chore: Move check_ocsp_response (the one that uses settings) to claim.rs (#799)

Author: scouten-adobe

sdk/src/claim.rs

@@ -18,7 +18,8 @@ use std::{collections::HashMap, fmt};
 use async_generic::async_generic;
 use c2pa_crypto::{
     base64,
-    cose::{parse_cose_sign1, CertificateTrustPolicy},
+    cose::{parse_cose_sign1, CertificateTrustPolicy, OcspFetchPolicy},
+    ocsp::OcspResponse,
     ValidationInfo,
 };
 use c2pa_status_tracker::{log_item, OneShotStatusTracker, StatusTracker};
@@ -38,10 +39,7 @@ use crate::{
         AssetType, BmffHash, BoxHash, DataBox, DataHash, Metadata,
     },
     asset_io::CAIRead,
-    cose_validator::{
-        check_ocsp_status, check_ocsp_status_async, get_signing_info, get_signing_info_async,
-        verify_cose, verify_cose_async,
-    },
+    cose_validator::{get_signing_info, get_signing_info_async, verify_cose, verify_cose_async},
     error::{Error, Result},
     hashed_uri::HashedUri,
     jumbf::{
@@ -56,6 +54,7 @@ use crate::{
     },
     jumbf_io::get_assetio_handler,
     salt::{DefaultSalt, SaltGenerator, NO_SALT},
+    settings::get_settings_value,
     utils::hash_utils::{hash_by_alg, vec_compare, verify_by_alg},
     validation_status, ClaimGeneratorInfo,
 };
@@ -1990,6 +1989,41 @@ impl Claim {
     }
 }
 
+#[allow(dead_code)]
+#[async_generic]
+pub(crate) fn check_ocsp_status(
+    sign1: &coset::CoseSign1,
+    data: &[u8],
+    ctp: &CertificateTrustPolicy,
+    validation_log: &mut impl StatusTracker,
+) -> Result<OcspResponse> {
+    // Moved here instead of c2pa-crypto because of the dependency on settings.
+
+    let fetch_policy = match get_settings_value::<bool>("verify.ocsp_fetch") {
+        Ok(true) => OcspFetchPolicy::FetchAllowed,
+        _ => OcspFetchPolicy::DoNotFetch,
+    };
+
+    if _sync {
+        Ok(c2pa_crypto::cose::check_ocsp_status(
+            sign1,
+            data,
+            fetch_policy,
+            ctp,
+            validation_log,
+        )?)
+    } else {
+        Ok(c2pa_crypto::cose::check_ocsp_status_async(
+            sign1,
+            data,
+            fetch_policy,
+            ctp,
+            validation_log,
+        )
+        .await?)
+    }
+}
+
 #[cfg(feature = "openssl")]
 #[cfg(test)]
 pub mod tests {

sdk/src/cose_validator.rs

@@ -17,9 +17,8 @@ use async_generic::async_generic;
 use c2pa_crypto::{
     cose::{
         cert_chain_from_sign1, parse_cose_sign1, signing_alg_from_sign1, validate_cose_tst_info,
-        validate_cose_tst_info_async, CertificateTrustPolicy, OcspFetchPolicy, Verifier,
+        validate_cose_tst_info_async, CertificateTrustPolicy, Verifier,
     },
-    ocsp::OcspResponse,
     p1363::parse_ec_der_sig,
     raw_signature::{validator_for_signing_alg, RawSignatureValidator},
     SigningAlg, ValidationInfo,
@@ -33,41 +32,6 @@ use crate::{
     settings::get_settings_value,
 };
 
-#[allow(dead_code)]
-#[async_generic]
-pub(crate) fn check_ocsp_status(
-    sign1: &coset::CoseSign1,
-    data: &[u8],
-    ctp: &CertificateTrustPolicy,
-    validation_log: &mut impl StatusTracker,
-) -> Result<OcspResponse> {
-    let fetch_policy = match get_settings_value::<bool>("verify.ocsp_fetch") {
-        Ok(true) => OcspFetchPolicy::FetchAllowed,
-        _ => OcspFetchPolicy::DoNotFetch,
-    };
-
-    if _sync {
-        Ok(c2pa_crypto::cose::check_ocsp_status(
-            sign1,
-            data,
-            fetch_policy,
-            ctp,
-            validation_log,
-        )?)
-    } else {
-        Ok(c2pa_crypto::cose::check_ocsp_status_async(
-            sign1,
-            data,
-            fetch_policy,
-            ctp,
-            validation_log,
-        )
-        .await?)
-    }
-}
-
-// ---- TEMPORARY MARKER: Above this line will not move to c2pa-crypto
-
 fn get_sign_cert(sign1: &coset::CoseSign1) -> Result<Vec<u8>> {
     // element 0 is the signing cert
     let certs = cert_chain_from_sign1(sign1)?;

sdk/src/store.rs

@@ -47,9 +47,9 @@ use crate::{
     asset_io::{
         CAIRead, CAIReadWrite, HashBlockObjectType, HashObjectPositions, RemoteRefEmbedType,
     },
-    claim::{Claim, ClaimAssertion, ClaimAssetData, RemoteManifest},
+    claim::{check_ocsp_status, Claim, ClaimAssertion, ClaimAssetData, RemoteManifest},
     cose_sign::{cose_sign, cose_sign_async},
-    cose_validator::{check_ocsp_status, verify_cose, verify_cose_async},
+    cose_validator::{verify_cose, verify_cose_async},
     dynamic_assertion::{DynamicAssertion, PreliminaryClaim},
     error::{Error, Result},
     external_manifest::ManifestPatchCallback,