Trait mls_rs::IdentityProvider

pub trait IdentityProvider: Send + Sync {
    type Error: IntoAnyError;

    // Required methods
    fn validate_member(
        &self,
        signing_identity: &SigningIdentity,
        timestamp: Option<MlsTime>,
        extensions: Option<&ExtensionList>,
    ) -> Result<(), Self::Error>;
    fn validate_external_sender(
        &self,
        signing_identity: &SigningIdentity,
        timestamp: Option<MlsTime>,
        extensions: Option<&ExtensionList>,
    ) -> Result<(), Self::Error>;
    fn identity(
        &self,
        signing_identity: &SigningIdentity,
        extensions: &ExtensionList,
    ) -> Result<Vec<u8>, Self::Error>;
    fn valid_successor(
        &self,
        predecessor: &SigningIdentity,
        successor: &SigningIdentity,
        extensions: &ExtensionList,
    ) -> Result<bool, Self::Error>;
    fn supported_types(&self) -> Vec<CredentialType>;
}

Identity system that can be used to validate a SigningIdentity

Required Associated Types

type Error: IntoAnyError

Error type that this provider returns on internal failure.

Required Methods

fn validate_member( &self, signing_identity: &SigningIdentity, timestamp: Option<MlsTime>, extensions: Option<&ExtensionList>, ) -> Result<(), Self::Error>

Determine if signing_identity is valid for a group member.

A timestamp value can optionally be supplied to aid with validation of a Credential that requires time based context. For example, X.509 certificates can become expired.

fn validate_external_sender( &self, signing_identity: &SigningIdentity, timestamp: Option<MlsTime>, extensions: Option<&ExtensionList>, ) -> Result<(), Self::Error>

Determine if signing_identity is valid for an external sender in the ExternalSendersExtension stored in the group context.

A timestamp value can optionally be supplied to aid with validation of a Credential that requires time based context. For example, X.509 certificates can become expired.

fn identity( &self, signing_identity: &SigningIdentity, extensions: &ExtensionList, ) -> Result<Vec<u8>, Self::Error>

A unique identifier for signing_identity.

The MLS protocol requires that each member of a group has a unique set of identifiers according to the application.

fn valid_successor( &self, predecessor: &SigningIdentity, successor: &SigningIdentity, extensions: &ExtensionList, ) -> Result<bool, Self::Error>

Determines if successor can remove predecessor as part of an external commit.

The MLS protocol allows for removal of an existing member when adding a new member via external commit. This function determines if a removal should be allowed by providing the target member to be removed as predecessor and the new member as successor.

fn supported_types(&self) -> Vec<CredentialType>

Credential types that are supported by this provider.

Implementors

impl IdentityProvider for BasicIdentityProvider

type Error = BasicIdentityProviderError

impl<IE, V> IdentityProvider for X509IdentityProvider<IE, V>

where IE: X509IdentityExtractor + Send + Sync, V: X509CredentialValidator + Send + Sync,

type Error = X509IdentityError