Struct CaState 

pub struct CaState {
    pub id: String,
    pub key_type: String,
    pub cert_der: Vec<u8>,
    pub cert_chain: Vec<Vec<u8>>,
    pub hash_algorithm: String,
    pub validity_days: u32,
    pub crl_url: Option<String>,
    pub ocsp_url: Option<String>,
    pub crl_cache: Mutex<Option<(Vec<u8>, Instant)>>,
    pub cab_forum_compliant: bool,
}

Per-CA key material and issuance policy.

One CaState is created for each [[ca]] config entry at startup. The signing key and certificate chain are loaded once and shared across all concurrent handler tasks via Arc<CaState>.

Fields

id: String

Unique identifier (matches CaConfig.id).

key_type: String

Key type string from config, e.g., "ec:P-256" or "rsa:2048".

cert_der: Vec<u8>

DER-encoded CA certificate.

cert_chain: Vec<Vec<u8>>

Full certificate chain (CA cert + intermediates) as DER blobs.

Used for the /cacerts EST endpoint (RFC 7030 §4.1).

hash_algorithm: String

Hash algorithm string, e.g., "sha256".

validity_days: u32

Default validity period for issued certificates.

crl_url: Option<String>

Optional CRL distribution point URL.

ocsp_url: Option<String>

Optional OCSP responder URL.

crl_cache: Mutex<Option<(Vec<u8>, Instant)>>

In-memory CRL cache: DER bytes + expiry instant.

Populated lazily on the first CRL request; invalidated after revocation events.

cab_forum_compliant: bool

CA/B Forum compliance enforcement.