pub trait CaSigner: Send + Sync {
// Required methods
fn issuer(&self) -> &Certificate;
fn make_key_pair(&self) -> Result<KeyPair>;
}Expand description
CA signer abstraction over file-backed + TPM-backed paths. issuer()
caches the cert at construction; make_key_pair() produces a fresh signer
per issuance so operator key rotations apply without restart.