c2pa 0.80.2

Rust SDK for C2PA (Coalition for Content Provenance and Authenticity) implementors
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365

// Copyright 2026 Adobe. All rights reserved.
// This file is licensed to you under the Apache License,
// Version 2.0 (http://www.apache.org/licenses/LICENSE-2.0)
// or the MIT license (http://opensource.org/licenses/MIT),
// at your option.

// Unless required by applicable law or agreed to in writing,
// this software is distributed on an "AS IS" BASIS, WITHOUT
// WARRANTIES OR REPRESENTATIONS OF ANY KIND, either express or
// implied. See the LICENSE-MIT and LICENSE-APACHE files for the
// specific language governing permissions and limitations under
// each license.

//! Ephemeral self-signed certificate generation for testing and local C2PA
//! manifests.
//!
//! Generates a certificate authority (CA) and an end-entity (EE) certificate
//! signed by that CA, and returns an [`EphemeralSigner`] that implements
//! [`Signer`](crate::Signer) and holds the full certificate chain (EE then CA)
//! in DER form.
//!
//! **WARNING:** These certificates are for testing and local use only and will
//! not be considered trusted in the C2PA conformance sense.

use asn1_rs::FromDer;
use x509_parser::prelude::X509Certificate;

use crate::{
    crypto::raw_signature::{signer_from_cert_chain_and_private_key, RawSigner, SigningAlg},
    utils::ephemeral_cert,
    Error, Result, Signer,
};

/// A [`Signer`](crate::Signer) that holds an ephemeral CA + end-entity
/// certificate chain.
///
/// The full certificate chain (end-entity first, then CA) is stored as DER and
/// returned from [`Signer::certs`](crate::Signer::certs). Signing is performed
/// by the end-entity key.
///
/// **WARNING:** These certificates are for testing and local use only and will
/// not be considered trusted in the C2PA conformance sense.
pub struct EphemeralSigner {
    /// Raw signer (EE key) used for signing.
    pub(crate) raw_signer: Box<dyn RawSigner + Send + Sync>,

    /// Full certificate chain in DER: end-entity then CA.
    pub(crate) cert_chain_der: Vec<Vec<u8>>,
}

impl EphemeralSigner {
    /// Generates an ephemeral self-signed CA and an end-entity certificate
    /// signed by that CA, and returns an [`EphemeralSigner`] that
    /// implements [`Signer`](crate::Signer).
    ///
    /// The signer holds the full certificate chain (EE then CA) in DER form and
    /// returns it from [`Signer::certs`](crate::Signer::certs).
    ///
    /// The CA and EE use Ed25519 and the same parameter style as used for C2PA
    /// manifest signing (e.g. Digital Signature and EmailProtection usage).
    /// The EE certificate subject/common name and SAN are set from
    /// `ee_cert_name`.
    ///
    /// **WARNING:** These certificates are for testing and local use only and
    /// will not be considered trusted in the C2PA conformance sense.
    ///
    /// # Arguments
    ///
    /// * `ee_cert_name` - Subject/common name and SAN for the end-entity
    ///   certificate (e.g. `"c2pa-archive.local"`).
    ///
    /// # Errors
    ///
    /// Returns an error if certificate or key generation fails, or if the raw
    /// signer cannot be created from the generated credentials.
    pub fn new(ee_cert_name: impl Into<String>) -> Result<Self> {
        let ee_cert_name = ee_cert_name.into();

        let chain = ephemeral_cert::generate_ephemeral_chain(&ee_cert_name)?;

        // Full chain as DER: end-entity first, then CA (per C2PA / Signer convention).
        let cert_chain_der = vec![chain.ee_der.clone(), chain.ca_der.clone()];

        // Ensure each certificate is valid X.509 DER (same format COSE x5chain
        // expects).
        for (i, der) in cert_chain_der.iter().enumerate() {
            X509Certificate::from_der(der).map_err(|e| {
                Error::OtherError(Box::new(std::io::Error::new(
                    std::io::ErrorKind::InvalidData,
                    format!("ephemeral cert chain entry {i} is not valid X.509 DER: {e}"),
                )))
            })?;
        }

        // PEM chain and key for the raw signer (newline between certs so both are
        // parsed).
        let cert_chain_pem = format!(
            "{}\n{}",
            ephemeral_cert::der_to_pem(&chain.ee_der),
            ephemeral_cert::der_to_pem(&chain.ca_der)
        );

        let raw_signer = signer_from_cert_chain_and_private_key(
            cert_chain_pem.as_bytes(),
            chain.ee_private_key_pem.as_bytes(),
            SigningAlg::Ed25519,
            None,
        )
        .map_err(|e| Error::OtherError(Box::new(e)))?;

        // Ensure the raw signer's chain matches our DER chain (PEM decode must equal
        // our DER).
        let raw_chain = raw_signer
            .cert_chain()
            .map_err(|e| Error::OtherError(Box::new(e)))?;

        if raw_chain.len() != cert_chain_der.len() {
            return Err(Error::OtherError(Box::new(std::io::Error::new(
                std::io::ErrorKind::InvalidData,
                format!(
                    "ephemeral cert chain length mismatch: raw_signer has {}, cert_chain_der has {}",
                    raw_chain.len(),
                    cert_chain_der.len()
                ),
            ))));
        }

        for (i, (a, b)) in raw_chain.iter().zip(cert_chain_der.iter()).enumerate() {
            if a != b {
                return Err(Error::OtherError(Box::new(std::io::Error::new(
                    std::io::ErrorKind::InvalidData,
                    format!(
                        "ephemeral cert chain entry {i} differs between raw_signer and cert_chain_der (PEM decode vs our DER)"
                    ),
                ))));
            }
        }

        Ok(EphemeralSigner {
            raw_signer,
            cert_chain_der,
        })
    }
}

impl Signer for EphemeralSigner {
    fn sign(&self, data: &[u8]) -> Result<Vec<u8>> {
        self.raw_signer.sign(data).map_err(|e| e.into())
    }

    fn alg(&self) -> SigningAlg {
        self.raw_signer.alg()
    }

    fn certs(&self) -> Result<Vec<Vec<u8>>> {
        Ok(self.cert_chain_der.clone())
    }

    fn reserve_size(&self) -> usize {
        self.raw_signer.reserve_size()
    }

    fn ocsp_val(&self) -> Option<Vec<u8>> {
        self.raw_signer.ocsp_response()
    }

    fn time_authority_url(&self) -> Option<String> {
        self.raw_signer.time_stamp_service_url()
    }

    fn timestamp_request_headers(&self) -> Option<Vec<(String, String)>> {
        self.raw_signer.time_stamp_request_headers()
    }

    fn timestamp_request_body(&self, message: &[u8]) -> Result<Vec<u8>> {
        self.raw_signer
            .time_stamp_request_body(message)
            .map_err(|e| e.into())
    }

    fn send_timestamp_request(&self, message: &[u8]) -> Option<Result<Vec<u8>>> {
        self.raw_signer
            .send_time_stamp_request(message)
            .map(|r| r.map_err(|e| e.into()))
    }
}

#[cfg(test)]
mod tests {
    #![allow(clippy::expect_used)]
    #![allow(clippy::unwrap_used)]

    use coset::iana::{self, EnumI64};

    use super::*;
    use crate::{
        claim::Claim,
        cose_sign::{cose_sign, sign_claim},
        cose_validator::verify_cose,
        crypto::cose::{
            cert_chain_from_sign1, parse_cose_sign1, CertificateTrustPolicy, TimeStampStorage,
        },
        settings::Settings,
        status_tracker::StatusTracker,
        Signer,
    };

    /// Diagnostic: produce COSE bytes with EphemeralSigner (no verify), then
    /// inspect the parsed protected header to see why cert_chain_from_sign1
    /// fails.
    #[test]
    fn ephemeral_signer_protected_header_inspection() {
        let signer = EphemeralSigner::new("c2pa-archive.local").unwrap();
        let mut claim = Claim::new("ephemeral_inspect", Some("contentauth"), 1);
        claim.build().unwrap();

        let claim_bytes = claim.data().unwrap();

        let mut settings = Settings::default();
        settings.verify.verify_trust = false;

        let tss = TimeStampStorage::V1_sigTst;

        let cose_bytes = cose_sign(&signer, &claim_bytes, signer.reserve_size(), tss, &settings)
            .expect("cose_sign with EphemeralSigner");

        let mut log = StatusTracker::default();
        let sign1 = parse_cose_sign1(&cose_bytes, &claim_bytes, &mut log)
            .expect("parse COSE from EphemeralSigner");

        let rest = &sign1.protected.header.rest;
        let x5_label = iana::HeaderParameter::X5Chain.to_i64();

        let has_x5_in_rest = rest.iter().any(|(label, _)| {
            *label == coset::Label::Int(x5_label) || *label == coset::Label::Text("x5chain".into())
        });

        assert!(
            has_x5_in_rest,
            "x5chain should appear in protected.header.rest after parse; rest = {:?}",
            rest.iter().map(|(l, _)| l).collect::<Vec<_>>()
        );
    }

    /// Same flow as signature_from_ephemeral_signer_is_valid but split: get
    /// bytes via cose_sign, then run verify_cose on those bytes. Inspect
    /// whether the bytes parse with x5chain before calling verify_cose.
    #[test]
    fn ephemeral_signer_cose_sign_then_verify_cose() {
        let signer = EphemeralSigner::new("c2pa-archive.local").unwrap();
        let mut claim = Claim::new("ephemeral_sig_test", Some("contentauth"), 1);
        claim.build().unwrap();

        let claim_bytes = claim.data().unwrap();

        let mut settings = Settings::default();
        settings.verify.verify_trust = false;

        let tss = TimeStampStorage::V1_sigTst;

        let cose_bytes = cose_sign(&signer, &claim_bytes, signer.reserve_size(), tss, &settings)
            .expect("cose_sign with EphemeralSigner");

        let mut log = StatusTracker::default();
        let sign1 = parse_cose_sign1(&cose_bytes, &claim_bytes, &mut log).expect("parse COSE");
        let _chain = cert_chain_from_sign1(&sign1)
            .expect("cert_chain_from_sign1 on same bytes as inspection test");

        let mut validation_log = StatusTracker::default();
        let ctp = CertificateTrustPolicy::default();

        let result = verify_cose(
            &cose_bytes,
            &claim_bytes,
            b"",
            false,
            &ctp,
            None,
            &mut validation_log,
            &settings,
        );

        let info = result.expect("verify_cose on same bytes");
        assert!(info.validated, "signature must be validated");
    }

    /// Signs a minimal claim with [`EphemeralSigner`] and verifies the COSE
    /// signature (cert chain in protected header and signature over the
    /// claim).
    #[test]
    fn signature_from_ephemeral_signer_is_valid() {
        let signer = EphemeralSigner::new("c2pa-archive.local").unwrap();

        let mut claim = Claim::new("ephemeral_sig_test", Some("contentauth"), 1);
        claim.build().unwrap();

        let claim_bytes = claim.data().unwrap();

        let mut settings = Settings::default();
        settings.verify.verify_trust = false;

        let cose_bytes = sign_claim(&claim_bytes, &signer, signer.reserve_size(), &settings)
            .expect("sign_claim with EphemeralSigner");

        let mut validation_log = StatusTracker::default();
        let ctp = CertificateTrustPolicy::default();

        let result = verify_cose(
            &cose_bytes,
            &claim_bytes,
            b"",
            false,
            &ctp,
            None,
            &mut validation_log,
            &settings,
        );

        let info = result.expect("signature from EphemeralSigner must verify");
        assert!(
            info.validated,
            "EphemeralSigner signature must be validated"
        );
    }

    /// EphemeralSigner must place the full cert chain (EE + CA) in the COSE
    /// signature.
    #[test]
    fn ephemeral_signer_cose_chain_is_valid() {
        let signer = EphemeralSigner::new("c2pa-archive.local").expect("ephemeral signer");

        assert_eq!(
            signer.certs().unwrap().len(),
            2,
            "EphemeralSigner must hold EE + CA in cert_chain_der"
        );

        let mut claim = crate::claim::Claim::new("ephemeral_chain_test", Some("contentauth"), 1);
        claim.build().unwrap();

        let claim_bytes = claim.data().unwrap();

        let mut settings = Settings::default();
        settings.verify.verify_trust = false;

        let cose_bytes =
            crate::cose_sign::sign_claim(&claim_bytes, &signer, signer.reserve_size(), &settings)
                .expect("sign_claim with EphemeralSigner");

        let mut validation_log = StatusTracker::default();

        let sign1 = parse_cose_sign1(&cose_bytes, &claim_bytes, &mut validation_log)
            .expect("parse COSE produced by EphemeralSigner");

        let chain = cert_chain_from_sign1(&sign1)
            .expect("cert chain must be present in COSE signed by EphemeralSigner");

        assert_eq!(
            chain.len(),
            2,
            "COSE must contain full chain (EE + CA); got {} cert(s)",
            chain.len()
        );
    }
}