Remove need for using OpenSSL to generate certs by using pre-generated certs

.gitignore

@@ -7,10 +7,5 @@ Cargo.lock
 .DS_Store
 .idea
 
-.x509
-.ec
-.rsa
-.ed
-.es509
-
 .vscode
+

make_test_images/Cargo.toml

@@ -11,7 +11,6 @@ anyhow = "1.0"
 c2pa = { path="../sdk", features = ["file_io"] }
 env_logger = "0.9"
 log = "0.4" 
-tempfile = "3.3"
 image = "0.23.10"
 nom = "7.1.1"
 regex = "1.5.6"

make_test_images/src/make_test_images.rs

@@ -27,12 +27,18 @@ use std::{
     fs,
     path::{Path, PathBuf},
 };
-use tempfile::tempdir;
 use twoway::find_bytes;
 
 const IMAGE_WIDTH: u32 = 2048;
 const IMAGE_HEIGHT: u32 = 1365;
 
+// returns a path to a file in the fixtures folder
+fn fixture_path(file_name: &str) -> PathBuf {
+    let mut path = PathBuf::from(env!("CARGO_MANIFEST_DIR"));
+    path.push("../sdk/tests/fixtures");
+    path.push(file_name);
+    path
+}
 /// Defines an operation for creating a test image
 #[derive(Debug, Deserialize)]
 pub struct Recipe {
@@ -258,9 +264,9 @@ impl MakeTestImages {
         manifest.add_assertion(&actions)?; // extra get required here, since actions is an array
 
         // now create store; sign claim and embed in target
-        let temp_dir = tempdir()?;
+        let cert_dir: PathBuf = fixture_path("certs");
         let (signer, _) =
-            get_temp_signer_by_alg(&temp_dir.path(), &self.config.alg, self.config.ta.clone());
+            get_temp_signer_by_alg(&cert_dir, &self.config.alg, self.config.ta.clone());
 
         manifest.embed(&dst_path, &dst_path, signer.as_ref())?;
 

sdk/examples/client/client.rs

@@ -20,7 +20,13 @@ use c2pa::{
     get_temp_signer, Ingredient, Manifest, ManifestStore,
 };
 use std::path::PathBuf;
-use tempfile::tempdir;
+// returns a path to a file in the fixtures folder
+fn fixture_path(file_name: &str) -> PathBuf {
+    let mut path = PathBuf::from(env!("CARGO_MANIFEST_DIR"));
+    path.push("../sdk/tests/fixtures");
+    path.push(file_name);
+    path
+}
 
 const GENERATOR: &str = "test_app/0.1";
 const CREATIVE_WORK_URL: &str = r#"{"@type":"CreativeWork","@context":"https://schema.org","url":"http://contentauthenticity.org"}"#;
@@ -109,8 +115,8 @@ pub fn main() -> Result<()> {
     manifest.add_assertion(&creative_work)?;
 
     // sign and embed into the target file
-    let temp_dir = tempdir()?;
-    let (signer, _) = get_temp_signer(&temp_dir.path());
+    let cert_dir = fixture_path("certs");
+    let (signer, _) = get_temp_signer(&cert_dir);
     manifest.embed(&source, &dest, &signer)?;
 
     let manifest_store = ManifestStore::from_file(&dest)?;

sdk/src/asset_handlers/c2pa_io.rs

@@ -88,7 +88,8 @@ pub mod tests {
         let store = Store::load_from_asset(&temp_path, false, &mut OneShotStatusTracker::new())
             .expect("loading store");
 
-        let (signer, _) = get_temp_signer(&temp_dir.path());
+        let cert_dir = fixture_path("certs");
+        let (signer, _) = get_temp_signer(&cert_dir);
 
         let manifest2 = store.to_jumbf(&signer).expect("to_jumbf");
         assert_eq!(&manifest, &manifest2);

sdk/src/cose_validator.rs

@@ -1060,23 +1060,22 @@ pub mod tests {
     #[test]
     #[cfg(feature = "file_io")]
     fn test_cert_algorithms() {
-        use tempfile::tempdir;
+        let cert_dir = crate::utils::test::fixture_path("certs");
 
         use crate::openssl::temp_signer;
 
         let mut validation_log = DetailedStatusTracker::new();
 
-        let temp_dir = tempdir().unwrap();
-        let (_, cert_path) = temp_signer::get_ec_signer(&temp_dir.path(), "es256", None);
+        let (_, cert_path) = temp_signer::get_ec_signer(&cert_dir, "es256", None);
         let es256_cert = std::fs::read(&cert_path).unwrap();
 
-        let (_, cert_path) = temp_signer::get_ec_signer(&temp_dir.path(), "es384", None);
+        let (_, cert_path) = temp_signer::get_ec_signer(&cert_dir, "es384", None);
         let es384_cert = std::fs::read(&cert_path).unwrap();
 
-        let (_, cert_path) = temp_signer::get_ec_signer(&temp_dir.path(), "es512", None);
+        let (_, cert_path) = temp_signer::get_ec_signer(&cert_dir, "es512", None);
         let es512_cert = std::fs::read(&cert_path).unwrap();
 
-        let (_, cert_path) = temp_signer::get_rsa_signer(&temp_dir.path(), "ps256", None);
+        let (_, cert_path) = temp_signer::get_rsa_signer(&cert_dir, "ps256", None);
         let rsa_pss256_cert = std::fs::read(&cert_path).unwrap();
 
         if let Ok(signcert) = openssl::x509::X509::from_pem(&es256_cert) {

sdk/src/lib.rs

@@ -60,7 +60,8 @@
 //! let dir = tempdir()?;
 //! let dest = dir.path().join("test_file.jpg");
 //!
-//! let (signer, _) = get_temp_signer(&dir.path());
+//! let cert_dir = PathBuf::from("tests/fixtures/certs");
+//! let (signer, _) = get_temp_signer(&cert_dir);
 //! manifest.embed(&source, &dest, &signer)?;
 //! # Ok(())
 //! # }

sdk/src/manifest.rs

@@ -693,7 +693,8 @@ pub(crate) mod tests {
         let test_output = dir.path().join("wc_embed_test.jpg");
 
         //embed a claim generated from this manifest
-        let (signer, _) = get_temp_signer(&dir.path());
+        let cert_dir = fixture_path("certs");
+        let (signer, _) = get_temp_signer(&cert_dir);
 
         let _store = manifest
             .embed(&source_path, &test_output, &signer)
@@ -796,7 +797,8 @@ pub(crate) mod tests {
             )
             .expect("add_assertion");
 
-        let (signer, _) = get_temp_signer(&temp_dir.path());
+        let cert_dir = fixture_path("certs");
+        let (signer, _) = get_temp_signer(&cert_dir);
 
         let store1 = manifest.embed(&output, &output, &signer).expect("embed");
         let claim1_label = store1.provenance_label().unwrap();
@@ -818,10 +820,10 @@ pub(crate) mod tests {
         manifest2
             .add_redaction(ASSERTION_LABEL)
             .expect("add_redaction");
-        let temp_dir = tempdir().expect("temp dir");
 
         //embed a claim in output2
-        let (signer, _) = get_temp_signer(&temp_dir.path());
+        let cert_dir = fixture_path("certs");
+        let (signer, _) = get_temp_signer(&cert_dir);
 
         let _store2 = manifest2.embed(&output2, &output2, &signer).expect("embed");
 

sdk/src/openssl/ec_signer.rs

@@ -208,15 +208,12 @@ mod tests {
 
     use super::*;
 
-    use tempfile::tempdir;
-
-    use crate::openssl::temp_signer;
-
+    use crate::{openssl::temp_signer, utils::test::fixture_path};
     #[test]
     fn es256_signer() {
-        let temp_dir = tempdir().unwrap();
+        let cert_dir = fixture_path("certs");
 
-        let (signer, _) = temp_signer::get_ec_signer(&temp_dir.path(), "es256", None);
+        let (signer, _) = temp_signer::get_ec_signer(&cert_dir, "es256", None);
 
         let data = b"some sample content to sign";
         println!("data len = {}", data.len());
@@ -229,9 +226,9 @@ mod tests {
 
     #[test]
     fn es384_signer() {
-        let temp_dir = tempdir().unwrap();
+        let cert_dir = fixture_path("certs");
 
-        let (signer, _) = temp_signer::get_ec_signer(&temp_dir.path(), "es384", None);
+        let (signer, _) = temp_signer::get_ec_signer(&cert_dir, "es384", None);
 
         let data = b"some sample content to sign";
         println!("data len = {}", data.len());
@@ -244,9 +241,9 @@ mod tests {
 
     #[test]
     fn es512_signer() {
-        let temp_dir = tempdir().unwrap();
+        let cert_dir = fixture_path("certs");
 
-        let (signer, _) = temp_signer::get_ec_signer(&temp_dir.path(), "es512", None);
+        let (signer, _) = temp_signer::get_ec_signer(&cert_dir, "es512", None);
 
         let data = b"some sample content to sign";
         println!("data len = {}", data.len());

sdk/src/openssl/ec_validator.rs

@@ -79,20 +79,13 @@ mod tests {
     #![allow(clippy::unwrap_used)]
     use super::*;
 
-    use tempfile::tempdir;
-
-    use crate::{
-        openssl::{ec_signer::EcSigner, temp_signer},
-        signer::ConfigurableSigner,
-        utils::test::fixture_path,
-        Signer,
-    };
+    use crate::{openssl::temp_signer, utils::test::fixture_path, Signer};
 
     #[test]
     fn sign_and_validate_es256() {
-        let temp_dir = tempdir().unwrap();
+        let cert_dir = fixture_path("certs");
 
-        let (signer, cert_path) = temp_signer::get_ec_signer(&temp_dir.path(), "es256", None);
+        let (signer, cert_path) = temp_signer::get_ec_signer(&cert_dir, "es256", None);
 
         let data = b"some sample content to sign";
         println!("data len = {}", data.len());
@@ -113,9 +106,9 @@ mod tests {
 
     #[test]
     fn sign_and_validate_es384() {
-        let temp_dir = tempdir().unwrap();
+        let cert_dir = fixture_path("certs");
 
-        let (signer, cert_path) = temp_signer::get_ec_signer(&temp_dir.path(), "es384", None);
+        let (signer, cert_path) = temp_signer::get_ec_signer(&cert_dir, "es384", None);
 
         let data = b"some sample content to sign";
         println!("data len = {}", data.len());
@@ -136,9 +129,9 @@ mod tests {
 
     #[test]
     fn sign_and_validate_es512() {
-        let temp_dir = tempdir().unwrap();
+        let cert_dir = fixture_path("certs");
 
-        let (signer, cert_path) = temp_signer::get_ec_signer(&temp_dir.path(), "es512", None);
+        let (signer, cert_path) = temp_signer::get_ec_signer(&cert_dir, "es512", None);
 
         let data = b"some sample content to sign";
         println!("data len = {}", data.len());
@@ -159,9 +152,9 @@ mod tests {
 
     #[test]
     fn bad_sig_es256() {
-        let temp_dir = tempdir().unwrap();
+        let cert_dir = fixture_path("certs");
 
-        let (signer, cert_path) = temp_signer::get_ec_signer(&temp_dir.path(), "es256", None);
+        let (signer, cert_path) = temp_signer::get_ec_signer(&cert_dir, "es256", None);
 
         let data = b"some sample content to sign";
         println!("data len = {}", data.len());
@@ -180,9 +173,9 @@ mod tests {
 
     #[test]
     fn bad_data_es256() {
-        let temp_dir = tempdir().unwrap();
+        let cert_dir = fixture_path("certs");
 
-        let (signer, cert_path) = temp_signer::get_ec_signer(&temp_dir.path(), "es256", None);
+        let (signer, cert_path) = temp_signer::get_ec_signer(&cert_dir, "es256", None);
 
         let mut data = b"some sample content to sign".to_vec();
         println!("data len = {}", data.len());
@@ -198,28 +191,4 @@ mod tests {
         let validator = EcValidator::new("es256");
         assert!(!validator.validate(&signature, &data, &pub_key).unwrap());
     }
-
-    #[test]
-    fn sign_and_validate_with_chain() {
-        let pkey_path = fixture_path("bob.key");
-        let cert_path = fixture_path("bob.pem");
-
-        let signer =
-            EcSigner::from_files(&cert_path, &pkey_path, "es256".to_string(), None).unwrap();
-
-        let data = b"some sample content to sign";
-        println!("data len = {}", data.len());
-
-        let signature = signer.sign(data).unwrap();
-        println!("signature.len = {}", signature.len());
-        assert!(signature.len() >= 64);
-        assert!(signature.len() <= signer.reserve_size());
-
-        let cert_bytes = &signer.certs().unwrap()[0];
-        let signcert = openssl::x509::X509::from_der(cert_bytes).unwrap();
-
-        let pub_key = signcert.public_key().unwrap().public_key_to_der().unwrap();
-        let validator = EcValidator::new("es256");
-        assert!(validator.validate(&signature, data, &pub_key).unwrap());
-    }
 }

sdk/src/openssl/ed_signer.rs

@@ -127,15 +127,13 @@ mod tests {
     #![allow(clippy::unwrap_used)]
     use super::*;
 
-    use tempfile::tempdir;
-
-    use crate::openssl::temp_signer;
+    use crate::{openssl::temp_signer, utils::test::fixture_path};
 
     #[test]
     fn ed25519_signer() {
-        let temp_dir = tempdir().unwrap();
+        let cert_dir = fixture_path("certs");
 
-        let (signer, _) = temp_signer::get_ed_signer(&temp_dir.path(), "ed25519", None);
+        let (signer, _) = temp_signer::get_ed_signer(&cert_dir, "ed25519", None);
 
         let data = b"some sample content to sign";
         println!("data len = {}", data.len());

sdk/src/openssl/ed_validator.rs

@@ -46,15 +46,13 @@ mod tests {
 
     use super::*;
 
-    use tempfile::tempdir;
-
-    use crate::{openssl::temp_signer, Signer};
+    use crate::{openssl::temp_signer, utils::test::fixture_path, Signer};
 
     #[test]
     fn sign_and_validate() {
-        let temp_dir = tempdir().unwrap();
+        let cert_dir = fixture_path("certs");
 
-        let (signer, cert_path) = temp_signer::get_ed_signer(&temp_dir.path(), "ed25519", None);
+        let (signer, cert_path) = temp_signer::get_ed_signer(&cert_dir, "ed25519", None);
 
         let data = b"some sample content to sign";
         println!("data len = {}", data.len());
@@ -74,9 +72,9 @@ mod tests {
 
     #[test]
     fn bad_data() {
-        let temp_dir = tempdir().unwrap();
+        let cert_dir = fixture_path("certs");
 
-        let (signer, cert_path) = temp_signer::get_ed_signer(&temp_dir.path(), "ed25519", None);
+        let (signer, cert_path) = temp_signer::get_ed_signer(&cert_dir, "ed25519", None);
 
         let mut data = b"some sample content to sign".to_vec();
         println!("data len = {}", data.len());

sdk/src/openssl/rsa_signer.rs

@@ -212,15 +212,13 @@ mod tests {
 
     use super::*;
 
-    use tempfile::tempdir;
-
-    use crate::{openssl::temp_signer::get_temp_signer, Signer};
+    use crate::{openssl::temp_signer::get_temp_signer, utils::test::fixture_path, Signer};
 
     #[test]
     fn signer_from_files() {
-        let temp_dir = tempdir().unwrap();
+        let cert_dir = fixture_path("certs");
 
-        let (signer, _) = get_temp_signer(&temp_dir.path());
+        let (signer, _) = get_temp_signer(&cert_dir);
         let data = b"some sample content to sign";
 
         let signature = signer.sign(data).unwrap();