feat: Add cawg_trust.verify_trust_list setting (#1356)

Author: scouten-adobe

sdk/src/identity/identity_assertion/assertion.rs

@@ -303,25 +303,38 @@ impl IdentityAssertion {
             // Load the trust handler settings. Don't worry about status as these
             // are checked during setting generation.
 
-            if let Ok(Some(ta)) = get_settings_value::<Option<String>>("cawg_trust.trust_anchors") {
-                let _ = ctp.add_trust_anchors(ta.as_bytes());
-            }
+            let cose_verifier =
+                if let Ok(true) = get_settings_value::<bool>("cawg_trust.verify_trust_list") {
+                    if let Ok(Some(ta)) =
+                        get_settings_value::<Option<String>>("cawg_trust.trust_anchors")
+                    {
+                        let _ = ctp.add_trust_anchors(ta.as_bytes());
+                    }
 
-            if let Ok(Some(pa)) = get_settings_value::<Option<String>>("cawg_trust.user_anchors") {
-                let _ = ctp.add_user_trust_anchors(pa.as_bytes());
-            }
+                    if let Ok(Some(pa)) =
+                        get_settings_value::<Option<String>>("cawg_trust.user_anchors")
+                    {
+                        let _ = ctp.add_user_trust_anchors(pa.as_bytes());
+                    }
 
-            if let Ok(Some(tc)) = get_settings_value::<Option<String>>("cawg_trust.trust_config") {
-                ctp.add_valid_ekus(tc.as_bytes());
-            }
+                    if let Ok(Some(tc)) =
+                        get_settings_value::<Option<String>>("cawg_trust.trust_config")
+                    {
+                        ctp.add_valid_ekus(tc.as_bytes());
+                    }
 
-            if let Ok(Some(al)) = get_settings_value::<Option<String>>("cawg_trust.allowed_list") {
-                let _ = ctp.add_end_entity_credentials(al.as_bytes());
-            }
+                    if let Ok(Some(al)) =
+                        get_settings_value::<Option<String>>("cawg_trust.allowed_list")
+                    {
+                        let _ = ctp.add_end_entity_credentials(al.as_bytes());
+                    }
 
-            let verifier = X509SignatureVerifier {
-                cose_verifier: Verifier::VerifyTrustPolicy(Cow::Owned(ctp)),
-            };
+                    Verifier::VerifyTrustPolicy(Cow::Owned(ctp))
+                } else {
+                    Verifier::IgnoreProfileAndTrustPolicy
+                };
+
+            let verifier = X509SignatureVerifier { cose_verifier };
 
             let result = verifier
                 .check_signature(&self.signer_payload, &self.signature, status_tracker)

sdk/src/settings/mod.rs

@@ -44,6 +44,7 @@ pub(crate) trait SettingsValidate {
 #[derive(Clone, Debug, Deserialize, PartialEq, Serialize)]
 #[allow(unused)]
 pub(crate) struct Trust {
+    verify_trust_list: bool,
     user_anchors: Option<String>,
     trust_anchors: Option<String>,
     trust_config: Option<String>,
@@ -106,6 +107,7 @@ impl Default for Trust {
         #[cfg(test)]
         {
             let mut trust = Self {
+                verify_trust_list: true,
                 user_anchors: None,
                 trust_anchors: None,
                 trust_config: None,
@@ -130,6 +132,7 @@ impl Default for Trust {
         #[cfg(not(test))]
         {
             Self {
+                verify_trust_list: true,
                 user_anchors: None,
                 trust_anchors: None,
                 trust_config: None,