contentauth · scouten-adobe · Aug 5, 2025 · Sep 2, 2025 · Sep 2, 2025 · Sep 4, 2025
diff --git a/cawgi.jpg b/cawgi.jpg
diff --git a/sdk/examples/cawg_identity.rs b/sdk/examples/cawg_identity.rs
@@ -29,7 +29,6 @@ mod cawg {
         crypto::raw_signature,
         identity::{
             builder::{AsyncIdentityAssertionBuilder, AsyncIdentityAssertionSigner},
-            validator::CawgValidator,
             x509::AsyncX509CredentialHolder,
         },
         AsyncSigner, Builder, Reader, SigningAlg,
@@ -125,10 +124,8 @@ mod cawg {
 
         builder.sign_file_async(&signer, source, &dest).await?;
 
-        let mut reader = Reader::from_file(dest)?;
-
-        reader.post_validate_async(&CawgValidator {}).await?;
-
+        //let reader = Reader::from_file_async(dest).await?;
+        let reader = Reader::from_file(dest)?;
         println!("{reader}");
         Ok(())
     }

diff --git a/sdk/src/identity/identity_assertion/assertion.rs b/sdk/src/identity/identity_assertion/assertion.rs
@@ -93,6 +93,10 @@ impl IdentityAssertion {
                         ia.label = Some(to_assertion_uri(manifest_label, a.label()));
                     }
                 }
+                // TO DO: Add error readout if the proposed new setting resulted
+                // in this assertion being parsed and converted to JSON. This function
+                // has become incompatible with the now-default behavior to validate
+                // identity assertions during parsing.
                 (a.label().to_owned(), ia)
             })
             .inspect(|(label, r)| {

diff --git a/sdk/src/identity/validator.rs b/sdk/src/identity/validator.rs
@@ -61,7 +61,6 @@ mod tests {
     #[cfg(all(target_arch = "wasm32", not(target_os = "wasi")))]
     use wasm_bindgen_test::wasm_bindgen_test;
 
-    use super::*;
     use crate::{Reader, ValidationState};
 
     const CONNECTED_IDENTITIES_VALID: &[u8] =
@@ -78,9 +77,13 @@ mod tests {
         crate::settings::set_settings_value("verify.verify_trust", false).unwrap();
 
         let mut stream = Cursor::new(CONNECTED_IDENTITIES_VALID);
-        let mut reader = Reader::from_stream("image/jpeg", &mut stream).unwrap();
-        reader.post_validate_async(&CawgValidator {}).await.unwrap();
+
+        let reader = Reader::from_stream_async("image/jpeg", &mut stream)
+            .await
+            .unwrap();
+
         //println!("validation results: {}", reader);
+
         assert_eq!(
             reader
                 .validation_results()
@@ -100,9 +103,13 @@ mod tests {
         crate::settings::set_settings_value("verify.verify_trust", false).unwrap();
 
         let mut stream = Cursor::new(MULTIPLE_IDENTITIES_VALID);
-        let mut reader = Reader::from_stream("image/jpeg", &mut stream).unwrap();
-        reader.post_validate_async(&CawgValidator {}).await.unwrap();
+
+        let reader = Reader::from_stream_async("image/jpeg", &mut stream)
+            .await
+            .unwrap();
+
         println!("validation results: {reader}");
+
         assert_eq!(
             reader
                 .validation_results()
@@ -116,10 +123,13 @@ mod tests {
     }
 
     #[c2pa_test_async]
-    async fn test_post_validate_with_hard_binding_missing() {
+    async fn test_cawg_validate_with_hard_binding_missing() {
         let mut stream = Cursor::new(NO_HARD_BINDING);
-        let mut reader = Reader::from_stream("image/jpeg", &mut stream).unwrap();
-        reader.post_validate_async(&CawgValidator {}).await.unwrap();
+
+        let reader = Reader::from_stream_async("image/jpeg", &mut stream)
+            .await
+            .unwrap();
+
         assert_eq!(
             reader
                 .validation_results()

diff --git a/sdk/src/identity/x509/async_x509_credential_holder.rs b/sdk/src/identity/x509/async_x509_credential_holder.rs
@@ -164,6 +164,9 @@ mod tests {
         // Read back the Manifest that was generated.
         dest.rewind().unwrap();
 
+        // TO DO: Retool this test to use Reader::from_stream_async and add a setting
+        // to parse (convert to JSON) or not parse (leave usable with iteration pattern
+        // below) the identity assertions.
         let manifest_store = Reader::from_stream(format, &mut dest).unwrap();
         assert_eq!(manifest_store.validation_status(), None);
 

diff --git a/sdk/src/identity/x509/x509_credential_holder.rs b/sdk/src/identity/x509/x509_credential_holder.rs
@@ -88,7 +88,7 @@ mod tests {
             x509::{X509CredentialHolder, X509SignatureVerifier},
             IdentityAssertion,
         },
-        status_tracker::StatusTracker,
+        status_tracker::{LogKind, StatusTracker},
         Builder, Reader, SigningAlg,
     };
 
@@ -134,9 +134,31 @@ mod tests {
         // Read back the Manifest that was generated.
         dest.rewind().unwrap();
 
-        let manifest_store = Reader::from_stream(format, &mut dest).unwrap();
+        // TO DO: Retool this test to use Reader::from_stream (NOT async) and add a setting
+        // to parse (convert to JSON) or not parse (leave usable with iteration pattern
+        // below) the identity assertions.
+        let manifest_store = Reader::from_stream_async(format, &mut dest).await.unwrap();
+
         assert_eq!(manifest_store.validation_status(), None);
 
+        let validation_results = manifest_store.validation_results().unwrap();
+        let active_manifest_results = validation_results.active_manifest().unwrap();
+        let active_manifest_success_codes = active_manifest_results.success();
+
+        println!("{manifest_store}");
+
+        let mut ia_success_codes = active_manifest_success_codes.iter().filter(|s| {
+            s.url()
+                .map(|url| url.ends_with("cawg.identity"))
+                .unwrap_or(false)
+                && !s.code().starts_with("assertion.")
+        });
+
+        let ia_success = ia_success_codes.next().unwrap();
+        assert_eq!(ia_success.code(), "signingCredential.trusted");
+        assert!(ia_success.url().unwrap().ends_with("cawg.identity"));
+        assert_eq!(ia_success.kind(), &LogKind::Success);
+
         let manifest = manifest_store.active_manifest().unwrap();
         let mut st = StatusTracker::default();
         let mut ia_iter = IdentityAssertion::from_manifest(manifest, &mut st);

diff --git a/sdk/src/manifest.rs b/sdk/src/manifest.rs
@@ -30,10 +30,12 @@ use crate::{
     crypto::raw_signature::SigningAlg,
     error::{Error, Result},
     hashed_uri::HashedUri,
+    identity::IdentityAssertion,
     ingredient::Ingredient,
     jumbf::labels::{to_absolute_uri, to_assertion_uri},
     manifest_assertion::ManifestAssertion,
     resource_store::{mime_from_uri, skip_serializing_resources, ResourceRef, ResourceStore},
+    status_tracker::StatusTracker,
     store::Store,
     ClaimGeneratorInfo, ManifestAssertionKind,
 };
@@ -350,6 +352,7 @@ impl Manifest {
         store: &Store,
         manifest_label: &str,
         options: &mut StoreOptions,
+        validation_log: &mut StatusTracker,
     ) -> Result<Self> {
         let claim = store
             .get_claim(manifest_label)
@@ -535,6 +538,44 @@ impl Manifest {
                         .set_instance(claim_assertion.instance());
                     manifest.assertions.push(manifest_assertion);
                 }
+                label if label == "cawg.identity" || label.starts_with("cawg.identity__") => {
+                    let value = assertion.as_json_object()?;
+                    let mut ma = ManifestAssertion::new(label.to_string(), value)
+                        .set_instance(claim_assertion.instance());
+
+                    //dbg!(&identity_assertion);
+
+                    let mut partial_claim = crate::dynamic_assertion::PartialClaim::default();
+                    for a in claim.assertions() {
+                        partial_claim.add_assertion(a);
+                    }
+
+                    let uri = to_assertion_uri(manifest_label, label);
+                    validation_log.push_current_uri(&uri);
+                    let value: Option<serde_json::Value> = if _sync {
+                        crate::log_item!(
+                            uri,
+                            "formatting not supported in sync",
+                            "from_store - validating cawg.identity"
+                        )
+                        .validation_status("cawg.validation_skipped")
+                        .informational(validation_log);
+                        None
+                    } else {
+                        let identity_assertion: IdentityAssertion = ma.to_assertion()?;
+                        identity_assertion
+                            .validate_partial_claim(&partial_claim, validation_log)
+                            .await
+                            .ok()
+                    };
+                    if let Some(v) = value {
+                        //debug!("cawg.identity validation returned: {v}");
+                        ma = ManifestAssertion::new(label.to_string(), v)
+                            .set_instance(claim_assertion.instance());
+                    }
+                    validation_log.pop_current_uri();
+                    manifest.assertions.push(ma);
+                }
                 _ => {
                     // inject assertions for all other assertions
                     match assertion.decode_data() {

diff --git a/sdk/src/manifest_store_report.rs b/sdk/src/manifest_store_report.rs
@@ -147,6 +147,7 @@ impl ManifestReport {
 
         json = b64_tag(json, "hash");
         json = omit_tag(json, "pad");
+        json = omit_tag(json, "pad1");
 
         json
     }
-Original file line number
+Diff line change
@@ Expand Up / @@ -147,6 +147,7 @@ impl ManifestReport { @@
             json = b64_tag(json, "hash");
             json = omit_tag(json, "pad");
+            json = omit_tag(json, "pad1");
             json
         }
@@ Expand Down @@