fix: Turn on trust by default (#1483)

Turn on trust by default
Change c2patool to never disable trust (can only enable trust)
Fix unit tests to use configuration files (now get trust by default)
Fix logItem to not automatically write to logger
Fix some error reporting to match the spec better
Fix default test toml to correctly initialize trust anchors

Author: mauricefisher64

c2pa_c_ffi/src/json_api.rs

@@ -78,6 +78,8 @@ pub fn sign_file(
 mod tests {
     use std::{ffi::CString, fs::remove_dir_all, path::PathBuf};
 
+    use c2pa::settings::Settings;
+
     use super::*;
     use crate::c_api::c2pa_load_settings;
 
@@ -89,6 +91,8 @@ mod tests {
 
     #[test]
     fn test_verify_from_file_no_base() {
+        let _ = Settings::from_toml(include_str!("../../sdk/tests/fixtures/test_settings.toml"));
+
         let path = test_path("tests/fixtures/C.jpg");
         let result = read_file(&path, None);
         assert!(result.is_ok());
@@ -100,6 +104,8 @@ mod tests {
 
     #[test]
     fn test_read_from_file_with_base() {
+        let _ = Settings::from_toml(include_str!("../../sdk/tests/fixtures/test_settings.toml"));
+
         let path = test_path("tests/fixtures/C.jpg");
         let data_dir = "../target/data_dir";
         if PathBuf::from(data_dir).exists() {

cli/src/main.rs

@@ -449,6 +449,7 @@ fn configure_sdk(args: &CliArgs) -> Result<()> {
     }
 
     // if any trust setting is provided enable the trust checks
+    // there is no disabling of default setting only the ability to enable if they were internally disabled
     if enable_trust_checks {
         Settings::from_toml(
             &toml::toml! {
@@ -457,14 +458,6 @@ fn configure_sdk(args: &CliArgs) -> Result<()> {
             }
             .to_string(),
         )?;
-    } else {
-        Settings::from_toml(
-            &toml::toml! {
-                [verify]
-                verify_trust = false
-            }
-            .to_string(),
-        )?;
     }
 
     // enable or disable verification after signing

sdk/examples/v2api.rs

@@ -84,6 +84,8 @@ fn main() -> Result<()> {
     }
     .to_string();
 
+    Settings::from_toml(include_str!("../tests/fixtures/test_settings.toml"))?;
+
     Settings::from_toml(&modified_core)?;
 
     let json = manifest_def(title, format);
@@ -152,7 +154,7 @@ fn main() -> Result<()> {
     }
 
     println!("{}", reader.json());
-    assert_ne!(reader.validation_state(), ValidationState::Invalid);
+    assert_eq!(reader.validation_state(), ValidationState::Trusted);
     assert_eq!(reader.active_manifest().unwrap().title().unwrap(), title);
 
     Ok(())

sdk/src/crypto/cose/error.rs

@@ -78,7 +78,7 @@ pub enum CoseError {
     #[error(transparent)]
     RawSignatureValidationError(#[from] RawSignatureValidationError),
 
-    /// An unexpected internal error occured while requesting the time stamp
+    /// An unexpected internal error occurred while requesting the time stamp
     /// response.
     #[error("internal error ({0})")]
     InternalError(String),

sdk/src/crypto/cose/sigtst.rs

@@ -26,7 +26,9 @@ use crate::{
         raw_signature::{AsyncRawSigner, RawSigner},
         time_stamp::{verify_time_stamp, verify_time_stamp_async, ContentInfo, TimeStampResponse},
     },
+    log_item,
     status_tracker::StatusTracker,
+    validation_status,
 };
 
 /// Given a COSE signature, retrieve the `sigTst` header from it and validate
@@ -109,6 +111,18 @@ pub(crate) fn parse_and_validate_sigtst(
 
     let mut tstinfos: Vec<TstInfo> = vec![];
 
+    // only a single value is allowed in tstTokens
+    if tst_container.tst_tokens.len() > 1 {
+        log_item!(
+            "",
+            "only a single timestamp response is allowed in a manifest",
+            "parse_and_validate_sigtst"
+        )
+        .validation_status(validation_status::TIMESTAMP_MALFORMED)
+        .informational(validation_log);
+        return Err(CoseError::NoTimeStampToken);
+    }
+
     for token in &tst_container.tst_tokens {
         let tbs = cose_countersign_data(data, p_header);
 

sdk/src/settings/mod.rs

@@ -228,7 +228,7 @@ impl Default for Verify {
         Self {
             verify_after_reading: true,
             verify_after_sign: true,
-            verify_trust: cfg!(test),
+            verify_trust: true,
             verify_timestamp_trust: !cfg!(test), // verify timestamp trust unless in test mode
             ocsp_fetch: false,
             remote_manifest_fetch: true,

sdk/src/status_tracker/mod.rs

@@ -15,7 +15,7 @@
 
 use std::{fmt::Debug, iter::Iterator};
 
-use log::{error, info};
+use log::info;
 
 /// A `StatusTracker` is used in the validation logic of c2pa-rs and
 /// related crates to control error-handling behavior and optionally
@@ -90,7 +90,7 @@ impl StatusTracker {
                 log_item.label = std::borrow::Cow::Owned(current_uri.to_string());
             }
         }
-        error!("Validation error: {log_item:#?}");
+
         self.logged_items.push(log_item);
 
         match self.error_behavior {

sdk/src/store.rs

@@ -1998,7 +1998,7 @@ impl Store {
                         .validation_status(validation_status::ASSERTION_TIMESTAMP_MALFORMED)
                         .failure_as_err(
                             validation_log,
-                            Error::OtherError("timestamp assertion malformed".into()),
+                            Error::ValidationRule("timestamp assertion malformed".into()),
                         )
                     })?;
 
@@ -2012,19 +2012,8 @@ impl Store {
                             validation_log,
                         ) {
                             svi.timestamps.insert(rc.label().to_owned(), tst_info);
-                            continue;
                         }
                     }
-                    log_item!(
-                        to_manifest_uri(referenced_claim),
-                        "could not validate timestamp assertion",
-                        "get_claim_referenced_manifests"
-                    )
-                    .validation_status(validation_status::ASSERTION_TIMESTAMP_MALFORMED)
-                    .failure(
-                        validation_log,
-                        Error::OtherError("timestamp assertion malformed".into()),
-                    )?;
                 }
             }
 

sdk/tests/fixtures/test_settings.toml

@@ -9,6 +9,8 @@ version_minor = 0
 # String to user-provided trust anchors (PEM format).
 # user_anchors = ""
 # String to system trust anchors (PEM format).
+# trust_anchors = ""
+[trust]
 trust_anchors = """-----BEGIN CERTIFICATE-----
 MIICEzCCAcWgAwIBAgIUW4fUnS38162x10PCnB8qFsrQuZgwBQYDK2VwMHcxCzAJ
 BgNVBAYTAlVTMQswCQYDVQQIDAJDQTESMBAGA1UEBwwJU29tZXdoZXJlMRowGAYD

sdk/tests/integration.rs

@@ -377,7 +377,7 @@ mod integration_1 {
         //println!("{reader}");
         // ensure certificate status assertion was created
         assert!(reader_json.contains(r#"label": "c2pa.certificate-status"#));
-        assert_eq!(reader.validation_state(), ValidationState::Valid);
+        assert_eq!(reader.validation_state(), ValidationState::Trusted);
         assert!(reader_json.contains("signingCredential.ocsp.notRevoked"));
         Ok(())
     }