Struct StarManager 

pub struct StarManager { /* private fields */ }

Manages STAR orders and certificate renewal state.

StarManager is the server-side implementation of the STAR protocol (RFC 8739). It tracks active orders in a concurrent map and provides methods for the renewal loop to query which orders need new certificates.

Implementations

impl StarManager

pub fn new(config: StarConfig) -> Self

Create a new StarManager with the given configuration.

pub fn create_order( &self, subject_dn: String, key_type: String, profile: String, renewal_interval_secs: u64, lifetime_days: u32, ca_id: String, csr_der: Vec<u8>, requestor_dn: Option<String>, ) -> Result<StarOrder, StarError>

Create a new STAR order.

Validates the renewal interval against configured bounds, checks the active-order limit, and computes the total number of renewals from the requested lifetime.

RFC 8739 §3.1: the server MUST validate auto-renewal-lifetime and auto-renewal-end-date against its policy before accepting the order.

pub fn get_current_certificate( &self, star_id: &str, ) -> Result<StarCertificate, StarError>

Retrieve the current certificate for a STAR order.

RFC 8739 §3.3: clients GET the STAR certificate URL to obtain the latest renewal.

pub fn store_renewed_certificate( &self, star_id: &str, cert: StarCertificate, ) -> Result<(), StarError>

Store a newly renewed certificate in the order.

Increments the renewal counter and transitions the order to Completed if max_renewals has been reached.

pub fn cancel_order(&self, star_id: &str) -> Result<(), StarError>

Cancel a STAR order.

RFC 8739 §3.1.2: the subscriber or IdO may cancel an active order. After cancellation, no further certificates are issued.

pub fn cleanup_expired(&self) -> usize

Remove orders whose lifetime_end has passed.

Should be called periodically (e.g., from a background task) to reclaim memory. Orders past their lifetime are marked Expired first, then removed entirely.

Returns the number of orders that were cleaned up.

pub fn active_order_count(&self) -> usize

Count of currently active (not cancelled/completed/expired) orders.

pub fn orders_needing_renewal(&self) -> Vec<String>

Return order IDs that need a renewal certificate issued.

An order needs renewal when:

1. Its status is Active.
2. It has not exhausted max_renewals.
3. The current certificate’s expiry minus the pre-renewal window is in the past (or no certificate has been issued yet).

The pre-renewal window is renewal_interval * pre_renewal_factor. For example, with a 24-hour interval and factor 0.5, renewal triggers when 12 hours remain on the current certificate.

pub fn get_order(&self, star_id: &str) -> Option<StarOrder>

Retrieve a clone of a STAR order by ID.

Returns None if the order does not exist.