Ensure we don't balk at extra fields in identity assertion CBOR

contentauth · Feb 27, 2025 · 481223c · 481223c
1 parent aa51d6f
commit 481223c
Show file tree

Hide file tree

Showing 2 changed files with 57 additions and 0 deletions.
diff --git a/cawg_identity/src/tests/fixtures/validation_method/extra_field.jpg b/cawg_identity/src/tests/fixtures/validation_method/extra_field.jpg
diff --git a/cawg_identity/src/tests/identity_assertion/validation_method.rs b/cawg_identity/src/tests/identity_assertion/validation_method.rs
@@ -75,3 +75,60 @@ async fn malformed_cbor() {
         "cawg.identity.cbor.invalid"
     );
 }
+
+/// A validator SHALL NOT consider any extra fields not documented in the
+/// `identity` rule during the validation process.
+#[cfg_attr(not(target_arch = "wasm32"), tokio::test)]
+#[cfg_attr(
+    all(target_arch = "wasm32", not(target_os = "wasi")),
+    wasm_bindgen_test
+)]
+#[cfg_attr(target_os = "wasi", wstd::test)]
+async fn extra_fields() {
+    // The test asset `extra_field.jpg` was written using a temporarily modified
+    // version of this SDK that generated an `other_stuff` string value at the top
+    // level of the identity assertion CBOR.
+
+    let format = "image/jpeg";
+    let test_image = include_bytes!("../fixtures/validation_method/extra_field.jpg");
+
+    let mut test_image = Cursor::new(test_image);
+
+    // Initial read with default `Reader` should pass without issues.
+    let reader = Reader::from_stream(format, &mut test_image).unwrap();
+    assert_eq!(reader.validation_status(), None);
+
+    // Re-parse with identity assertion code should find malformed CBOR error.
+    let mut status_tracker = StatusTracker::default();
+
+    let active_manifest = reader.active_manifest().unwrap();
+    let ia_results: Vec<Result<IdentityAssertion, c2pa::Error>> =
+        IdentityAssertion::from_manifest(active_manifest, &mut status_tracker).collect();
+
+    assert_eq!(ia_results.len(), 1);
+
+    let ia = ia_results[0].as_ref().unwrap();
+    dbg!(ia);
+
+    let sp = &ia.signer_payload;
+    assert_eq!(sp.referenced_assertions.len(), 1);
+
+    assert_eq!(
+        sp.referenced_assertions[0].url(),
+        "self#jumbf=c2pa.assertions/c2pa.hash.data".to_owned()
+    );
+
+    assert_eq!(sp.sig_type, "cawg.x509.cose".to_owned());
+
+    // TEMPORARY: Should report success code.
+    assert_eq!(status_tracker.logged_items().len(), 0);
+
+    // let log = &status_tracker.logged_items()[0];
+    // assert_eq!(log.kind, LogKind::Failure);
+    // assert_eq!(log.label, "cawg.identity");
+    // assert_eq!(log.description, "invalid CBOR");
+    // assert_eq!(
+    //     log.validation_status.as_ref().unwrap().as_ref(),
+    //     "cawg.identity.cbor.invalid"
+    // );
+}