Skip to main content

AppState

kipuka::state

Struct AppState 

Source 
pub struct AppState {
Show 13 fields
    pub config: Arc<Config>,
    pub db: AnyPool,
    pub db_ro: AnyPool,
    pub db_kind: DbKind,
    pub cas: Arc<IndexMap<String, Arc<CaState>>>,
    pub default_ca_id: Arc<String>,
    pub otp_store: Option<Arc<OtpStore>>,
    pub hsm: Option<Arc<HsmContext>>,
    pub audit: Arc<AuditState>,
    pub ha_manager: Option<Arc<HaManager>>,
    pub gss_cred: Option<Arc<dyn Any + Send + Sync>>,
    pub star_manager: Option<Arc<StarManager>>,
    pub startup_time: Instant,

}
Expand description

Top-level application state cloned into every axum handler.

Fields§

§config: Arc<Config>

Parsed and validated configuration.

§db: AnyPool

Primary database connection pool (read-write).

§db_ro: AnyPool

Read-only database connection pool.

For SQLite WAL mode, this is a ?mode=ro pool that never acquires the write lock, enabling concurrent reads during writes. For PostgreSQL/MariaDB, this is a clone of db (MVCC handles concurrency natively).

§db_kind: DbKind

Database backend discriminant (drives BEGIN IMMEDIATE for SQLite).

§cas: Arc<IndexMap<String, Arc<CaState>>>

All CAs keyed by their id, in config declaration order.

§default_ca_id: Arc<String>

The CA designated as the default for unlabeled EST requests.

§otp_store: Option<Arc<OtpStore>>

OTP store (present when [otp] is enabled).

§hsm: Option<Arc<HsmContext>>

HSM context (present when [hsm] is configured).

§audit: Arc<AuditState>

Shared audit state (overflow flag, alarm counter).

§ha_manager: Option<Arc<HaManager>>

HA manager for multi-CA failover (present when HA is configured).

§gss_cred: Option<Arc<dyn Any + Send + Sync>>

Server-side GSSAPI credential for SPNEGO authentication.

None when GSSAPI is not configured. When present, the auth layer uses it to validate Authorization: Negotiate tokens.

§star_manager: Option<Arc<StarManager>>

STAR certificate manager (present when [star] is enabled).

Manages active STAR orders and their renewal state (RFC 8739).

§startup_time: Instant

Timestamp when the server process started.

Used for uptime reporting in health endpoints and session expiry calculations.

Implementations§

Source§

impl AppState

Source

pub fn default_ca(&self) -> &Arc<CaState>

Return the default CA state.

§Panics

Panics if default_ca_id is not present in cas. This indicates a bug in the startup code — Config::validate() ensures the default CA exists.

Source

pub fn get_ca(&self, ca_id: &str) -> Option<&Arc<CaState>>

Look up a CA by its identifier. Returns None for unknown IDs.

Source

pub fn default_ca_cert_der(&self) -> Option<Vec<u8>>

Returns the DER-encoded certificate of the default CA.

Used by the OCSP client (RFC 6960) to build CertID structures for revocation checking of client certificates (RHELBU-3536 R21). Returns None if no default CA is configured or the cert is empty.

Source

pub async fn record_audit_event(&self, event_type: &str, detail: &str)

Record an audit event, logging (but not propagating) any DB error.

Convenience wrapper that bundles the DB pool and audit state so call sites only need to pass the event type and detail.

Trait Implementations§

Source§

impl Clone for AppState

Source§

fn clone(&self) -> AppState

Returns a duplicate of the value. Read more
1.0.0 · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dest. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

§

impl<T> FromRef<T> for T
where T: Clone,

§

fn from_ref(input: &T) -> T

Converts to this type from a reference to the input type.
§

impl<T> Instrument for T

§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided [Span], returning an Instrumented wrapper. Read more
§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> IntoEither for T

Source§

fn into_either(self, into_left: bool) -> Either<Self, Self>

Converts self into a Left variant of Either<Self, Self> if into_left is true. Converts self into a Right variant of Either<Self, Self> otherwise. Read more
Source§

fn into_either_with<F>(self, into_left: F) -> Either<Self, Self>
where F: FnOnce(&Self) -> bool,

Converts self into a Left variant of Either<Self, Self> if into_left(&self) returns true. Converts self into a Right variant of Either<Self, Self> otherwise. Read more
§

impl<T> PolicyExt for T
where T: ?Sized,

§

fn and<P, B, E>(self, other: P) -> And<T, P>
where T: Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns [Action::Follow] only if self and other return Action::Follow. Read more
§

fn or<P, B, E>(self, other: P) -> Or<T, P>
where T: Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns [Action::Follow] if either self or other returns Action::Follow. Read more
Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
§

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

§

fn vzip(self) -> V

§

impl<T> WithSubscriber for T

§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a [WithDispatch] wrapper. Read more
§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a [WithDispatch] wrapper. Read more
§

impl<ST, DT> CastableFrom<ST, Initialized, Initialized> for DT
where ST: ?Sized, DT: ?Sized,

§

impl<ST, DT> CastableFrom<ST, Uninit, Uninit> for DT
where ST: ?Sized, DT: ?Sized,

§

impl<T> Read<Exclusive, BecauseExclusive> for T
where T: ?Sized,