craigjohnwright
commented
7 months ago Hello lovely people 👋
The BBC are currently prototyping a version of the web validator that also verifies that claims were signed by a pre-approved list of signers (to represent indirect trust by the BBC). For that we also need access to the certificate chain via WASM/c2pa-js. I think this will already be covered by this work but to make it more explicit: In addition to dump_cert_chain; could you also plumb through cert_chain and cert_chain_from_bytes?
As it stands, there is no way to inspect a manifest's certificate chain with the JavaScript SDK. The underlying rust library has a ManifestStore::dump_cert_chain method that exposes this functionality, it just needs to be lined in through the WebAssembly/JavaScript layer.