feat: Allow C2PA to perform COSE signing if desired (#21)

* feat: Allow C2PA to perform COSE signing if desired

Implement AsyncRawSigner so that the rust SDK will handle COSE signing
if `directCoseHandling` is true.

https://github.com/contentauth/c2pa-rs/blob/2ffde3d1321aedef6ee0632b06453b74da370940/sdk/src/cose_sign.rs#L145

Author: cdmurph32

.changeset/chilly-carrots-marry.md

@@ -0,0 +1,5 @@
+---
+"@contentauth/c2pa-node": minor
+---
+
+Implement AsyncRawSigner so that the rust SDK will handle COSE signing if directCoseHandling is true.

js-src/Signer.spec.ts

@@ -15,7 +15,10 @@ import * as fs from "fs-extra";
 import * as crypto from "crypto";
 
 import { CallbackSigner } from "./Signer.js";
+import { Builder } from "./Builder.js";
+import { Reader } from "./Reader.js";
 import type { JsCallbackSignerConfig, SigningAlg } from "./types.d.ts";
+import type { Manifest } from "@contentauth/c2pa-types";
 
 class TestSigner {
   private privateKey: crypto.KeyObject;
@@ -106,4 +109,75 @@ describe("CallbackSigner", () => {
     const signer = CallbackSigner.newSigner(config, async (data) => data);
     expect(signer.timeAuthorityUrl()).toBeUndefined();
   });
+
+  it("should create valid COSE signature with buffer output", async () => {
+    const testSigner = new TestSigner(
+      await fs.readFile("./tests/fixtures/certs/es256.pem"),
+    );
+
+    const createRawSignatureCallback = () => {
+      return async (data: Buffer): Promise<Buffer> => {
+        // For directCoseHandling: false, return raw signature data
+        // The c2pa SDK will handle COSE wrapping internally
+        return await testSigner.sign(data);
+      };
+    };
+
+    // Create a simple manifest
+    const manifestDefinition: Manifest = {
+      vendor: "test",
+      claim_generator: "test-generator",
+      claim_generator_info: [
+        {
+          name: "c2pa_test",
+          version: "1.0.0",
+        },
+      ],
+      title: "Test_Manifest_Buffer",
+      format: "image/jpeg",
+      instance_id: "5678",
+      assertions: [
+        {
+          label: "org.test.assertion",
+          data: { message: "Buffer test with directCoseHandling: false" },
+        },
+      ],
+      resources: { resources: {} },
+    };
+
+    const builder = Builder.withJson(manifestDefinition);
+    const source = {
+      buffer: await fs.readFile("./tests/fixtures/CA.jpg"),
+      mimeType: "image/jpeg",
+    };
+
+    const config: JsCallbackSignerConfig = {
+      alg: "es256" as SigningAlg,
+      certs: [fs.readFileSync("./tests/fixtures/certs/es256.pub")],
+      reserveSize: 10000,
+      tsaUrl: undefined,
+      directCoseHandling: false,
+    };
+
+    const callback = createRawSignatureCallback();
+    const signer = CallbackSigner.newSigner(config, callback);
+
+    // Sign the manifest to buffer
+    const dest = { buffer: null };
+    await builder.signAsync(signer, source, dest);
+
+    // Read the signed manifest back and verify signature is valid
+    const reader = await Reader.fromAsset({
+      // eslint-disable-next-line @typescript-eslint/no-non-null-assertion
+      buffer: dest.buffer! as Buffer,
+      mimeType: "image/jpeg",
+    });
+    const manifestStore = reader.json();
+    const activeManifest = reader.getActive();
+
+    // If validation_status is undefined, the signature is valid
+    expect(manifestStore.validation_status).toBeUndefined();
+    expect(manifestStore.active_manifest).not.toBeUndefined();
+    expect(activeManifest?.title).toBe("Test_Manifest_Buffer");
+  });
 });

js-src/Signer.ts

@@ -105,4 +105,10 @@ export class CallbackSigner implements CallbackSignerInterface {
       this.callbackSigner,
     );
   }
+
+  directCoseHandling(): boolean {
+    return getNeonBinary().callbackSignerDirectCoseHandling.call(
+      this.callbackSigner,
+    );
+  }
 }

js-src/types.d.ts

@@ -118,6 +118,7 @@ export interface CallbackSignerInterface {
   certs(): Array<Buffer>;
   reserveSize(): number;
   timeAuthorityUrl(): string | undefined;
+  directCoseHandling(): boolean;
   signer(): NeonCallbackSignerHandle;
 }
 
@@ -153,10 +154,8 @@ export interface JsCallbackSignerConfig {
   tsaUrl?: string;
   tsaHeaders?: Array<[string, string]>;
   tsaBody?: Buffer;
-  // TODO: directCoseHandling is currently not implemented in the signing logic.
-  // The field is read from config but the actual signing implementation does not
-  // differentiate between directCoseHandling: true/false - both cases pass the
-  // same data to the JavaScript callback regardless of this setting.
+  // When true, the callback function should return fully-formed COSE data.
+  // When false, the callback function should return raw signature data and the c2pa SDK will handle COSE wrapping.
   directCoseHandling: boolean;
 }
 

src/lib.rs

@@ -131,6 +131,10 @@ fn main(mut cx: ModuleContext) -> NeonResult<()> {
         "callbackSignerTimeAuthorityUrl",
         neon_signer::NeonCallbackSigner::time_authority_url,
     )?;
+    cx.export_function(
+        "callbackSignerDirectCoseHandling",
+        neon_signer::NeonCallbackSigner::direct_cose_handling,
+    )?;
 
     // Identity Assertions
     cx.export_function(

src/neon_signer.rs

@@ -201,6 +201,11 @@ impl NeonCallbackSigner {
         }
     }
 
+    pub fn direct_cose_handling(mut cx: FunctionContext) -> JsResult<JsBoolean> {
+        let this = cx.this::<JsBox<Self>>()?;
+        Ok(cx.boolean(this.config.direct_cose_handling))
+    }
+
     pub fn sign(mut cx: FunctionContext) -> JsResult<JsPromise> {
         let rt = runtime();
         let this = cx.this::<JsBox<Self>>()?;
@@ -321,12 +326,16 @@ impl AsyncSigner for NeonCallbackSigner {
     }
 
     fn direct_cose_handling(&self) -> bool {
-        // TODO: The direct_cose_handling field is currently not used in the signing logic.
-        // The field is read from config and exposed via this getter, but the actual signing
-        // implementation does not differentiate between directCoseHandling: true/false.
-        // Both cases pass the same data to the JavaScript callback regardless of this setting.
         self.config.direct_cose_handling
     }
+
+    fn async_raw_signer(&self) -> Option<Box<&dyn AsyncRawSigner>> {
+        if self.config.direct_cose_handling {
+            None
+        } else {
+            Some(Box::new(self))
+        }
+    }
 }
 
 impl TimeStampProvider for NeonCallbackSigner {