revocation
Module: revocation
Section titled “Module: revocation”Contents
Section titled “Contents”Structs
RevocationEntry- An event representing the revocation of a capability token.RevocationStore- In-memory revocation store with file-based ingestion.RevocationStoreWatcher- Owns the file watcher and reload task for a [RevocationStore].
firma_authority::revocation::RevocationEntry
Section titled “firma_authority::revocation::RevocationEntry”Struct
An event representing the revocation of a capability token.
Fields:
token_id: firma_core::token::TokenIdreason: Stringtimestamp: chrono::DateTime<chrono::Utc>
Trait Implementations:
- Clone
fn clone(self: &Self) -> RevocationEntry
- Debug
fn fmt(self: &Self, f: & mut $crate::fmt::Formatter) -> $crate::fmt::Result
firma_authority::revocation::RevocationStore
Section titled “firma_authority::revocation::RevocationStore”Struct
In-memory revocation store with file-based ingestion.
The revocation file is the source of truth. In-memory state is always derived
from the file via [RevocationStoreWatcher], which handles reloading and
broadcasting to live subscribers.
File format: token_id\trevoked_at_rfc3339\treason\n (one entry per line).
Legacy lines containing only a bare token ID are accepted for backward
compatibility; they get Utc::now() as their revocation timestamp, which
is conservative (treats them as freshly revoked rather than potentially
expirable).
Entries whose revoked_at + token_ttl < now are considered expired: the
token would fail the expiry check in Stage 1 regardless of revocation status,
so they can be safely ignored and removed via [RevocationStore::compact_file].
Methods:
fn try_new(revocation_file: &Path, token_ttl: Duration) -> Result<Self>- Create a new revocation store, loading any existing entries from file.fn revoke(self: &Self, token_id: TokenId, reason: &str) -> Result<()>- Revoke a token by appending its ID to the revocation file.fn is_revoked(self: &Self, token_id: TokenId) -> bool- Check if a token has been revoked.fn events_since(self: &Self, since: DateTime<Utc>) -> Vec<RevocationEntry>- Get all revocation events after the given timestamp (for stream replay).fn compact_file(self: &Self) -> Result<()>- Rewrite the revocation file, dropping entries that have expired.fn watch(self: Self) -> Result<RevocationStoreWatcher>- Watch the revocation file for changes and reload automatically.
Trait Implementations:
- Clone
fn clone(self: &Self) -> RevocationStore
firma_authority::revocation::RevocationStoreWatcher
Section titled “firma_authority::revocation::RevocationStoreWatcher”Struct
Owns the file watcher and reload task for a [RevocationStore].
Dropping this handle stops the file watch and the reload task.
Methods:
fn subscribe(self: &Self) -> broadcast::Receiver<RevocationEntry>- Subscribe to new revocation events as they are ingested from the file.fn abort(self: &Self)- Abort the background reload task immediately.
Trait Implementations:
- Deref
fn deref(self: &Self) -> &<Self as >::Target