pub fn extract_signer_identity(
cms_result: &CmsVerificationResult,
) -> Result<AuthResult, KipukaError>Expand description
Convert a CMS verification result into the standard AuthResult.
This bridges CMS-based authentication into the same identity model used by mTLS, OTP, and GSSAPI handlers, allowing CMS-authenticated requests to flow through the same authorization logic.
The AuthMethod is set to Mtls because the CMS signer certificate
is functionally equivalent to a TLS client certificate — it proves
possession of the corresponding private key and chains to a trusted CA.
§Arguments
cms_result— a successfully verified CMS SignedData result.
§Errors
Returns KipukaError::Auth if the signer identity cannot be extracted
(empty subject DN).