ol.clave.automation.impl.cache

Add or update a certificate in the cache.

If :capacity is set in the cache and adding would exceed it, one random certificate is evicted first.

| key | description | |----------|-----------------------------------------------------| | cache_ | Atom containing {:certs {} :index {} :capacity nil} | | bundle | Certificate bundle with :hash and :names |

Find certificate for hostname.

Tries exact match first, then wildcard match.

| key | description | |------------|---------------------------------------| | cache_ | Atom containing {:certs {} :index {}} | | hostname | Hostname to look up |

Remove a certificate from the cache.

| key | description | |----------|-----------------------------------------------------| | cache_ | Atom containing {:certs {} :index {} :capacity nil} | | bundle | Certificate bundle with :hash and :names to remove |

Update OCSP staple in existing cached bundle.

| key | description | |-----------------|-----------------------------------------------------| | cache_ | Atom containing {:certs {} :index {} :capacity nil} | | hash | Hash of the certificate to update | | ocsp-response | New OCSP staple data |

Update ARI data in existing cached bundle.

| key | description | |------------|---------------------------------------------------------------------| | cache_ | Atom containing {:certs {} :index {} :capacity nil} | | hash | Hash of the certificate to update | | ari-data | ARI data with :suggested-window, :selected-time, :retry-after |

Set the :managed flag on a cached bundle.

Used when a previously-cached (unmanaged) certificate becomes managed via manage-domains after passing validation.

| key | description | |----------|---------------------------------------| | cache_ | Atom containing {:certs {} :index {}} | | hash | Hash of the certificate to update |

Check if a stored certificate is newer than the cached version.

Compares certificates by their :not-before timestamp. Returns true if the stored certificate was issued after the cached one.

| key | description | |-----------------|---------------------------------| | stored-bundle | Certificate bundle from storage | | cached-bundle | Certificate bundle from cache |

Compute a consistent hash of certificate chain bytes.

Uses SHA-256 to produce a unique identifier for a certificate chain. The hash is stable: same input always produces the same output.

| key | description | |--------------|----------------------------------------------------------------| | cert-chain | Vector of byte arrays (certificate chain in DER or PEM format) |

Create a certificate bundle from ACME response data.

Extracts SANs, computes hash, and creates a complete bundle map suitable for caching and TLS use.

| key | description | |---------------|-----------------------------------------------------| | certs | Vector of X509Certificate objects (chain) | | private-key | Private key for the certificate | | issuer-key | Identifier for the issuer (e.g., CA directory host) | | managed? | Whether cert is actively managed for renewal |

Update cache based on command result.

Handles cache updates for different command types: - :obtain-certificate success: adds new certificate to cache - :renew-certificate success: removes old cert, adds new cert - :fetch-ocsp success: updates OCSP staple in existing bundle

Does nothing on failure (:status :error).

| key | description | |----------|-----------------------------------------------------| | cache_ | Atom containing {:certs {} :index {}} | | cmd | Command descriptor with :command and :bundle | | result | Result map with :status and command-specific data |