Skip to content

fix: Update error reporting #906

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 6 commits into from
Feb 6, 2025
Merged

fix: Update error reporting #906

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
53301b4
Remove redundant LogItems.
mauricefisher64 Feb 5, 2025
82eb3f8
More error reporting enhancements
mauricefisher64 Feb 5, 2025
44e5f13
Merge branch 'main' of https://github.com/contentauth/c2pa-rs into er…
mauricefisher64 Feb 6, 2025
8ddf0d2
Add OCSP revocations status
mauricefisher64 Feb 6, 2025
c4f0eda
Comment fix
mauricefisher64 Feb 6, 2025
e105c62
Update test image and go back to old test
mauricefisher64 Feb 6, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions internal/status-tracker/src/status_tracker/detailed.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -72,4 +72,8 @@ impl StatusTracker for DetailedStatusTracker {
fn pop_ingredient_uri(&mut self) -> Option<String> {
self.ingredient_uris.pop()
}

fn logged_items_mut(&mut self) -> &mut [LogItem] {
&mut self.logged_items
}
}
3 changes: 3 additions & 0 deletions internal/status-tracker/src/status_tracker/mod.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,9 @@ pub trait StatusTracker: Debug + Send {
/// Return the current list of validation log items.
fn logged_items(&self) -> &[LogItem];

/// Return the mutable list of validation log items.
fn logged_items_mut(&mut self) -> &mut [LogItem];

/// Appends the contents of another [`StatusTracker`] to this list of
/// validation log items.
fn append(&mut self, other: &impl StatusTracker) {
Expand Down
4 changes: 4 additions & 0 deletions internal/status-tracker/src/status_tracker/one_shot.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -36,4 +36,8 @@ impl StatusTracker for OneShotStatusTracker {
self.logged_items.push(log_item);
Err(err)
}

fn logged_items_mut(&mut self) -> &mut [LogItem] {
&mut self.logged_items
}
}
10 changes: 10 additions & 0 deletions internal/status-tracker/src/validation_codes.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,11 +26,21 @@ use crate::log::LogKind;
/// Any corresponding URL should point to a C2PA claim signature box.
pub const CLAIM_SIGNATURE_VALIDATED: &str = "claimSignature.validated";

/// The claims signing certificate was valid at the time of signing.
///
/// Any corresponding URL should point to a C2PA claim box.
pub const CLAIM_SIGNATURE_INSIDE_VALIDITY: &str = "claimSignature.insideValidity";

/// The signing credential is listed on the validator's trust list.
///
/// Any corresponding URL should point to a C2PA claim signature box.
pub const SIGNING_CREDENTIAL_TRUSTED: &str = "signingCredential.trusted";

/// The signing credential for the manifest has not been revoked:
///
/// Any corresponding URL should point to a C2PA claim
pub const SIGNING_CREDENTIAL_NOT_REVOKED: &str = "signingCredential.ocsp.notRevoked";

/// The time-stamp credential is listed on the validator's trust list.
///
/// Any corresponding URL should point to a C2PA claim signature box.
Expand Down
133 changes: 120 additions & 13 deletions sdk/src/claim.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@

#[cfg(feature = "file_io")]
use std::path::Path;
use std::{collections::HashMap, fmt};
use std::{borrow::Cow, collections::HashMap, fmt};

use async_generic::async_generic;
use c2pa_crypto::{
Expand Down Expand Up @@ -1728,8 +1728,45 @@
}

// check certificate revocation
let sign1 = parse_cose_sign1(&sig, &data, validation_log)?;
check_ocsp_status_async(&sign1, &data, ctp, validation_log).await?;
let sign1 = parse_cose_sign1(&sig, &data, validation_log).inspect_err(|_e| {
// adjust the error info
if let Some(li) = validation_log.logged_items_mut().last_mut() {
let mut new_li = li.clone();
new_li.label = Cow::from(claim.uri());
*li = new_li;
}

Check warning on line 1737 in sdk/src/claim.rs

View check run for this annotation

Codecov / codecov/patch

sdk/src/claim.rs#L1733-L1737 

Added lines #L1733 - L1737 were not covered by tests
})?;
check_ocsp_status(&sign1, &data, ctp, validation_log)
.map(|v| {
// if a value contains the der response it has successfully returned a good OCSP response
if !v.ocsp_der.is_empty() {
// so log the success status
if v.revoked_at.is_none() {
log_item!(
claim.uri(),
"claim signature OCSP value good",
"verify_internal"
)
.validation_status(validation_status::SIGNING_CREDENTIAL_NOT_REVOKED)
.success(validation_log);
} else {

Check warning on line 1752 in sdk/src/claim.rs

View check run for this annotation

Codecov / codecov/patch

sdk/src/claim.rs#L1744-L1752 

Added lines #L1744 - L1752 were not covered by tests
// adjust the error info
if let Some(li) = validation_log.logged_items_mut().last_mut() {
let mut new_li = li.clone();
new_li.label = Cow::from(claim.uri());
*li = new_li;
}

Check warning on line 1758 in sdk/src/claim.rs

View check run for this annotation

Codecov / codecov/patch

sdk/src/claim.rs#L1754-L1758 

Added lines #L1754 - L1758 were not covered by tests
}
}
})
.inspect_err(|_e| {
// adjust the error info
if let Some(li) = validation_log.logged_items_mut().last_mut() {
let mut new_li = li.clone();
new_li.label = Cow::from(claim.uri());
*li = new_li;
}

Check warning on line 1768 in sdk/src/claim.rs

View check run for this annotation

Codecov / codecov/patch

sdk/src/claim.rs#L1764-L1768 

Added lines #L1764 - L1768 were not covered by tests
})?;

let verified = verify_cose_async(
&sig,
Expand Down Expand Up @@ -1781,8 +1818,45 @@
};

// check certificate revocation
let sign1 = parse_cose_sign1(sig, data, validation_log)?;
check_ocsp_status(&sign1, data, ctp, validation_log)?;
let sign1 = parse_cose_sign1(sig, data, validation_log).inspect_err(|_e| {
// adjust the error info
if let Some(li) = validation_log.logged_items_mut().last_mut() {
let mut new_li = li.clone();
new_li.label = Cow::from(claim.uri());
*li = new_li;
}

Check warning on line 1827 in sdk/src/claim.rs

View check run for this annotation

Codecov / codecov/patch

sdk/src/claim.rs#L1823-L1827 

Added lines #L1823 - L1827 were not covered by tests
})?;
check_ocsp_status(&sign1, data, ctp, validation_log)
.map(|v| {
// if a value contains the der response it has successfully returned a good OCSP response
if !v.ocsp_der.is_empty() {
// so log the success status
if v.revoked_at.is_none() {
log_item!(
claim.uri(),
"claim signature OCSP value good",
"verify_internal"
)
.validation_status(validation_status::SIGNING_CREDENTIAL_NOT_REVOKED)
.success(validation_log);
} else {

Check warning on line 1842 in sdk/src/claim.rs

View check run for this annotation

Codecov / codecov/patch

sdk/src/claim.rs#L1834-L1842 

Added lines #L1834 - L1842 were not covered by tests
// adjust the error info
if let Some(li) = validation_log.logged_items_mut().last_mut() {
let mut new_li = li.clone();
new_li.label = Cow::from(claim.uri());
*li = new_li;
}

Check warning on line 1848 in sdk/src/claim.rs

View check run for this annotation

Codecov / codecov/patch

sdk/src/claim.rs#L1844-L1848 

Added lines #L1844 - L1848 were not covered by tests
}
}
})
.inspect_err(|_e| {
// adjust the error info
if let Some(li) = validation_log.logged_items_mut().last_mut() {
let mut new_li = li.clone();
new_li.label = Cow::from(claim.uri());
*li = new_li;
}

Check warning on line 1858 in sdk/src/claim.rs

View check run for this annotation

Codecov / codecov/patch

sdk/src/claim.rs#L1854-L1858 

Added lines #L1854 - L1858 were not covered by tests
})?;

let verified = verify_cose(
sig,
Expand All @@ -1794,6 +1868,14 @@
);

Claim::verify_internal(claim, asset_data, is_provenance, verified, validation_log)
.inspect_err(|_e| {
// adjust the error info
if let Some(li) = validation_log.logged_items_mut().last_mut() {
let mut new_li = li.clone();
new_li.label = Cow::from(claim.uri());
*li = new_li;
}

Check warning on line 1877 in sdk/src/claim.rs

View check run for this annotation

Codecov / codecov/patch

sdk/src/claim.rs#L1873-L1877 

Added lines #L1873 - L1877 were not covered by tests
})
}

/// Get the signing certificate chain as PEM bytes
Expand Down Expand Up @@ -1828,6 +1910,28 @@
.validation_status(validation_status::CLAIM_SIGNATURE_MISMATCH)
.failure(validation_log, Error::CoseSignature)?;
} else {
// update the log_item details
if let Some(li) = validation_log.logged_items_mut().last_mut() {
let mut new_li = li.clone();
new_li.label = Cow::from(claim.uri());
new_li.description = Cow::Borrowed("claim signature valid");

if !is_provenance {
new_li = new_li.set_ingredient_uri(claim.uri());
}

*li = new_li;
}
// signing cert has not expired
log_item!(
claim.signature_uri(),
"claim signature valid",
"verify_internal"
)
.validation_status(validation_status::CLAIM_SIGNATURE_INSIDE_VALIDITY)
.success(validation_log);

// add signature validated status
log_item!(
claim.signature_uri(),
"claim signature valid",
Expand All @@ -1837,14 +1941,17 @@
.success(validation_log);
}
}
Err(parse_err) => {
log_item!(
claim.signature_uri(),
"claim signature is not valid",
"verify_internal"
)
.validation_status(validation_status::GENERAL_ERROR)
.failure(validation_log, parse_err)?;
Err(_parse_err) => {
// the lower level errors are logged validation_log
// continue on to catch other failures.

// adjust the error info
if let Some(li) = validation_log.logged_items_mut().last_mut() {
let mut new_li = li.clone();
new_li.label = Cow::from(claim.uri());

*li = new_li;
}
}
};

Expand Down
4 changes: 1 addition & 3 deletions sdk/src/store.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5125,9 +5125,7 @@ pub mod tests {
// replace the title that is inside the claim data - should cause signature to not match
let report = patch_and_report("C.jpg", b"C.jpg", b"X.jpg");
assert!(!report.logged_items().is_empty());
assert!(report.has_error(Error::TimeStampError(
c2pa_crypto::time_stamp::TimeStampError::InvalidData
)));
assert!(report.has_error(c2pa_crypto::time_stamp::TimeStampError::InvalidData));
assert!(report.has_status(validation_status::TIMESTAMP_MISMATCH));
}

Expand Down
2 changes: 1 addition & 1 deletion sdk/src/validation_status.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -125,7 +125,7 @@ impl ValidationStatus {

/// Returns `true` if this has a successful validation code.
pub fn passed(&self) -> bool {
is_success(&self.code)
self.kind != LogKind::Failure
}

/// Returns the LogKind for this validation status.
Expand Down
Binary file modified sdk/tests/fixtures/CIE-sig-CA.jpg
View file
Open in desktop
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.