1919import ctypes
2020import warnings
2121from cryptography .hazmat .primitives import hashes , serialization
22- from cryptography .hazmat .primitives .asymmetric import padding
22+ from cryptography .hazmat .primitives .asymmetric import padding , ec
2323from cryptography .hazmat .backends import default_backend
2424import tempfile
2525import shutil
@@ -292,6 +292,20 @@ def setUp(self):
292292 ]
293293 }
294294
295+ # Define an example ES256 callback signer
296+ def callback_signer_es256 (data : bytes ) -> bytes :
297+ private_key = serialization .load_pem_private_key (
298+ self .key ,
299+ password = None ,
300+ backend = default_backend ()
301+ )
302+ signature = private_key .sign (
303+ data ,
304+ ec .ECDSA (hashes .SHA256 ())
305+ )
306+ return signature
307+ self .callback_signer_es256 = callback_signer_es256
308+
295309 def test_reserve_size_on_closed_signer (self ):
296310 self .signer .close ()
297311 with self .assertRaises (Error ):
@@ -769,35 +783,9 @@ def test_sign_file_callback_signer(self):
769783 # Use the sign_file method
770784 builder = Builder (self .manifestDefinition )
771785
772- # Create a real ES256 signing callback
773- def sign_callback (data : bytes ) -> bytes :
774- """Real ES256 signing callback that creates actual signatures."""
775- # Load the private key from the test fixtures
776- with open (os .path .join (self .data_dir , "es256_private.key" ), "rb" ) as key_file :
777- private_key_data = key_file .read ()
778-
779- # Load the private key using cryptography
780- private_key = serialization .load_pem_private_key (
781- private_key_data ,
782- password = None ,
783- backend = default_backend ()
784- )
785-
786- # Create the signature using ES256 (ECDSA with SHA-256)
787- # For ECDSA, we use the signature_algorithm_constructor
788- from cryptography .hazmat .primitives import hashes
789- from cryptography .hazmat .primitives .asymmetric import ec
790-
791- signature = private_key .sign (
792- data ,
793- ec .ECDSA (hashes .SHA256 ())
794- )
795-
796- return signature
797-
798786 # Create signer with callback
799787 signer = create_signer (
800- callback = sign_callback ,
788+ callback = self . callback_signer_es256 ,
801789 alg = SigningAlg .ES256 ,
802790 certs = self .certs .decode ('utf-8' ),
803791 tsa_url = "http://timestamp.digicert.com"
@@ -839,35 +827,9 @@ def test_sign_file_callback_signer_from_callback(self):
839827 # Use the sign_file method
840828 builder = Builder (self .manifestDefinition )
841829
842- # Create a real ES256 signing callback
843- def sign_callback (data : bytes ) -> bytes :
844- """Real ES256 signing callback that creates actual signatures."""
845- # Load the private key from the test fixtures
846- with open (os .path .join (self .data_dir , "es256_private.key" ), "rb" ) as key_file :
847- private_key_data = key_file .read ()
848-
849- # Load the private key using cryptography
850- private_key = serialization .load_pem_private_key (
851- private_key_data ,
852- password = None ,
853- backend = default_backend ()
854- )
855-
856- # Create the signature using ES256 (ECDSA with SHA-256)
857- # For ECDSA, we use the signature_algorithm_constructor
858- from cryptography .hazmat .primitives import hashes
859- from cryptography .hazmat .primitives .asymmetric import ec
860-
861- signature = private_key .sign (
862- data ,
863- ec .ECDSA (hashes .SHA256 ())
864- )
865-
866- return signature
867-
868830 # Create signer with callback using Signer.from_callback
869831 signer = Signer .from_callback (
870- callback = sign_callback ,
832+ callback = self . callback_signer_es256 ,
871833 alg = SigningAlg .ES256 ,
872834 certs = self .certs .decode ('utf-8' ),
873835 tsa_url = "http://timestamp.digicert.com"
@@ -906,34 +868,9 @@ def test_sign_file_using_callback_signer(self):
906868 # Create a temporary output file path
907869 output_path = os .path .join (temp_dir , "signed_output_callback.jpg" )
908870
909- # Create a real ES256 signing callback
910- def sign_callback (data : bytes ) -> bytes :
911- """Real ES256 signing callback that creates actual signatures."""
912- # Load the private key from the test fixtures
913- with open (os .path .join (self .data_dir , "es256_private.key" ), "rb" ) as key_file :
914- private_key_data = key_file .read ()
915-
916- # Load the private key using cryptography
917- private_key = serialization .load_pem_private_key (
918- private_key_data ,
919- password = None ,
920- backend = default_backend ()
921- )
922-
923- # Create the signature using ES256 (ECDSA with SHA-256)
924- from cryptography .hazmat .primitives import hashes
925- from cryptography .hazmat .primitives .asymmetric import ec
926-
927- signature = private_key .sign (
928- data ,
929- ec .ECDSA (hashes .SHA256 ())
930- )
931-
932- return signature
933-
934871 # Create signer with callback
935872 signer = Signer .from_callback (
936- callback = sign_callback ,
873+ callback = self . callback_signer_es256 ,
937874 alg = SigningAlg .ES256 ,
938875 certs = self .certs .decode ('utf-8' ),
939876 tsa_url = "http://timestamp.digicert.com"
@@ -995,7 +932,7 @@ def test_sign_file_overloads(self):
995932 try :
996933 # Test with C2paSignerInfo
997934 output_path_1 = os .path .join (temp_dir , "signed_output_1.jpg" )
998-
935+
999936 # Load test certificates and key
1000937 with open (os .path .join (self .data_dir , "es256_certs.pem" ), "rb" ) as cert_file :
1001938 certs = cert_file .read ()
@@ -1018,7 +955,7 @@ def test_sign_file_overloads(self):
1018955 signer_info ,
1019956 False
1020957 )
1021-
958+
1022959 self .assertIsInstance (result_1 , str )
1023960 self .assertTrue (os .path .exists (output_path_1 ))
1024961
@@ -1031,16 +968,16 @@ def test_sign_file_overloads(self):
1031968 signer_info ,
1032969 True
1033970 )
1034-
971+
1035972 self .assertIsInstance (result_1_bytes , bytes )
1036973 self .assertTrue (os .path .exists (output_path_1_bytes ))
1037974
1038975 # Test with Signer object
1039976 output_path_2 = os .path .join (temp_dir , "signed_output_2.jpg" )
1040-
977+
1041978 # Create a signer from the signer info
1042979 signer = Signer .from_info (signer_info )
1043-
980+
1044981 # Test with Signer parameter - JSON return
1045982 result_2 = sign_file (
1046983 self .testPath ,
@@ -1049,7 +986,7 @@ def test_sign_file_overloads(self):
1049986 signer ,
1050987 False
1051988 )
1052-
989+
1053990 self .assertIsInstance (result_2 , str )
1054991 self .assertTrue (os .path .exists (output_path_2 ))
1055992
@@ -1062,14 +999,14 @@ def test_sign_file_overloads(self):
1062999 signer ,
10631000 True
10641001 )
1065-
1002+
10661003 self .assertIsInstance (result_2_bytes , bytes )
10671004 self .assertTrue (os .path .exists (output_path_2_bytes ))
1068-
1005+
10691006 # Both JSON results should be similar (same manifest structure)
10701007 manifest_1 = json .loads (result_1 )
10711008 manifest_2 = json .loads (result_2 )
1072-
1009+
10731010 self .assertIn ("manifests" , manifest_1 )
10741011 self .assertIn ("manifests" , manifest_2 )
10751012 self .assertIn ("active_manifest" , manifest_1 )
@@ -1239,11 +1176,10 @@ def setUp(self):
12391176 def tearDown (self ):
12401177 """Clean up temporary files after each test."""
12411178 if os .path .exists (self .temp_data_dir ):
1242- import shutil
12431179 shutil .rmtree (self .temp_data_dir )
12441180
12451181 def test_invalid_settings_str (self ):
1246- """Test loading a malformed settings string."""
1182+ """Test loading a malformed settings string."""
12471183 with self .assertRaises (Error ):
12481184 load_settings (r'{"verify": { "remote_manifest_fetch": false }' )
12491185
0 commit comments