Web X509 compatible identity provider #199
Comments
|
Is there a reason you don't want to use the X509 identity provider from The API used below could be improved, but it creates an X509 identity provider that can be compiled to WASM with wasm-bindgen. use mls_rs_identity_x509::{SubjectIdentityExtractor, X509IdentityProvider};
use mls_rs_crypto_rustcrypto::x509::{X509Reader, X509Validator};
let provider = X509IdentityProvider::new(
SubjectIdentityExtractor::new(0, X509Reader::new()),
X509Validator::new(vec![]).unwrap(),
); |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Description of feature:
To allow real usage of the WASM builds, the library should support X509 certificates support.
Use case:
Running an MLS/CGKA client in a browser, and the application is using X.509 certificates to manage the user identities through an internal PKI. The certificate is accessed for example through the file system web api, or loaded through another mechanism.
Implementation discussion (Optional)
I saw there are traits for the identity provider. My initial plan is to implement a new crate, where I add support similarly to what is done in mls-rs-identity-x509, and use some rust crates compatible with WASM builds to perform the parsing of the certificates.
During my thesis work I have used
x509_parsercrate. I was thinking around certificates from an internal CA server, and the use case covered would be that the application has locally a copy of the CA certificate for verification of the other client identities. Any thoughts? :)The text was updated successfully, but these errors were encountered: