feat: Add CAWG validation to Reader

c2pa_c_ffi/src/c_api.rs

@@ -463,6 +463,11 @@ pub unsafe extern "C" fn c2pa_free_string_array(ptr: *const *const c_char, count
 
 // Run CAWG post-validation - this is async and requires a runtime.
 fn post_validate(result: Result<C2paReader, c2pa::Error>) -> Result<C2paReader, c2pa::Error> {
+    if false {
+        // CONSIDER BEFORE MERGING ...
+        todo!("Remove me?");
+    }
+
     match result {
         Ok(mut reader) => {
             let runtime = match Runtime::new() {

c2pa_c_ffi/src/json_api.rs

@@ -24,6 +24,10 @@ use crate::{Error, Result, SignerInfo};
 pub fn read_file(path: &str, data_dir: Option<String>) -> Result<String> {
     let mut reader = Reader::from_file(path).map_err(Error::from_c2pa_error)?;
     let runtime = Runtime::new().map_err(|e| Error::Other(e.to_string()))?;
+    if false {
+        // CONSIDER BEFORE MERGING ...
+        todo!("Remove post_validate_async here?");
+    }
     runtime
         .block_on(reader.post_validate_async(&CawgValidator {}))
         .map_err(Error::from_c2pa_error)?;

cli/src/main.rs

@@ -574,6 +574,10 @@ fn verify_fragmented(init_pattern: &Path, frag_pattern: &Path) -> Result<Vec<Rea
 
 // run cawg validation if supported
 fn validate_cawg(reader: &mut Reader) -> Result<()> {
+    if false {
+        // CONSIDER BEFORE MERGING ...
+        todo!("Remove me?");
+    }
     #[cfg(not(target_os = "wasi"))]
     {
         Runtime::new()?

sdk/examples/cawg_identity.rs

@@ -29,7 +29,6 @@ mod cawg {
         crypto::raw_signature,
         identity::{
             builder::{AsyncIdentityAssertionBuilder, AsyncIdentityAssertionSigner},
-            validator::CawgValidator,
             x509::AsyncX509CredentialHolder,
         },
         AsyncSigner, Builder, Reader, SigningAlg,
@@ -125,9 +124,7 @@ mod cawg {
 
         builder.sign_file_async(&signer, source, &dest).await?;
 
-        let mut reader = Reader::from_file(dest)?;
-
-        reader.post_validate_async(&CawgValidator {}).await?;
+        let reader = Reader::from_file_async(dest).await?;
 
         println!("{reader}");
         Ok(())

sdk/src/identity/validator.rs

@@ -61,7 +61,6 @@ mod tests {
     #[cfg(all(target_arch = "wasm32", not(target_os = "wasi")))]
     use wasm_bindgen_test::wasm_bindgen_test;
 
-    use super::*;
     use crate::{Reader, ValidationState};
 
     const CONNECTED_IDENTITIES_VALID: &[u8] =
@@ -78,8 +77,9 @@ mod tests {
         crate::settings::set_settings_value("verify.verify_trust", false).unwrap();
 
         let mut stream = Cursor::new(CONNECTED_IDENTITIES_VALID);
-        let mut reader = Reader::from_stream("image/jpeg", &mut stream).unwrap();
-        reader.post_validate_async(&CawgValidator {}).await.unwrap();
+        let reader = Reader::from_stream_async("image/jpeg", &mut stream)
+            .await
+            .unwrap();
         //println!("validation results: {}", reader);
         assert_eq!(
             reader
@@ -100,8 +100,9 @@ mod tests {
         crate::settings::set_settings_value("verify.verify_trust", false).unwrap();
 
         let mut stream = Cursor::new(MULTIPLE_IDENTITIES_VALID);
-        let mut reader = Reader::from_stream("image/jpeg", &mut stream).unwrap();
-        reader.post_validate_async(&CawgValidator {}).await.unwrap();
+        let reader = Reader::from_stream_async("image/jpeg", &mut stream)
+            .await
+            .unwrap();
         println!("validation results: {reader}");
         assert_eq!(
             reader
@@ -116,10 +117,11 @@ mod tests {
     }
 
     #[c2pa_test_async]
-    async fn test_post_validate_with_hard_binding_missing() {
+    async fn test_cawg_validate_with_hard_binding_missing() {
         let mut stream = Cursor::new(NO_HARD_BINDING);
-        let mut reader = Reader::from_stream("image/jpeg", &mut stream).unwrap();
-        reader.post_validate_async(&CawgValidator {}).await.unwrap();
+        let reader = Reader::from_stream_async("image/jpeg", &mut stream)
+            .await
+            .unwrap();
         assert_eq!(
             reader
                 .validation_results()

sdk/src/identity/x509/x509_credential_holder.rs

@@ -88,7 +88,7 @@ mod tests {
             x509::{X509CredentialHolder, X509SignatureVerifier},
             IdentityAssertion,
         },
-        status_tracker::StatusTracker,
+        status_tracker::{LogKind, StatusTracker},
         Builder, Reader, SigningAlg,
     };
 
@@ -134,9 +134,29 @@ mod tests {
         // Read back the Manifest that was generated.
         dest.rewind().unwrap();
 
-        let manifest_store = Reader::from_stream(format, &mut dest).unwrap();
+        let manifest_store = Reader::from_stream_async(format, &mut dest).await.unwrap();
         assert_eq!(manifest_store.validation_status(), None);
 
+        let validation_results = manifest_store.validation_results().unwrap();
+        let active_manifest_results = validation_results.active_manifest().unwrap();
+        let active_manifest_success_codes = active_manifest_results.success();
+
+        dbg!(&active_manifest_success_codes);
+
+        let mut ia_success_codes = active_manifest_success_codes.iter().filter(|s| {
+            s.url()
+                .map(|url| url.ends_with("cawg.identity"))
+                .unwrap_or(false)
+                && !s.code().starts_with("assertion.")
+        });
+
+        let ia_success = ia_success_codes.next().unwrap();
+        dbg!(&ia_success);
+
+        assert_eq!(ia_success.code(), "signingCredential.trusted");
+        assert!(ia_success.url().unwrap().ends_with("cawg.identity"));
+        assert_eq!(ia_success.kind(), &LogKind::Success);
+
         let manifest = manifest_store.active_manifest().unwrap();
         let mut st = StatusTracker::default();
         let mut ia_iter = IdentityAssertion::from_manifest(manifest, &mut st);

sdk/src/reader.rs

@@ -136,7 +136,22 @@ impl Reader {
             Store::from_stream_async(format, &mut stream, verify, &mut validation_log).await
         }?;
 
-        Self::from_store(store, &validation_log)
+        #[allow(unused_mut)] // TEMPORARY until I figure out the synchronous path.
+        let mut result = Self::from_store(store, &validation_log)?;
+        if _sync {
+            // TO DO: Figure out how to handle synchronous validation with
+            // identity assertions? Just report an error (needs async)?
+            if false {
+                todo!("Add identity assertion validation here");
+            }
+        } else {
+            use crate::identity::validator::CawgValidator;
+            result
+                .post_validate_internal_async(&CawgValidator {})
+                .await?;
+        }
+
+        Ok(result)
     }
 
     #[async_generic()]
@@ -151,7 +166,11 @@ impl Reader {
             Store::from_stream_async(format, &mut stream, verify, &mut validation_log).await
         }?;
 
-        Self::from_store(store, &validation_log)
+        let mut result = Self::from_store(store, &validation_log)?;
+        if false {
+            todo!("Add identity assertion validation here");
+        }
+        Ok(result)
     }
 
     #[cfg(feature = "file_io")]
@@ -735,6 +754,24 @@ impl Reader {
         validator: &impl AsyncPostValidator
     ))]
     pub fn post_validate(&mut self, validator: &impl PostValidator) -> Result<()> {
+        if false {
+            // CONSIDER BEFORE MERGING ...
+            todo!("Remove me?");
+        }
+
+        if _sync {
+            self.post_validate_internal(validator)
+        } else {
+            self.post_validate_internal_async(validator).await
+        }
+    }
+
+    #[async_generic(async_signature(
+        &mut self,
+        validator: &impl AsyncPostValidator
+    ))]
+    fn post_validate_internal(&mut self, validator: &impl PostValidator) -> Result<()> {
+        // TEMPORARY: Make this available while I sort out new code path.
         let mut validation_log = StatusTracker::default();
         let mut validation_results = self.validation_results.take().unwrap_or_default();
         let mut assertion_values = HashMap::new();
@@ -997,6 +1034,10 @@ pub mod tests {
 
     #[test]
     fn test_reader_post_validate() -> Result<()> {
+        if false {
+            // CONSIDER BEFORE MERGING ...
+            todo!("Remove me?");
+        }
         use crate::{log_item, status_tracker::StatusTracker};
 
         let mut reader =