Skip to content

feat: Add CAWG validation to Reader #1370

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 28 commits into
base: main
Choose a base branch
from
Open

feat: Add CAWG validation to Reader #1370

wants to merge 28 commits into from
+166 −46

Conversation

scouten-adobe
Copy link
Collaborator

This is a sketch of the changes I'd like to see made to the Reader interface to make CAWG more directly part of the reading process from clients' point of view.

@scouten-adobe scouten-adobe self-assigned this Sep 2, 2025
@codecov Codecov
Copy link

codecov bot commented Sep 2, 2025
edited
Loading

Codecov Report

❌ Patch coverage is 82.79570% with 16 lines in your changes missing coverage. Please review.
✅ Project coverage is 78.44%. Comparing base (f746613) to head (bbebf93).
⚠️ Report is 1 commits behind head on main.

Files with missing lines Patch % Lines
sdk/src/reader.rs 38.09% 13 Missing ⚠️
sdk/src/identity/identity_assertion/assertion.rs 83.33% 1 Missing ⚠️
sdk/src/manifest_store_report.rs 0.00% 1 Missing ⚠️
sdk/src/validation_status.rs 0.00% 1 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #1370      +/-   ##
==========================================
+ Coverage   78.41%   78.44%   +0.02%     
==========================================
  Files         162      162              
  Lines       39536    39593      +57     
==========================================
+ Hits        31001    31057      +56     
- Misses       8535     8536       +1

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

tmathern
tmathern reviewed Sep 3, 2025
View reviewed changes
@emensch emensch mentioned this pull request Sep 9, 2025
Merged
@scouten-adobe scouten-adobe changed the title Add CAWG validation to reader feat: Add CAWG validation to reader Sep 11, 2025
@codspeed-hq CodSpeed HQ
Copy link

codspeed-hq bot commented Sep 11, 2025
edited
Loading

CodSpeed Performance Report

Merging #1370 will not alter performance

Comparing scouten/cai-9212-add-cawg-to-reader (bbebf93) with main (f746613)

Summary

✅ 16 untouched
⏩ 2 skipped1

Footnotes

  1. 2 benchmarks were skipped, so the baseline results were used instead. If they were deleted from the codebase, click here and archive them to remove them from the performance reports.

@scouten-adobe scouten-adobe changed the title feat: Add CAWG validation to reader feat: Add CAWG validation to Reader Sep 12, 2025
@scouten-adobe scouten-adobe force-pushed the scouten/cai-9212-add-cawg-to-reader branch from ba322ff to 5270494 Compare September 12, 2025 21:44
@scouten-adobe scouten-adobe marked this pull request as ready for review September 12, 2025 21:50
@scouten-adobe
Copy link
Collaborator Author

I think I've solved the sync/async issues by leaving the existing approach in C API unchanged. I've added a new convenience function (async only) which does the combined test. That's what we were doing in the C API wrapper functions already and I've removed my changes to those functions.

@tmathern tmathern requested a review from emensch September 12, 2025 22:03
scouten-adobe
scouten-adobe commented Sep 12, 2025
View reviewed changes
tmathern
tmathern approved these changes Sep 12, 2025
View reviewed changes
emensch
emensch reviewed Sep 12, 2025
View reviewed changes
gpeacock
gpeacock requested changes Sep 12, 2025
View reviewed changes
Copy link
Collaborator

@gpeacock gpeacock left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why not just say that Reader::from_stream_async() supports cawg but reader_from_stream() doesn't yet. The same would go for Reader:from_file() I don't see why we should add new cawg specific methods here.
Eventually, hopefully the sync methods can support cawg too.

Another option is that we can configure the cawg support with a setting. So if you have cawg enabled we always do the cawg call and if you don't there's no extra overhead.

Maybe there's a separate (or the same) option that allows the sync methods to block on the async call. you can can disable the setting if you don't want that behavior.

scouten-adobe
scouten-adobe commented Sep 17, 2025
View reviewed changes
@scouten-adobe
Copy link
Collaborator Author

TO DO: Review c2patool usage.

@scouten-adobe
Copy link
Collaborator Author

TO DO: Check in to whether verify-on-sign does CAWG identity assertion verification and if it becomes async as a result.

gpeacock and others added 9 commits September 18, 2025 23:55
@gpeacock
feat: cawg in native Reader
25d029f
@scouten-adobe
Merge branch 'main' into scouten/cai-9212-add-cawg-to-reader
c87e7f5
@scouten-adobe
Reader::from_stream_async should use Store::from_store_async
aeab1bc
@scouten-adobe
Merge branch 'main' into scouten/cai-9212-add-cawg-to-reader
13523aa
@scouten-adobe
Plan to resolve compatibility issues for `IdentityAssertion::from_man…
a612b45 
…ifest`
@scouten-adobe
Merge branch 'main' into scouten/cai-9212-add-cawg-to-reader
ad03081
@scouten-adobe
Add new settings value (core.decode_identity_assertions) which specif…
1d4b79f 
…ies whether to interpret identity assertions during manifest reading

Defaults to true, but there are some internal tests that need it off.
@scouten-adobe
Downgrade most IdentityAssertion APIs to pub(crate)
909ba26 
These were public but undocumented. Encouraging external clients to use the new JSON-style reporting added in this PR.
@scouten-adobe
Update CAWG signing example
5178230
scouten-adobe
scouten-adobe commented Oct 7, 2025
View reviewed changes
sdk/src/identity/identity_assertion/assertion.rs
///
/// Aside from CBOR parsing, no further validation is performed.
pub fn from_manifest<'a>(
pub(crate) fn from_manifest<'a>(
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@emensch @tmathern please review these access changes and LMK if any of these need to remain public.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

From my point of view the access changes are OK.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can the fields of IdentityAssertion above be public, or can I have a more general constructor? I redefine it in the Node SDK, which is not a good practice.
https://github.com/contentauth/c2pa-node-v2/blob/main/src/neon_identity_assertion_builder.rs#L34

tmathern
tmathern reviewed Oct 7, 2025
View reviewed changes
tmathern
tmathern approved these changes Oct 7, 2025
View reviewed changes
Copy link
Contributor

@tmathern tmathern left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you give the image a better name than cawgi? What is special about it, except that it has cawg data?

emensch
emensch approved these changes Oct 8, 2025
View reviewed changes
Copy link
Contributor

@emensch emensch left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! Very excited to get this in.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cdmurph32 cdmurph32 cdmurph32 left review comments

@gpeacock gpeacock gpeacock requested changes

@emensch emensch emensch approved these changes

@tmathern tmathern tmathern approved these changes

Requested changes must be addressed to merge this pull request.

Assignees

@scouten-adobe scouten-adobe

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@scouten-adobe @emensch @gpeacock @cdmurph32 @tmathern