Adds same auth report logic to legacy code (#286)

that is, only reporting unsigned in accumulated, and signed only once. Co-authored-by: bjornvolcker <bjornvolcker@users.noreply.github.com>
AxisCommunications · Dec 19, 2024 · 1fd0d6e · 1fd0d6e
1 parent fa0d50a
commit 1fd0d6e
Showing 1 changed file with 10 additions and 1 deletion.
diff --git a/lib/src/legacy/legacy_h26x_auth.c b/lib/src/legacy/legacy_h26x_auth.c
@@ -998,7 +998,16 @@ legacy_maybe_validate_gop(legacy_sv_t *self, legacy_h26x_nalu_t *nalu)
         update_validation_status = true;
       }
       self->gop_info->verified_signature_hash = -1;
-      self->validation_flags.has_auth_result = true;
+      validation_flags->has_auth_result = true;
+      if (latest->authenticity == SV_AUTH_RESULT_NOT_SIGNED) {
+        // Only report "stream is unsigned" in the accumulated report.
+        validation_flags->has_auth_result = false;
+      }
+      if (latest->authenticity == SV_AUTH_RESULT_SIGNATURE_PRESENT) {
+        // Do not report "stream is signed" more than once.
+        validation_flags->has_auth_result =
+            latest->authenticity != self->accumulated_validation->authenticity;
+      }
       public_key_has_changed |= latest->public_key_has_changed;
     }
     SV_THROW(legacy_h26x_nalu_list_update_status(nalu_list, update_validation_status));