created handlers for certificate manipulation in vault. Inserted device mTLS guards for public faced endpoints
This commit is contained in:
24
server/internal/models/cert.go
Normal file
24
server/internal/models/cert.go
Normal file
@@ -0,0 +1,24 @@
|
||||
package models
|
||||
|
||||
import "time"
|
||||
|
||||
// Link a device GUID to issued client certificates.
|
||||
type DeviceCertificate struct {
|
||||
ID uint `gorm:"primaryKey"`
|
||||
DeviceGUID string `gorm:"index;not null"` // GUID
|
||||
SerialHex string `gorm:"uniqueIndex;size:128;not null"` // hex (upper or lower; normalize)
|
||||
IssuerCN string `gorm:"size:255"`
|
||||
SubjectDN string `gorm:"size:1024"`
|
||||
NotBefore time.Time
|
||||
NotAfter time.Time
|
||||
PemCert string `gorm:"type:text"` // PEM of leaf cert
|
||||
CreatedAt time.Time
|
||||
}
|
||||
|
||||
// “Instant kill” list checked by the mTLS guard before allowing access.
|
||||
type RevokedSerial struct {
|
||||
ID uint `gorm:"primaryKey"`
|
||||
SerialHex string `gorm:"uniqueIndex;size:128;not null"`
|
||||
Reason string `gorm:"size:1024"`
|
||||
CreatedAt time.Time
|
||||
}
|
||||
Reference in New Issue
Block a user