Upgrade to latest c2pa-rs (#60)

scouten-adobe · Oct 23, 2024 · d867c04 · d867c04
1 parent 08d9e43
commit d867c04
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 7 deletions.
diff --git a/Cargo.toml b/Cargo.toml
@@ -5,8 +5,8 @@ edition = "2021"
 
 [dependencies]
 async-trait = "0.1.78"
-base64 = "0.22"
-c2pa = { version = "0.33.0", features = ["openssl_ffi_mutex"] }
+base64 = "0.22.1"
+c2pa = { version = "0.37.0", features = ["openssl_ffi_mutex"] }
 chrono = { version = "0.4.38", features = ["serde"] }
 ciborium = "0.2.2"
 coset = "0.3.8"
@@ -28,7 +28,7 @@ thiserror = "1.0.61"
 zeroize = { version = "1.8", features = ["zeroize_derive"] }
 
 [dev-dependencies]
-c2pa = { version = "0.33.0", features = ["file_io", "openssl_sign", "openssl_ffi_mutex"] }
+c2pa = { version = "0.37.0", features = ["file_io", "openssl_sign", "openssl_ffi_mutex"] }
 httpmock = "0.7.0"
 serde = { version = "1.0.197", features = ["derive"] }
 tempfile = "3.10.1"

diff --git a/src/identity_assertion/signer_payload.rs b/src/identity_assertion/signer_payload.rs
@@ -14,15 +14,20 @@
 use std::{
     collections::HashSet,
     fmt::{Debug, Formatter},
+    sync::LazyLock,
 };
 
+use regex::Regex;
 use serde::{Deserialize, Serialize};
 
 use crate::{
     identity_assertion::{ValidationError, ValidationResult},
     internal::debug_byte_slice::DebugByteSlice,
 };
 
+#[allow(clippy::unwrap_used)]
+static ABSOLUTE_URL_PREFIX: LazyLock<Regex> = LazyLock::new(|| Regex::new("/c2pa/[^/]+/").unwrap());
+
 /// The set of data to be signed by the credential holder.
 #[derive(Clone, Debug, Deserialize, Eq, Serialize, PartialEq)]
 pub struct SignerPayload {
@@ -39,10 +44,16 @@ impl SignerPayload {
         // also need to be referenced in the claim.
 
         for ref_assertion in self.referenced_assertions.iter() {
-            if let Some(claim_assertion) = manifest
-                .assertion_references()
-                .find(|a| a.url() == ref_assertion.url)
-            {
+            if let Some(claim_assertion) = manifest.assertion_references().find(|a| {
+                // HACKY workaround for absolute assertion URLs as of c2pa-rs 0.36.0.
+                // See https://github.com/contentauth/c2pa-rs/pull/603.
+                let url = a.url();
+                if url == ref_assertion.url {
+                    return true;
+                }
+                let url = ABSOLUTE_URL_PREFIX.replace(&url, "");
+                url == ref_assertion.url
+            }) {
                 if claim_assertion.hash() != ref_assertion.hash {
                     return Err(ValidationError::AssertionMismatch(
                         ref_assertion.url.to_owned(),