Inputs: [broker :- Broker connection :- Connection]
Returns: shared/BrokerDatabase

Add a Connection to the ':inventory' to track the websocket and add
a corresponding change record the ':updates' vector.

Inputs: [message :- Message connection :- Connection]
Returns: s/Bool

Check if the cert name advertised by the sender of the message contained in
 the specified Message matches the cert name in the certificate of the
 given Connection

Inputs: [broker :- Broker request :- Message connection :- (s/maybe Connection)]
Returns: s/Bool

Check if the message within the specified message is authorized

Inputs: [broker :- Broker codec :- Codec]
Returns: #:s{Keyword IFn}

Forces clients to reconnect because the broker's CRL is out of date

Inputs: [broker :- Broker whitelist :- #{s/Str} client :- Client message :- Message]

Inputs: [broker :- Broker]

Inputs: [inventory :- shared/Inventory]

Inputs: [broker :- Broker uri :- s/Str controller-disconnection-ms :- s/Int client :- Client]

Return the first non-empty certificate chain encountered while scanning the
entries in the key store of the specified org.eclipse.jetty.util.ssl.SslContextFactory$Server
instance - `ssl-context-factory`.

Inputs: []
Returns: s/Str

Return the hostname of the host executing the code.

Inputs: [webserver-context :- jetty10-core/ServerContext]
Returns: (s/maybe s/Str)

Return the common name from the certificate the webserver specified by its
context - `webserver-context` - will use when establishing SSL connections
or nil if there was a problem finding out the certificate (for instance
when the webserver is not SSL enabled).

Inputs: [options :- InitOptions]
Returns: Broker

Inputs: [broker :- Broker ssl-context :- SSLContext controller-uris :- [s/Str] controller-allowlist :- #{s/Str} controller-disconnection-ms :- s/Int]
Returns: #:p{Uri Connection}

Create PCP Clients for each controller URI

Inputs: [id reason-to-deny]
Returns: p/AssociateResponse

Inputs: [message :- Message connection :- (s/maybe Connection)]
Returns: (s/maybe ring/Request)

After having slept for the grace period, if all controllers are still
disconnected and the latest disconnection timestamp matches that expected,
purge all clients.

Outcome of validate-message

If the broker service is not running, close the WebSocket connection.
Otherwise process the message. Association is assumed to be completed
on connection.

Inputs: ([broker :- Broker message :- Message connection :- Connection] [_ :- Broker request :- Message connection :- Connection reason-to-deny :- (s/maybe s/Str)])
Returns: (s/maybe Connection)

Send an associate_response that will be successful if:
  - a reason-to-deny is not specified as an argument nor determined by
    reason-to-deny-association;
  - the requester `client_type` is not `server`;
  - the specified WebSocket connection has not been associated previously.
If the request gets denied, the WebSocket connection will be closed and the
function returns nil.
Otherwise, the 'Connection' object's state will be marked as associated and
returned. Also, in case another WebSocket connection with the same client
is currently associated, such old connection will be superseded by the new
one (i.e. the old connection will be closed by the brocker).

Note that this function will not update the broker by removing the connection
from the 'inventory' map. It is assumed that such update will be done
asynchronously by the onClose handler.

Inputs: [broker :- Broker message :- Message connection :- Connection]

Process a request for inventory data.
 This function assumes that the requester client is associated.
 Returns nil.

Inputs: [broker :- Broker bytes :- (s/conditional bytes? bytes string? s/Str) ws :- Websocket]

Deserialize, validate (authentication, authorization, and expiration), and
process the specified raw message. Return the 'Connection' object associated
to the specified 'Websocket' in case it gets modified (hence the '!' in the
function name), otherwise nil.
Also, log the message validation outcome via 'pcp-access' logger.

Inputs: [broker :- Broker message :- Message connection :- Connection]
Returns: (s/maybe Connection)

Process a message directed at the middleware

Inputs: [_ :- Broker connection :- Connection as :- p/Uri]
Returns: (s/maybe s/Str)

Returns an error message describing why the session should not be
allowed, if it should be denied

Inputs: [broker :- Broker ws :- Websocket]
Returns: shared/BrokerDatabase

Remove a Connection from ':inventory' and possibly ':subscriptions' and
add a corresponding change record the ':updates' vector.

Inputs: [message :- Message]
Returns: s/Bool

Return true if message is a session association message

Inputs: [broker :- Broker]

Inputs: [broker :- Broker ssl-context :- SSLContext controller-allowlist :- #{s/Str} controller-disconnection-ms :- s/Int uri :- s/Str]

Inputs: [broker :- Broker]

Start periodic refreshing of connections using outdated crls

Inputs: [broker :- Broker level :- status-core/ServiceStatusDetailLevel]
Returns: status-core/StatusCallbackResponse

Inputs: [broker :- Broker]

Inputs: [broker :- Broker message :- Message connection :- Connection is-association-request :- s/Bool]
Returns: MessageValidationOutcome

Determine whether the specified message should be processed by checking,
 in order, if the message: 1) is an associate-request as expected during
 Session Association; 2) is authenticated; 3) is authorized; 4) does not
 use multicast delivery.

Inputs: [watcher :- (s/protocol watch/Watcher) broker :- Broker ssl-context-factory :- SslContextFactory$Server]