1) Dynamically choose a client cert + private key
2) Issue signatures without direct access to private key pem
Reason 2 is personally why I implemented this. We generate our keypairs inside AWS KMS which does not allow for retrieving the private key -- we can only call into AWS KMS to perform a sign()
Resolves # (issue) N/A
How Has This Been Tested?
I've pulled my fork into our own internal codebase and tested this by integrating it into our own push notification flow. Got push notifications successfully sending to my device!
* Writing a unit test is fairly difficult here, so please let me know if you'd like me to add to examples/certificate_client.rs
Description
N.B.: This PR is based on top of https://github.com/WalletConnect/a2/pull/90
This PR exists a way to use rustls's
ConfigBuilder::with_client_cert_resolver
for client auth. This allows us to do two things:1) Dynamically choose a client cert + private key 2) Issue signatures without direct access to private key pem
Reason 2 is personally why I implemented this. We generate our keypairs inside AWS KMS which does not allow for retrieving the private key -- we can only call into AWS KMS to perform a
sign()
Resolves # (issue) N/A
How Has This Been Tested?
I've pulled my fork into our own internal codebase and tested this by integrating it into our own push notification flow. Got push notifications successfully sending to my device!
*
Writing a unit test is fairly difficult here, so please let me know if you'd like me to add toexamples/certificate_client.rs
Due Dilligence