gsadmin/certctl
1
0
Fork 0
mirror of https://github.com/shankar0123/certctl.git synced 2026-06-07 15:41:41 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
66d2af36a7b761c9c36d277d3a8295f2a161ca53
certctl/internal/domain/ocsp_response_cache.go
T
shankar0123 7cb453a336 chore(fmt): repo-wide gofmt -w sweep — close drift surfaced by ci-pipeline-cleanup Phase 4 
Mechanical reformat. The new 'gofmt drift' CI step (added in
ci-pipeline-cleanup Phase 4, commit 0f205a8) surfaced 111 files
with accumulated gofmt drift across cmd/, internal/, and deploy/test/.

Each file's diff is gofmt-standard: whitespace adjustments, intra-
group import sorting (alphabetical by import path within blank-line-
separated groups), and struct-tag column alignment. No semantic
changes — verified via 'git diff --ignore-all-space' which shows only
the line-position deltas from import reordering.

The gate stays in place after this commit. Going forward it catches
gofmt drift at PR time.
2026-04-30 22:33:57 +00:00

31 lines
1.5 KiB
Go
Raw Blame History

package domain
import "time"
// OCSPResponseCacheEntry is one row in the ocsp_response_cache table —
// a pre-signed OCSP response for a specific (issuer_id, serial_hex)
// pair. The HTTP handler at /.well-known/pki/ocsp/{issuer_id}/...
// reads from this cache rather than triggering a fresh signature per
// request. Production hardening II Phase 2.
//
// Schema lives in migrations/000024_ocsp_response_cache.up.sql.
type OCSPResponseCacheEntry struct {
IssuerID string `json:"issuer_id"`
SerialHex string `json:"serial_hex"`
ResponseDER []byte `json:"-"` // raw DER, omitted from admin JSON to keep responses lean
CertStatus string `json:"cert_status"` // "good" | "revoked" | "unknown"
RevocationReason int `json:"revocation_reason,omitempty"` // only set when CertStatus == "revoked"
RevokedAt time.Time `json:"revoked_at,omitempty"` // only set when CertStatus == "revoked"
ThisUpdate time.Time `json:"this_update"`
NextUpdate time.Time `json:"next_update"`
GeneratedAt time.Time `json:"generated_at"`
}
// IsStale returns true when next_update is at or before now — the
// cached response's promised validity window has elapsed. Callers fall
// through to live signing on stale + write the fresh response back to
// cache (read-through facade).
func (e *OCSPResponseCacheEntry) IsStale(now time.Time) bool {
return !now.Before(e.NextUpdate)
}
Reference in New Issue View Git Blame Copy Permalink