Skip to content

Comments

feat(cawg): Implement remote signing for X509CredentialHolder#1865

Draft
BadrTad wants to merge 7 commits intocontentauth:mainfrom
Security4Media:feat/cawg-remote-signing
Draft

feat(cawg): Implement remote signing for X509CredentialHolder#1865
BadrTad wants to merge 7 commits intocontentauth:mainfrom
Security4Media:feat/cawg-remote-signing

Conversation

@BadrTad
Copy link

@BadrTad BadrTad commented Feb 18, 2026

Changes in this pull request

This PR implements CAWG remote signing (as requested in #1777 ) by introducing a new type raw_signer:: RemoteRawSigner

The feature could be tested by enabling the "remote_signing" feature during compilation. and remote signers created with this new method create_signer::from_remote_url

The remote_signing is supported only for openssl crypto provider.

The code snippet that converts X509 certificates from PEM to DER in raw_signature::openssl crate was also refactored as a macro under raw_signature::openssl::cert_chain::cert_chain_to_der!

The remote signer could be created by providing a setting configuration to Context struct or by instantiating X509CredentialHolder from a openssl::signers::remote_signer::RemoteRawSigner.

Tests use the httpmock crate to create mock servers that responds with valid signature using a (local) signer instantiated with create_signer::from_keys.

Checklist

  • This PR represents a single feature, fix, or change.
  • All applicable changes have been documented.
  • Any TO DO items (or similar) have been entered as GitHub issues and the link to that issue has been included in a comment.

@BadrTad BadrTad force-pushed the feat/cawg-remote-signing branch from 496acb6 to fa6bec5 Compare February 19, 2026 15:40
use openssl::x509::X509;

/// Macro for converting X509 certificate stack to DER format
macro_rules! cert_chain_to_der {
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If possible, can we do this with a function rather than a macro?

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Most definitely, on second thought this should indeed be a function. Thanks

Copy link
Collaborator

@scouten-adobe scouten-adobe left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm leaving on vacation shortly and won't have time to do a full review before I go. I've asked @gpeacock to review it hopefully next week.

… of impl functions with RawSigner trait definition
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants