ol.clave.ext.common
Common utilities for clave server extensions.
This namespace provides server-agnostic helpers for working with clave’s automation layer, including keystore creation and event processing.
These functions can be used by any server extension (Jetty, http-kit, etc.).
create-keystore
(create-keystore bundle)
(create-keystore bundle password)
Create an in-memory PKCS12 KeyStore from a clave certificate bundle.
No disk I/O - purely in-memory operation suitable for TLS handshakes.
| key | description |
|---|---|
|
Certificate bundle from |
|
Optional keystore password (default "changeit") |
Returns a java.security.KeyStore ready for use with TLS servers.
Returns nil if bundle is nil (no certificate available yet).
(create-keystore (auto/lookup-cert system "example.com" ))
;; => #object[java.security.KeyStore ...]
certificate-event?
(certificate-event? evt)
Check if an event indicates a certificate change.
Returns true for :certificate-obtained, :certificate-renewed, and
:certificate-loaded events.
| key | description |
|---|---|
|
Event from |
(when (certificate-event? evt)
(log/info "Certificate updated for" (event-domain evt)))
event-domain
(event-domain evt)
Extract the domain name from a certificate event.
Returns the domain string or nil if event has no domain.
| key | description |
|---|---|
|
Event map |
wrap-redirect-https
(wrap-redirect-https handler)
(wrap-redirect-https handler {:keys [ssl-port] :or {ssl-port 443 }})
Ring middleware that redirects HTTP requests to HTTPS.
| key | description |
|---|---|
|
Ring handler to wrap |
|
Options map with |
Options:
- :ssl-port - HTTPS port for redirect URL.
Defaults to 443 (implicit, no port in URL).
Use a custom port like 8443 to include it explicitly.
Passes through requests that are already HTTPS (by :scheme or x-forwarded-proto header).
(wrap-redirect-https handler {:ssl-port 8443 })
no-op-solver
(no-op-solver)
Create a no-op ACME solver for testing.
Returns a solver that does nothing.
Useful with PEBBLE_VA_ALWAYS_VALID=1 where challenge validation is skipped.
{:solvers {:http-01 (no-op-solver)}}
wait-for-certificates
(wait-for-certificates system domains)
Wait for certificates to be available for all domains.
Polls ol.clave.automation/lookup-cert once per second until certificates
are available for every domain. Blocks indefinitely until the automation
system obtains all certificates or throws an error.
| key | description |
|---|---|
|
clave automation system |
|
Vector of domains to wait for |
Returns nil once all certificates are available.
(wait-for-certificate system ["example.com" "www.example.com" ])
(create-keystore (auto/lookup-cert system "example.com" ))