fix: Retry Identity Workflow

Author: cdmurph32

js-src/Builder.ts

@@ -12,13 +12,13 @@
 // each license.
 
 const neon = require("./index.node");
-import { IdentityAssertionSigner } from "./IdentityAssertion";
 import type {
   BuilderInterface,
   CallbackSignerInterface,
   ClaimVersion,
   DestinationAsset,
   FileAsset,
+  IdentityAssertionSignerInterface,
   JsCallbackSignerConfig,
   LocalSignerInterface,
   ManifestAssertionKind,
@@ -142,7 +142,7 @@ export class Builder implements BuilderInterface {
   }
 
   async signAsync(
-    signer: CallbackSignerInterface,
+    signer: CallbackSignerInterface | IdentityAssertionSignerInterface,
     input: SourceAsset,
     output: DestinationAsset,
   ): Promise<Buffer> {
@@ -167,32 +167,6 @@ export class Builder implements BuilderInterface {
       });
   }
 
-  async identitySignAsync(
-    signer: IdentityAssertionSigner,
-    input: SourceAsset,
-    output: DestinationAsset,
-  ): Promise<Buffer> {
-    return neon.builderIdentitySignAsync
-      .call(this.builder, signer.signer(), input, output)
-      .then((result: Buffer | { manifest: Buffer; signedAsset: Buffer }) => {
-        // output is a buffer and result is the manifest and the signed asset.
-        if ("buffer" in output) {
-          if ("signedAsset" in result && "manifest" in result) {
-            output.buffer = result.signedAsset;
-            return result.manifest;
-          } else {
-            throw new Error("Unexpected result for DestinationBuffer");
-          }
-        } else {
-          // output is a file and result is the bytes of the manifest.
-          return result as Buffer;
-        }
-      })
-      .catch((error: Error) => {
-        throw error;
-      });
-  }
-
   getManifestDefinition(): Manifest {
     return JSON.parse(neon.builderManifestDefinition.call(this.builder));
   }

js-src/IdentityAssertion.spec.ts

@@ -19,6 +19,7 @@ import { Builder } from "./Builder";
 import {
   IdentityAssertionBuilder,
   IdentityAssertionSigner,
+  CallbackCredentialHolder,
 } from "./IdentityAssertion";
 import type {
   JsCallbackSignerConfig,
@@ -29,7 +30,6 @@ import type { Manifest } from "@contentauth/c2pa-types";
 import * as fs from "fs-extra";
 import * as crypto from "crypto";
 
-// TODO: move to a separate test file
 class TestSigner {
   private privateKey: crypto.KeyObject;
 
@@ -123,17 +123,7 @@ describe("IdentityAssertionBuilder", () => {
       tsaUrl: undefined,
       tsaHeaders: undefined,
       tsaBody: undefined,
-      directCoseHandling: false,
-    };
-
-    const cawgConfig: JsCallbackSignerConfig = {
-      alg: "ed25519" as SigningAlg,
-      certs: [cawgPublicKey],
-      reserveSize: 10000,
-      tsaUrl: undefined,
-      tsaHeaders: undefined,
-      tsaBody: undefined,
-      directCoseHandling: false,
+      directCoseHandling: true,
     };
 
     // Create signers
@@ -143,8 +133,9 @@ describe("IdentityAssertionBuilder", () => {
       c2paConfig,
       c2paTestSigner.sign,
     );
-    const cawgSigner = CallbackSigner.newSigner(
-      cawgConfig,
+    const cawgSigner = CallbackCredentialHolder.newCallbackCredentialHolder(
+      10000,
+      "cawg.x509.cose",
       cawgTestSigner.sign,
     );
 
@@ -179,7 +170,7 @@ describe("IdentityAssertionBuilder", () => {
     iaSigner.addIdentityAssertion(iab);
 
     // Sign the manifest (standard async flow)
-    await builder.signAsync(iaSigner, source, dest);
+    await builder.signAsync(iaSigner.signer(), source, dest);
 
     // Verify the manifest
     const reader = await Reader.fromAsset({

js-src/IdentityAssertion.ts

@@ -13,9 +13,11 @@
 
 const neon = require("./index.node");
 import type {
+  CallbackCredentialHolderInterface,
   CallbackSignerInterface,
   IdentityAssertionBuilderInterface,
   IdentityAssertionSignerInterface,
+  SignerPayload,
 } from "./types";
 
 export class IdentityAssertionBuilder
@@ -24,7 +26,7 @@ export class IdentityAssertionBuilder
   constructor(private _builder: IdentityAssertionBuilderInterface) {}
 
   static async identityBuilderForCredentialHolder(
-    credentialHolder: CallbackSignerInterface,
+    credentialHolder: CallbackCredentialHolderInterface,
   ): Promise<IdentityAssertionBuilder> {
     const builder = neon.identityBuilderForCredentialHolder(
       credentialHolder.signer(),
@@ -71,3 +73,47 @@ export class IdentityAssertionSigner
     return this._signer;
   }
 }
+
+export class CallbackCredentialHolder
+  implements CallbackCredentialHolderInterface
+{
+  constructor(
+    private callbackCredentialHolder: CallbackCredentialHolderInterface,
+  ) {}
+
+  signer(): CallbackCredentialHolderInterface {
+    return this.callbackCredentialHolder;
+  }
+
+  static newCallbackCredentialHolder(
+    reserveSize: number,
+    sigType: string,
+    callback: (signerPayload: SignerPayload) => Promise<Buffer>,
+  ) {
+    const credentialHolder = neon.newCallbackCredentialHolder(
+      reserveSize,
+      sigType,
+      callback,
+    );
+    return new CallbackCredentialHolder(credentialHolder);
+  }
+
+  async sign(payload: SignerPayload): Promise<Buffer> {
+    return neon.callbackSignerSignPayload.call(
+      this.callbackCredentialHolder,
+      payload,
+    );
+  }
+
+  reserveSize(): number {
+    return neon.callbackCredentialHolderReserveSize.call(
+      this.callbackCredentialHolder,
+    );
+  }
+
+  sigType(): string {
+    return neon.callbackCredentialHolderSigType.call(
+      this.callbackCredentialHolder,
+    );
+  }
+}

js-src/Signer.ts

@@ -14,10 +14,8 @@
 const neon = require("./index.node");
 import type {
   CallbackSignerInterface,
-  CallbackCredentialHolderInterface,
   JsCallbackSignerConfig,
   LocalSignerInterface,
-  SignerPayload,
   SigningAlg,
 } from "./types";
 
@@ -101,40 +99,3 @@ export class CallbackSigner implements CallbackSignerInterface {
     return neon.callbackSignerTimeAuthorityUrl.call(this.callbackSigner);
   }
 }
-
-export class CallbackCredentialHolder
-  implements CallbackCredentialHolderInterface
-{
-  constructor(
-    private callbackCredentialHolder: CallbackSignerInterface,
-  ) {}
-
-  signer(): CallbackSignerInterface {
-    return this.callbackCredentialHolder;
-  }
-
-  static newSigner(
-    config: JsCallbackSignerConfig,
-    callback: (data: Buffer) => Promise<Buffer>,
-  ) {
-    // Convert the config object to a JsBox<CallbackSignerConfig>
-    const configBox = neon.callbackSignerConfigFromJs(config);
-    const signer = neon.callbackSignerFromConfig(configBox, callback);
-    return new CallbackCredentialHolder(signer);
-  }
-
-  async sign(payload: SignerPayload): Promise<Buffer> {
-    return neon.callbackSignerSignPayload.call(
-      this.callbackCredentialHolder,
-      payload,
-    );
-  }
-
-  reserveSize(): number {
-    return neon.callbackSignerReserveSize.call(this.callbackCredentialHolder);
-  }
-
-  sigType(): string {
-    return "cawg.x509.cose";
-  }
-}

js-src/index.node.d.ts

@@ -131,12 +131,19 @@ declare module "index.node" {
     identityAssertionBuilder: IdentityAssertionBuilderInterface,
   ): void;
   export function identityBuilderForCredentialHolder(
-    credentialHolder: CallbackSignerInterface,
+    credentialHolder: CallbackCredentialHolderInterface,
   ): IdentityAssertionBuilderInterface;
   export function identityBuilderAddReferencedAssertions(
-    referenced_assertions: Array<string>,
+    referencedAssertions: Array<string>,
   ): void;
   export function identityBuilderAddRoles(roles: Array<string>): void;
+  export function newCallbackCredentialHolder(
+    reserveSize: number,
+    sigType: string,
+    callback: (signerPayload: SignerPayload) => Promise<Buffer>,
+  ): CallbackCredentialHolderInterface;
+  export function callbackCredentialHolderReserveSize(): number;
+  export function callbackCredentialHolderSigType(): string;
 
   // Trustmark
   export function trustmarkNew(

js-src/types.d.ts

@@ -125,7 +125,7 @@ export interface CallbackCredentialHolderInterface {
   sigType(): string;
   reserveSize(): number;
   sign(payload: SignerPayload): Promise<Buffer>;
-  signer(): CallbackSignerInterface;
+  signer(): CallbackCredentialHolderInterface;
 }
 
 /**
@@ -310,6 +310,8 @@ export interface IdentityAssertionSignerInterface {
   addIdentityAssertion(
     identityAssertionBuilder: IdentityAssertionBuilderInterface,
   ): void;
+
+  signer(): IdentityAssertionSignerInterface;
 }
 
 export interface IdentityAssertionBuilderInterface {

src/lib.rs

@@ -20,6 +20,7 @@ mod settings;
 mod utils;
 
 pub mod neon_builder;
+pub mod neon_credential_holder;
 pub mod neon_identity_assertion_builder;
 pub mod neon_identity_assertion_signer;
 pub mod neon_reader;
@@ -152,6 +153,10 @@ fn main(mut cx: ModuleContext) -> NeonResult<()> {
         "identityBuilderAddRoles",
         neon_identity_assertion_builder::NeonIdentityAssertionBuilder::add_roles,
     )?;
+    cx.export_function(
+        "callbackCredentialHolderFromConfig",
+        neon_credential_holder::NeonCallbackCredentialHolder::from_js,
+    )?;
 
     // Trustmark
     cx.export_function(