Add Callback signer and ingredient support

remove v1 apis
build with minimal c2pa-rs features (only openssl)

Author: gpeacock

Cargo.toml

@@ -9,8 +9,11 @@ authors = ["Gavin Peacock <[email protected]"]
 name = "c2pa"
 crate-type = ["cdylib"]
 
+[features]
+v1 = ["c2pa/file_io"]
+
 [dependencies]
-c2pa = {path="../c2pa-rs/sdk", features = ["file_io", "openssl_sign"]}
+c2pa = {git = "https://github.com/contentauth/c2pa-rs.git", branch = "gpeacock/manifest_store_builder", features = ["openssl", "openssl_sign"]}
 pem = "3.0.3"
 serde = { version = "1.0.197", features = ["derive"] }
 serde_derive = "1.0"

src/c2pa.udl

@@ -2,12 +2,12 @@
 namespace c2pa {
   string version();
   string sdk_version();
-  [Throws=Error]
-  string read_file([ByRef] string path, string? data_dir);
-  [Throws=Error]
-  string read_ingredient_file([ByRef] string path, [ByRef] string data_dir);
-  [Throws=Error]
-  sequence<u8> sign_file([ByRef] string source, [ByRef] string dest, [ByRef] string manifest, [ByRef] SignerInfo signer_info, string? data_dir);
+ /// [Throws=Error]
+ /// string read_file([ByRef] string path, string? data_dir);
+ /// [Throws=Error]
+ /// string read_ingredient_file([ByRef] string path, [ByRef] string data_dir);
+ /// [Throws=Error]
+ /// sequence<u8> sign_file([ByRef] string source, [ByRef] string dest, [ByRef] string manifest, [ByRef] SignerInfo signer_info, string? data_dir);
 };
 
 [Error]
@@ -71,12 +71,12 @@ interface Reader {
   u64 resource([ByRef] string uri, [ByRef] Stream stream);
 };
 
-dictionary SignerInfo {
-  string alg;
-  sequence<u8> sign_cert;
-  sequence<u8> private_key;
-  string? ta_url;
-};
+///dictionary SignerInfo {
+///  string alg;
+///  sequence<u8> sign_cert;
+///  sequence<u8> private_key;
+///  string? ta_url;
+///};
 
 dictionary SignerConfig {
   SigningAlg alg;
@@ -103,6 +103,9 @@ interface Builder {
   [Throws=Error]
   void add_resource([ByRef] string uri, [ByRef] Stream stream );
 
+  [Throws=Error]
+  void add_ingredient([ByRef] string ingredient_json, [ByRef] string format, [ByRef] Stream stream );
+
   [Throws=Error]
   bytes sign([ByRef] string format, [ByRef] Stream input, [ByRef] Stream output ,[ByRef] CallbackSigner signer);
 };

src/callback_signer.rs

@@ -0,0 +1,89 @@
+// Copyright 2024 Adobe. All rights reserved.
+// This file is licensed to you under the Apache License,
+// Version 2.0 (http://www.apache.org/licenses/LICENSE-2.0)
+// or the MIT license (http://opensource.org/licenses/MIT),
+// at your option.
+// Unless required by applicable law or agreed to in writing,
+// this software is distributed on an "AS IS" BASIS, WITHOUT
+// WARRANTIES OR REPRESENTATIONS OF ANY KIND, either express or
+// implied. See the LICENSE-MIT and LICENSE-APACHE files for the
+// specific language governing permissions and limitations under
+// each license.
+
+use c2pa::{Signer, SigningAlg};
+
+use crate::Result;
+
+
+/// Defines the callback interface for a signer
+pub trait SignerCallback: Send + Sync {
+    /// Read a stream of bytes from the stream
+    fn sign(&self, bytes: Vec<u8>) -> Result<Vec<u8>>;
+}
+
+/// Configuration for a Signer
+#[repr(C)]
+pub struct SignerConfig {
+    /// Returns the algorithm of the Signer.
+    pub alg: c2pa::SigningAlg,
+
+    /// Returns the certificates as a Vec containing a Vec of DER bytes for each certificate.
+    pub certs: Vec<u8>,
+
+    /// URL for time authority to time stamp the signature
+    pub time_authority_url: Option<String>,
+
+    /// Try to fetch OCSP response for the signing cert if available
+    pub use_ocsp: bool,
+}
+
+/// Callback signer that uses a callback to sign data
+pub struct CallbackSigner {
+    callback: Box<dyn SignerCallback>,
+    alg: SigningAlg,
+    sign_certs: Vec<u8>,
+    ta_url: Option<String>,
+}
+
+impl CallbackSigner {
+    pub fn new(
+        callback: Box<dyn SignerCallback>,
+        config: SignerConfig,
+        // alg: SigningAlg,
+        // sign_certs: Vec<u8>,
+        // ta_url: Option<String>,
+    ) -> Self {
+        Self {
+            callback,
+            alg: config.alg,
+            sign_certs: config.certs,
+            ta_url: config.time_authority_url,
+        }
+    }
+}
+
+impl Signer for CallbackSigner {
+    fn sign(&self, data: &[u8]) -> c2pa::Result<Vec<u8>> {
+        self.callback
+            .sign(data.to_vec())
+            .map_err(|e| c2pa::Error::BadParam(e.to_string()))
+    }
+
+    fn alg(&self) -> SigningAlg {
+        self.alg
+    }
+
+    fn certs(&self) -> c2pa::Result<Vec<Vec<u8>>> {
+        let mut pems =
+            pem::parse_many(&self.sign_certs).map_err(|e| c2pa::Error::OtherError(Box::new(e)))?;
+        Ok(pems.drain(..).map(|p| p.into_contents()).collect())
+    }
+
+    fn reserve_size(&self) -> usize {
+        20000
+    }
+
+    fn time_authority_url(&self) -> Option<String> {
+        self.ta_url.clone()
+    }
+}

src/json_api.rs

@@ -14,17 +14,6 @@ use c2pa::{Ingredient, Manifest, ManifestStore};
 
 use crate::{Error, Result, SignerInfo};
 
-/// Returns the version of the C2PA library
-pub fn sdk_version() -> String {
-    format!(
-        "{}/{} {}/{}",
-        env!("CARGO_PKG_NAME"),
-        env!("CARGO_PKG_VERSION"),
-        c2pa::NAME,
-        c2pa::VERSION
-    )
-}
-
 /// Returns ManifestStore JSON string from a file path.
 ///
 /// If data_dir is provided, any thumbnail or c2pa data will be written to that folder.

src/lib.rs

@@ -19,10 +19,16 @@ pub use c2pa::SigningAlg;
 /// these all need to be public so that the uniffi macro can see them
 mod error;
 pub use error::{Error, Result};
+#[cfg(feature = "v1")]
 mod json_api;
-pub use json_api::{read_file, read_ingredient_file, sdk_version, sign_file};
+#[cfg(feature = "v1")]
+pub use json_api::{read_file, read_ingredient_file, sign_file};
+#[cfg(feature = "v1")]
 mod signer_info;
+#[cfg(feature = "v1")]
 pub use signer_info::{CallbackSigner, SignerCallback, SignerConfig, SignerInfo};
+mod callback_signer;
+pub use callback_signer::{CallbackSigner, SignerCallback, SignerConfig};
 mod streams;
 pub use streams::{SeekMode, Stream, StreamAdapter};
 
@@ -37,6 +43,18 @@ fn version() -> String {
     String::from(env!("CARGO_PKG_VERSION"))
 }
 
+
+/// Returns the version of the C2PA library
+pub fn sdk_version() -> String {
+    format!(
+        "{}/{} {}/{}",
+        env!("CARGO_PKG_NAME"),
+        env!("CARGO_PKG_VERSION"),
+        c2pa::NAME,
+        c2pa::VERSION
+    )
+}
+
 pub struct Reader {
     reader: RwLock<c2pa::Reader>,
 }
@@ -117,6 +135,16 @@ impl Builder {
         Ok(())
     }
 
+    pub fn add_ingredient(&self, ingredient_json: &str, format: &str, stream: &dyn Stream) -> Result<()> {
+        if let Ok(mut builder) = self.builder.try_write() {
+            let mut stream = StreamAdapter::from(stream);
+            builder.add_ingredient(ingredient_json, format,  &mut stream)?;
+        } else {
+            return Err(Error::RwLock);
+        };
+        Ok(())
+    }
+
     /// Sign an asset and write the result to the destination stream
     pub fn sign(&self, format: &str, source: &dyn Stream, dest: &dyn Stream, signer: &CallbackSigner) -> Result<Vec<u8>> {
         // uniffi doesn't allow mutable parameters, so we we use an adapter

src/signer_info.rs

@@ -16,28 +16,6 @@ use serde::Deserialize;
 use crate::{Error, Result};
 
 
-/// Defines the callback interface for a signer
-pub trait SignerCallback: Send + Sync {
-    /// Read a stream of bytes from the stream
-    fn sign(&self, bytes: Vec<u8>) -> Result<Vec<u8>>;
-}
-
-/// Configuration for a Signer
-#[repr(C)]
-pub struct SignerConfig {
-    /// Returns the algorithm of the Signer.
-    pub alg: c2pa::SigningAlg,
-
-    /// Returns the certificates as a Vec containing a Vec of DER bytes for each certificate.
-    pub certs: Vec<u8>,
-
-    /// URL for time authority to time stamp the signature
-    pub time_authority_url: Option<String>,
-
-    /// Try to fetch OCSP response for the signing cert if available
-    pub use_ocsp: bool,
-}
-
 /// SignerInfo provides the information needed to create a signer
 /// and sign a manifest.
 ///
@@ -80,64 +58,5 @@ impl SignerInfo {
         .map_err(Error::from_c2pa_error)
     }
 
-    // /// Create a signer from the SignerInfo
-    // pub fn callback_signer(&self, callback: Box<SignerCallback>) -> Result<Box<dyn Signer>> {
-    //     let cb_sign = CallbackSigner::new(
-    //         callback,
-    //         self.alg()?,
-    //         self.sign_cert.clone(),
-    //         self.ta_url.clone(),
-    //     );
-    //     Ok(Box::new(cb_sign))
-    // }
-}
-
-pub struct CallbackSigner {
-    callback: Box<dyn SignerCallback>,
-    alg: SigningAlg,
-    sign_certs: Vec<u8>,
-    ta_url: Option<String>,
-}
-
-impl CallbackSigner {
-    pub fn new(
-        callback: Box<dyn SignerCallback>,
-        config: SignerConfig,
-        // alg: SigningAlg,
-        // sign_certs: Vec<u8>,
-        // ta_url: Option<String>,
-    ) -> Self {
-        Self {
-            callback,
-            alg: config.alg,
-            sign_certs: config.certs,
-            ta_url: config.time_authority_url,
-        }
-    }
 }
 
-impl Signer for CallbackSigner {
-    fn sign(&self, data: &[u8]) -> c2pa::Result<Vec<u8>> {
-        self.callback
-            .sign(data.to_vec())
-            .map_err(|e| c2pa::Error::BadParam(e.to_string()))
-    }
-
-    fn alg(&self) -> SigningAlg {
-        self.alg
-    }
-
-    fn certs(&self) -> c2pa::Result<Vec<Vec<u8>>> {
-        let mut pems =
-            pem::parse_many(&self.sign_certs).map_err(|e| c2pa::Error::OtherError(Box::new(e)))?;
-        Ok(pems.drain(..).map(|p| p.into_contents()).collect())
-    }
-
-    fn reserve_size(&self) -> usize {
-        20000
-    }
-
-    fn time_authority_url(&self) -> Option<String> {
-        self.ta_url.clone()
-    }
-}

tests/c2pa_api.py

@@ -27,27 +27,23 @@
 #  ManifestStoreReader = c2pa.ManifestStoreReader
 class Reader(c2pa.Reader):
     def __init__(self, format, stream):
-        self.format = format
-        self.stream = C2paStream(stream)
         super().__init__()
+        self.read(format, C2paStream(stream))
 
-    def from_file(path: str, format=None):
+    @classmethod
+    def from_file(cls, path: str, format=None):
         file = open(path, "rb")
         if format is None:
             # determine the format from the file extension
             format = os.path.splitext(path)[1][1:]
-        reader = Reader(format, file)
-        return reader
-
-    def read(self):
-        return super().read(self.format, self.stream)
+        return cls(format, file)
 
     def resource(self, uri, stream) -> None:
-        super().resource(uri, C2paStream(stream))
+        return super().resource(uri, C2paStream(stream))
 
     def resource_file(self, uri, path) -> None:
         file = open(path, "wb")
-        self.resource(uri, file)
+        return self.resource(uri, file)
 
 
 class Builder(c2pa.Builder):
@@ -60,24 +56,34 @@ def __init__(self, signer, manifest = None):
     def set_manifest(self, manifest):
         if not isinstance(manifest, str):
             manifest = json.dumps(manifest)
-        self.with_json(manifest)
+        super().with_json(manifest)
         return self
 
     def add_resource(self, uri, stream):
-        return super().add_resource(uri, stream)
+        return super().add_resource(uri, C2paStream(stream))
 
     def add_resource_file(self, uri, path):
-        stream = C2paStream.open_file(path, "rb")
-        return self.add_resource(uri, stream)
+        file = open(path, "rb")
+        return self.add_resource(uri, file)
+    
+    def add_ingredient(self, ingredient, format, stream):
+        if not isinstance(ingredient, str):
+            ingredient = json.dumps(ingredient)
+        return super().add_ingredient(ingredient, format, C2paStream(stream))
+    
+    def add_ingredient_file(self, ingredient, path):
+        format = os.path.splitext(path)[1][1:]
+        file = open(path, "rb")
+        return self.add_ingredient(ingredient, format, file)
 
-    def sign_stream(self, format, input, output=None):
-        return self.sign(format, input, output, self.signer)
+    def sign(self, format, input, output=None):
+        return super().sign(format, C2paStream(input), C2paStream(output), self.signer)
 
     def sign_file(self, sourcePath, outputPath):
-        format = "image/jpeg" #sourcePath.extension[1:]
-        input = C2paStream.open_file(sourcePath, "rb")
-        output = C2paStream.open_file(outputPath, "wb")
-        return self.sign_stream(format, input, output)
+        format = os.path.splitext(outputPath)[1][1:]
+        input = open(sourcePath, "rb")
+        output = open(outputPath, "wb")
+        return self.sign(format, input, output)
 
 
 # Implements a C2paStream given a stream handle