Merge pull request #34 from contentauth/gpeacock/sign_file_peformance

Performance improvement when signing using file paths.

Author: gpeacock

Cargo.toml

@@ -11,7 +11,7 @@ crate-type = ["cdylib"]
 
 
 [dependencies]
-c2pa = {version = "0.35.0", features = ["unstable_api", "openssl", "pdf", "fetch_remote_manifests"]}
+c2pa = {version = "0.35.0", features = ["unstable_api", "file_io", "openssl", "pdf", "fetch_remote_manifests"]}
 pem = "3.0.3"
 serde = { version = "1.0.197", features = ["derive"] }
 serde_derive = "1.0"

c2pa/c2pa_api/c2pa_api.py

@@ -126,30 +126,11 @@ def from_archive(cls, stream):
         return self
 
     def sign(self, signer, format, input, output = None):
-        return super().sign(format, C2paStream(input), C2paStream(output), signer)
+        return super().sign(signer, format, C2paStream(input), C2paStream(output))
 
     def sign_file(self, signer, sourcePath, outputPath):
-        extension = os.path.splitext(outputPath)[1][1:]
-        input = open(sourcePath, "rb")
-        # Check if outputPath is the same as sourcePath
-        if outputPath == sourcePath:
-            # Create a temporary file with the same extension as sourcePath
-            temp_output = tempfile.NamedTemporaryFile(suffix='.' + extension, delete=False)
-            temp_output_path = temp_output.name
-            temp_output.close()
-        else:
-            temp_output_path = outputPath
-        
-        output = open(temp_output_path, "wb")
-        result = self.sign(signer, extension, input, output)
-        output.close()
-        input.close()
-
-        # If a temporary file was used, rename or copy it to the outputPath
-        if outputPath == sourcePath:
-            shutil.move(temp_output_path, outputPath)
-
-        return result
+        return super().sign_file(signer, sourcePath, outputPath)
+    
 
 
 # Implements a C2paStream given a stream handle
@@ -225,12 +206,12 @@ def sign_ps256_shell(data: bytes, key_path: str) -> bytes:
 from cryptography.hazmat.primitives import hashes, serialization
 from cryptography.hazmat.primitives.asymmetric import padding
 
-def sign_ps256(data: bytes, key_path: str) -> bytes:
-    with open(key_path, "rb") as key_file:
-        private_key = serialization.load_pem_private_key(
-            key_file.read(),
-            password=None,
-        )
+def sign_ps256(data: bytes, key: bytes) -> bytes:
+
+    private_key = serialization.load_pem_private_key(
+        key,
+        password=None,
+    )
     signature = private_key.sign(
         data,
         padding.PSS(

src/c2pa.udl

@@ -92,5 +92,8 @@ interface Builder {
   void from_archive([ByRef] Stream stream );
 
   [Throws=Error]
-  bytes sign([ByRef] string format, [ByRef] Stream input, [ByRef] Stream output ,[ByRef] CallbackSigner signer);
+  bytes sign([ByRef] CallbackSigner signer, [ByRef] string format, [ByRef] Stream input, [ByRef] Stream output);
+
+  [Throws=Error]
+  bytes sign_file([ByRef] CallbackSigner signer, [ByRef] string input, [ByRef] string output);
 };

src/callback_signer.rs

@@ -34,7 +34,6 @@ impl CallbackSigner {
         certs: Vec<u8>,
         ta_url: Option<String>,
     ) -> Self {
-        
         // When this closure is called it will call the sign method on the python callback
         let python_signer = move |_context: *const (), data: &[u8]| {
             callback

src/lib.rs

@@ -172,10 +172,10 @@ impl Builder {
     /// Sign an asset and write the result to the destination stream
     pub fn sign(
         &self,
+        signer: &CallbackSigner,
         format: &str,
         source: &dyn Stream,
         dest: &dyn Stream,
-        signer: &CallbackSigner,
     ) -> Result<Vec<u8>> {
         // uniffi doesn't allow mutable parameters, so we we use an adapter
         let mut source = StreamAdapter::from(source);
@@ -187,4 +187,14 @@ impl Builder {
             Err(Error::RwLock)
         }
     }
+
+    /// Sign an asset and write the result to the destination stream
+    pub fn sign_file(&self, signer: &CallbackSigner, source: &str, dest: &str) -> Result<Vec<u8>> {
+        if let Ok(mut builder) = self.builder.try_write() {
+            let signer = (*signer).signer();
+            Ok(builder.sign_file(signer, source, dest)?)
+        } else {
+            Err(Error::RwLock)
+        }
+    }
 }

src/streams.rs

@@ -82,14 +82,12 @@ impl<'a> From<&'a dyn Stream> for StreamAdapter<'a> {
 
 impl<'a> Read for StreamAdapter<'a> {
     fn read(&mut self, buf: &mut [u8]) -> std::io::Result<usize> {
-        let mut bytes = self
+        let bytes = self
             .stream
             .read_stream(buf.len() as u64)
             .map_err(|e| std::io::Error::new(std::io::ErrorKind::Other, e))?;
         let len = bytes.len();
-        buf.iter_mut().zip(bytes.drain(..)).for_each(|(dest, src)| {
-            *dest = src;
-        });
+        buf[..len].copy_from_slice(&bytes);
         //println!("read: {:?}", len);
         Ok(len)
     }

tests/benchmark.py

@@ -0,0 +1,71 @@
+from c2pa import  Builder, Error,  Reader, SigningAlg, create_signer,  sdk_version, sign_ps256
+import os
+import io
+PROJECT_PATH = os.getcwd()
+
+testPath = os.path.join(PROJECT_PATH, "tests", "fixtures", "C.jpg")
+
+manifestDefinition = {
+    "claim_generator": "python_test",
+    "claim_generator_info": [{
+        "name": "python_test",
+        "version": "0.0.1",
+    }],
+    "format": "image/jpeg",
+    "title": "Python Test Image",
+    "ingredients": [],
+    "assertions": [
+        {   'label': 'stds.schema-org.CreativeWork',
+            'data': {
+                '@context': 'http://schema.org/',
+                '@type': 'CreativeWork',
+                'author': [
+                    {   '@type': 'Person',
+                        'name': 'Gavin Peacock'
+                    }
+                ]
+            },
+            'kind': 'Json'
+        }
+    ]
+}
+private_key = open("tests/fixtures/ps256.pem","rb").read()
+
+# Define a function that signs data with PS256 using a private key
+def sign(data: bytes) -> bytes:
+    print("date len = ", len(data))
+    return sign_ps256(data, private_key)
+
+# load the public keys from a pem file
+certs = open("tests/fixtures/ps256.pub","rb").read()
+
+# Create a local Ps256 signer with certs and a timestamp server
+signer = create_signer(sign, SigningAlg.PS256, certs, "http://timestamp.digicert.com")
+
+builder = Builder(manifestDefinition)
+
+source = open(testPath, "rb").read()
+
+testPath = "/Users/gpeacock/Pictures/Lightroom Saved Photos/IMG_0483.jpg"
+testPath = "tests/fixtures/c.jpg"
+outputPath = "target/python_out.jpg"
+
+def test_files_build():
+        # Delete the output file if it exists
+    if os.path.exists(outputPath):
+        os.remove(outputPath)
+    builder.sign_file(signer, testPath, outputPath)
+
+def test_streams_build():
+    #with open(testPath, "rb") as file:
+    output = io.BytesIO(bytearray())
+    builder.sign(signer, "image/jpeg", io.BytesIO(source), output)
+
+def test_func(benchmark):
+    benchmark(test_files_build)
+
+def test_streams(benchmark):
+    benchmark(test_streams_build)
+
+#def test_signer(benchmark):
+#    benchmark(sign_ps256, data, private_key)

tests/test_api.py

@@ -11,6 +11,7 @@
 # each license.
 
 import json
+import os
 import pytest
 import tempfile
 import shutil
@@ -98,8 +99,9 @@ def test_v2_sign():
     # define a source folder for any assets we need to read
     data_dir = "tests/fixtures/"
     try:
+        key = open(data_dir + "ps256.pem", "rb").read()
         def sign(data: bytes) -> bytes:
-            return sign_ps256(data, data_dir+"ps256.pem")
+            return sign_ps256(data, key)
 
         certs = open(data_dir + "ps256.pub", "rb").read()
         # Create a local signer from a certificate pem file
@@ -114,6 +116,9 @@ def sign(data: bytes) -> bytes:
         builder = Builder.from_archive(open("target/archive.zip", "rb"))
 
         with tempfile.TemporaryDirectory() as output_dir:
+            output_path = output_dir + "out.jpg"
+            if os.path.exists(output_path):
+                os.remove(output_path)
             c2pa_data = builder.sign_file(signer, data_dir + "A.jpg", output_dir + "out.jpg")
             assert len(c2pa_data) > 0
 
@@ -135,8 +140,9 @@ def sign(data: bytes) -> bytes:
 def test_v2_sign_file_same():
     data_dir = "tests/fixtures/"
     try:
+        key = open(data_dir + "ps256.pem", "rb").read()
         def sign(data: bytes) -> bytes:
-            return sign_ps256(data, data_dir+"ps256.pem")
+            return sign_ps256(data, key)
 
         certs = open(data_dir + "ps256.pub", "rb").read()
         # Create a local signer from a certificate pem file
@@ -163,4 +169,4 @@ def sign(data: bytes) -> bytes:
             assert manifest.get("validation_status") == None
     except Exception as e:
         print("Failed to sign manifest store: " + str(e))
-        exit(1)
+        #exit(1)

tests/training.py

@@ -73,8 +73,9 @@ def getitem(d, key):
 # V2 signing api
 try:
    # This could be implemented on a server using an HSM
+    key = open("tests/fixtures/ps256.pem","rb").read()
     def sign(data: bytes) -> bytes:
-        return sign_ps256(data, "tests/fixtures/ps256.pem")
+        return sign_ps256(data, key)
 
     certs = open("tests/fixtures/ps256.pub","rb").read()
 
@@ -87,6 +88,9 @@ def sign(data: bytes) -> bytes:
 
     builder.add_ingredient_file(ingredient_json, "tests/fixtures/A.jpg")
 
+    if os.path.exists(testOutputFile):
+        os.remove(testOutputFile)
+
     result = builder.sign_file(signer, testFile, testOutputFile)
 
 except Exception as err:

tests/unit_tests.py

@@ -83,7 +83,8 @@ class TestBuilder(unittest.TestCase):
 
     # Define a function that signs data with PS256 using a private key
     def sign(data: bytes) -> bytes:
-        return sign_ps256(data, "tests/fixtures/ps256.pem")
+        key = open("tests/fixtures/ps256.pem","rb").read()
+        return sign_ps256(data, key)
 
     # load the public keys from a pem file
     certs = open("tests/fixtures/ps256.pub","rb").read()