificates by their :not-before timestamp. Returns true
if the stored certificate was issued after the cached one.
| key | description |
|---|---|
|
Certificate bundle from storage |
|
Certificate bundle from cache |
hash-certificate
(hash-certificate cert-chain)
Compute a consistent hash of certificate chain bytes.
Uses SHA-256 to produce a unique identifier for a certificate chain. The hash is stable: same input always produces the same output.
| key | description |
|---|---|
|
Vector of byte arrays (certificate chain in DER or PEM format) |
create-bundle
(create-bundle certs private-key issuer-key managed?)
Create a certificate bundle from ACME response data.
Extracts SANs, computes hash, and creates a complete bundle map suitable for caching and TLS use.
| key | description |
|---|---|
|
Vector of X509Certificate objects (chain) |
|
Private key for the certificate |
|
Identifier for the issuer (e.g., CA directory host) |
|
Whether cert is actively managed for renewal |
handle-command-result
(handle-command-result cache_ cmd result)
Update cache based on command result.
Handles cache updates for different command types:
- :obtain-certificate success: adds new certificate to cache
- :renew-certificate success: removes old cert, adds new cert
- :fetch-ocsp success: updates OCSP staple in existing bundle
Does nothing on failure (:status :error).
| key | description |
|---|---|
|
Atom containing {:certs {} :index {}} |
|
Command descriptor with |
|
Result map with |