package models

import "time"

// Link a device GUID to issued client certificates.
type DeviceCertificate struct {
	ID         uint   `gorm:"primaryKey"`
	DeviceGUID string `gorm:"index;not null"`                // GUID
	SerialHex  string `gorm:"uniqueIndex;size:128;not null"` // hex (upper or lower; normalize)
	IssuerCN   string `gorm:"size:255"`
	SubjectDN  string `gorm:"size:1024"`
	NotBefore  time.Time
	NotAfter   time.Time
	PemCert    string `gorm:"type:text"` // PEM of leaf cert
	CreatedAt  time.Time
	Device     Device `gorm:"constraint:OnDelete:CASCADE;foreignKey:DeviceGUID;references:GUID"`
}

// “Instant kill” list checked by the mTLS guard before allowing access.
type RevokedSerial struct {
	ID        uint   `gorm:"primaryKey"`
	SerialHex string `gorm:"uniqueIndex;size:128;not null"`
	Reason    string `gorm:"size:1024"`
	CreatedAt time.Time
}