Merge branch 'main' into img_parts_underflow_fix

cli/Cargo.toml

@@ -27,6 +27,7 @@ c2pa = { path = "../sdk", version = "0.40.0", features = [
 	"pdf",
 	"unstable_api",
 ] }
+c2pa-crypto = { path = "../internal/crypto", version = "0.2.0" }
 clap = { version = "4.5.10", features = ["derive", "env"] }
 env_logger = "0.11.4"
 glob = "0.3.1"

cli/src/callback_signer.rs

@@ -18,6 +18,10 @@ use std::{
 
 use anyhow::{bail, Context};
 use c2pa::{Error, Signer, SigningAlg};
+use c2pa_crypto::{
+    raw_signature::{RawSigner, RawSignerError},
+    time_stamp::TimeStampProvider,
+};
 
 use crate::signer::SignConfig;
 
@@ -183,6 +187,53 @@ impl Signer for CallbackSigner<'_> {
     fn time_authority_url(&self) -> Option<String> {
         self.config.tsa_url.clone()
     }
+
+    fn raw_signer(&self) -> Box<&dyn RawSigner> {
+        Box::new(self)
+    }
+}
+
+impl RawSigner for CallbackSigner<'_> {
+    fn sign(&self, data: &[u8]) -> Result<Vec<u8>, RawSignerError> {
+        self.callback.sign(data).map_err(|e| {
+            eprintln!("Unable to embed signature into asset. {}", e);
+            RawSignerError::InternalError(e.to_string())
+        })
+    }
+
+    fn alg(&self) -> SigningAlg {
+        self.config.alg
+    }
+
+    fn cert_chain(&self) -> Result<Vec<Vec<u8>>, RawSignerError> {
+        let cert_contents = std::fs::read(&self.config.sign_cert_path)?;
+
+        let mut pems = pem::parse_many(cert_contents).map_err(|_| Error::CoseInvalidCert)?;
+        // [pem::parse_many] returns an empty vector if you supply invalid contents, like json, for example.
+        // Check here if the pems vector is empty.
+        if pems.is_empty() {
+            return Err(RawSignerError::InvalidSigningCredentials(
+                "no certificates provided".to_string(),
+            ));
+        }
+
+        let sign_cert = pems
+            .drain(..)
+            .map(|p| p.into_contents())
+            .collect::<Vec<Vec<u8>>>();
+
+        Ok(sign_cert)
+    }
+
+    fn reserve_size(&self) -> usize {
+        self.config.reserve_size
+    }
+}
+
+impl TimeStampProvider for CallbackSigner<'_> {
+    fn time_stamp_service_url(&self) -> Option<String> {
+        self.config.tsa_url.clone()
+    }
 }
 
 #[cfg(test)]
@@ -214,7 +265,7 @@ mod test {
         let callback = Box::new(mock_callback_signer);
         let signer = CallbackSigner::new(callback, config);
 
-        assert_eq!(signer.sign(&[]).unwrap(), expected);
+        assert_eq!(Signer::sign(&signer, &[]).unwrap(), expected);
     }
 
     #[test]
@@ -237,7 +288,10 @@ mod test {
         let callback = Box::new(mock_callback_signer);
         let signer = CallbackSigner::new(callback, config);
 
-        assert!(matches!(signer.sign(&[]), Err(Error::EmbeddingError)));
+        assert!(matches!(
+            Signer::sign(&signer, &[]),
+            Err(Error::EmbeddingError)
+        ));
     }
 
     #[test]
@@ -291,8 +345,8 @@ mod test {
         let callback = Box::<MockSignCallback>::default();
         let signer = CallbackSigner::new(callback, esc);
 
-        assert_eq!(signer.alg(), expected_alg);
-        assert_eq!(signer.reserve_size(), expected_reserve_size);
+        assert_eq!(Signer::alg(&signer), expected_alg);
+        assert_eq!(Signer::reserve_size(&signer), expected_reserve_size);
     }
 
     #[test]

internal/crypto/src/asn1/rfc3161.rs

@@ -24,11 +24,6 @@ use crate::asn1::{rfc4210::PkiFreeText, rfc5652::ContentInfo};
 /// 1.2.840.113549.1.9.16.1.4
 pub const OID_CONTENT_TYPE_TST_INFO: ConstOid = Oid(&[42, 134, 72, 134, 247, 13, 1, 9, 16, 1, 4]);
 
-/// id-aa-timeStampToken
-///
-/// 1.2.840.113549.1.9.16.2.14
-pub const OID_TIME_STAMP_TOKEN: ConstOid = Oid(&[42, 134, 72, 134, 247, 13, 1, 9, 16, 2, 14]);
-
 /// A time-stamp request.
 ///
 /// ```ASN.1
@@ -53,6 +48,7 @@ pub struct TimeStampReq {
 }
 
 impl TimeStampReq {
+    #[allow(dead_code)] // not used on all platforms
     pub fn take_from<S: Source>(cons: &mut Constructed<S>) -> Result<Self, DecodeError<S::Error>> {
         cons.take_sequence(|cons| {
             let version = Integer::take_from(cons)?;
@@ -149,17 +145,6 @@ impl TimeStampResp {
             })
         })
     }
-
-    pub fn encode_ref(&self) -> impl Values + '_ {
-        encode::sequence((
-            self.status.encode_ref(),
-            if let Some(time_stamp_token) = &self.time_stamp_token {
-                Some(time_stamp_token)
-            } else {
-                None
-            },
-        ))
-    }
 }
 
 /// PKI status info
@@ -191,16 +176,6 @@ impl PkiStatusInfo {
             })
         })
     }
-
-    pub fn encode_ref(&self) -> impl Values + '_ {
-        encode::sequence((
-            self.status.encode(),
-            self.status_string
-                .as_ref()
-                .map(|status_string| status_string.encode_ref()),
-            self.fail_info.as_ref().map(|fail_info| fail_info.encode()),
-        ))
-    }
 }
 
 /// PKI status.

internal/crypto/src/asn1/rfc3281.rs

@@ -79,6 +79,7 @@ impl AttributeCertificateInfo {
 }
 
 #[derive(Clone, Copy, Debug, Eq, PartialEq)]
+#[allow(unused)]
 pub enum AttCertVersion {
     V2 = 1,
 }
@@ -104,6 +105,7 @@ pub struct Holder {
 }
 
 #[derive(Clone, Debug, Eq, PartialEq)]
+#[allow(unused)]
 pub enum DigestedObjectType {
     PublicKey = 0,
     PublicKeyCert = 1,
@@ -142,6 +144,7 @@ pub struct ObjectDigestInfo {
 /// }
 /// ```
 #[derive(Clone, Debug, Eq, PartialEq)]
+#[allow(unused)]
 pub enum AttCertIssuer {
     V1Form(GeneralNames),
     V2Form(Box<V2Form>),

internal/crypto/src/asn1/rfc4210.rs

@@ -8,7 +8,6 @@
 
 use bcder::{
     decode::{Constructed, DecodeError, Source},
-    encode::{self, Values},
     Tag, Utf8String,
 };
 
@@ -27,10 +26,6 @@ impl PkiFreeText {
         cons.take_opt_sequence(|cons| Self::from_sequence(cons))
     }
 
-    pub fn take_from<S: Source>(cons: &mut Constructed<S>) -> Result<Self, DecodeError<S::Error>> {
-        cons.take_sequence(|cons| Self::from_sequence(cons))
-    }
-
     pub fn from_sequence<S: Source>(
         cons: &mut Constructed<S>,
     ) -> Result<Self, DecodeError<S::Error>> {
@@ -44,8 +39,4 @@ impl PkiFreeText {
 
         Ok(Self(res))
     }
-
-    pub fn encode_ref(&self) -> impl Values + '_ {
-        encode::sequence(encode::slice(&self.0, |x| x.clone().encode()))
-    }
 }