c2pa-crypto 0.8.1

Cryptography internals for c2pa-rs crate
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71

// Copyright 2022 Adobe. All rights reserved.
// This file is licensed to you under the Apache License,
// Version 2.0 (http://www.apache.org/licenses/LICENSE-2.0)
// or the MIT license (http://opensource.org/licenses/MIT),
// at your option.

// Unless required by applicable law or agreed to in writing,
// this software is distributed on an "AS IS" BASIS, WITHOUT
// WARRANTIES OR REPRESENTATIONS OF ANY KIND, either express or
// implied. See the LICENSE-MIT and LICENSE-APACHE files for the
// specific language governing permissions and limitations under
// each license.

use c2pa_status_tracker::{validation_codes::SIGNING_CREDENTIAL_EXPIRED, StatusTracker};
#[cfg(all(target_arch = "wasm32", not(target_os = "wasi")))]
use wasm_bindgen_test::wasm_bindgen_test;
use x509_parser::pem::Pem;

use crate::cose::{check_end_entity_certificate_profile, CertificateTrustPolicy};

#[test]
#[cfg_attr(
    all(target_arch = "wasm32", not(target_os = "wasi")),
    wasm_bindgen_test
)]
fn expired_cert() {
    let ctp = CertificateTrustPolicy::default();
    let mut validation_log = StatusTracker::default();

    let cert_der = x509_der_from_pem(include_bytes!(
        "../fixtures/cose/rsa-pss256_key-expired.pub"
    ));

    assert!(
        check_end_entity_certificate_profile(&cert_der, &ctp, &mut validation_log, None).is_err()
    );

    assert!(!validation_log.logged_items().is_empty());

    assert_eq!(
        validation_log.logged_items()[0].validation_status,
        Some(SIGNING_CREDENTIAL_EXPIRED.into())
    );
}

#[test]
#[cfg_attr(
    all(target_arch = "wasm32", not(target_os = "wasi")),
    wasm_bindgen_test
)]
fn cert_algorithms() {
    let ctp = CertificateTrustPolicy::default();

    let mut validation_log = StatusTracker::default();

    let es256_cert = x509_der_from_pem(include_bytes!("../fixtures/raw_signature/es256.pub"));
    let es384_cert = x509_der_from_pem(include_bytes!("../fixtures/raw_signature/es384.pub"));
    let es512_cert = x509_der_from_pem(include_bytes!("../fixtures/raw_signature/es512.pub"));
    let ps256_cert = x509_der_from_pem(include_bytes!("../fixtures/raw_signature/ps256.pub"));

    check_end_entity_certificate_profile(&es256_cert, &ctp, &mut validation_log, None).unwrap();
    check_end_entity_certificate_profile(&es384_cert, &ctp, &mut validation_log, None).unwrap();
    check_end_entity_certificate_profile(&es512_cert, &ctp, &mut validation_log, None).unwrap();
    check_end_entity_certificate_profile(&ps256_cert, &ctp, &mut validation_log, None).unwrap();
}

fn x509_der_from_pem(cert_pem: &[u8]) -> Vec<u8> {
    let mut pems = Pem::iter_from_buffer(cert_pem);
    let pem = pems.next().unwrap().unwrap();
    pem.contents
}