File size: 5,821 Bytes
707c523
 
b16d75f
 
 
 
 
 
 
 
 
 
 
707c523
 
2da4724
707c523
 
 
 
b16d75f
 
 
 
 
 
 
 
 
 
 
 
 
 
707c523
 
 
 
 
b16d75f
 
 
 
 
707c523
 
b16d75f
 
 
 
707c523
b16d75f
 
707c523
 
 
 
 
 
 
 
b16d75f
707c523
 
 
 
 
 
 
 
b16d75f
707c523
 
 
 
 
 
 
b16d75f
707c523
 
 
 
b16d75f
 
707c523
b16d75f
707c523
 
b16d75f
 
707c523
 
 
 
 
 
 
 
b16d75f
707c523
 
b16d75f
 
 
 
707c523
 
b16d75f
 
 
 
 
 
 
 
 
 
707c523
 
 
 
b16d75f
707c523
b16d75f
 
2da4724
 
b16d75f
 
707c523
b16d75f
 
2da4724
707c523
 
 
 
 
b16d75f
 
 
 
 
 
 
 
 
 
707c523
 
b16d75f
707c523
 
 
 
 
 
 
409803f
707c523
 
 
 
b16d75f
2da4724
707c523
 
 
 
 
 
2da4724
707c523
b16d75f
 
 
 
 
 
707c523
b16d75f
707c523
b16d75f
 
 
 
 
2da4724
707c523
 
b16d75f
2da4724
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
#!/usr/bin/env bash

if [ "$TRUEPIC_DEBUG" = "2" ]; then
  set -xeo pipefail
else
  set -eo pipefail
fi

debug_echo() {
    if [ -n "$TRUEPIC_DEBUG" ]; then
        echo "$@"
    fi
}

MEDIA_FILE=$(readlink -f "$1")
OUTPUT_FILE=$2

TRUEPIC_CLI=/home/user/app/truepic
STEG_SCRIPTS=/home/user/app/scripts/

filename=$(basename "${MEDIA_FILE}")
extension="${filename##*.}"
if [ "${extension}" = "jpg" ] || [ "${extension}" = "jpeg" ]; then
  mime_type="image/jpeg"
else
  if [ "${extension}" = "png" ]; then
    mime_type="image/png"
  else
    echo "Unsupported file extension: ${extension}"
    exit 1
  fi
fi

debug_echo -n "Checking for C2PA data in the media..."
set +e
verification_json=$(${TRUEPIC_CLI} verify $MEDIA_FILE 2>&1)
set -e

if jq -e . <<< "$verification_json" >/dev/null 2>&1; then
  c2pa_manifest_found=true
  debug_echo " embedded C2PA manifest found."
else
  c2pa_manifest_found=false
  debug_echo " no embedded C2PA manifest found."
fi

debug_echo
debug_echo -n "Uploading media to steg.ai..."
media_id=$(${STEG_SCRIPTS}/upload.sh ${MEDIA_FILE} $mime_type)
debug_echo " --> media_id=${media_id}"

debug_echo
debug_echo -n "Detecting a watermark..."
decode_response=$(
  curl -s https://api.steg.ai/decode_image_async \
    -H "x-api-key: ${STEG_AI_API_KEY}" \
    --data-raw '{ "media_id": "'${media_id}'" }'
)
request_id=$(echo "$decode_response" | jq -r '.data.request_id')

if [ -z "$request_id" ] || [ "$request_id" = "null" ]; then
  debug_echo
  echo "No request_id"
  exit 1;
fi

status_response=""
decode_status=""
while [ "$decode_status" != "Completed." ]; do
  sleep 1
  debug_echo -n ".."
  status_response=$(
    curl -s https://api.steg.ai/media_status?request_id=${request_id} \
      -H "x-api-key: ${STEG_AI_API_KEY}"
  )
  decode_status=$(echo "${status_response}" | jq -r '.data.status')
done

original_id=$(echo "${status_response}" | jq -r '.data.media_data.custom' | jq -r '.original_id')
manifest_id=$(echo "${status_response}" | jq -r '.data.media_data.custom' | jq -r '.manifest_id')
watermark_signature=$(echo "${status_response}" | jq -r '.data.media_data.custom' | jq -r '.watermark_signature')

if [ -z "$manifest_id" ] || [ "$manifest_id" = "null" ]; then
  debug_echo
  debug_echo "No manifest_id"
else
  debug_echo " --> media_id=${manifest_id}"
fi

debug_echo
debug_echo -n "Deleting uploaded media (${media_id}) from steg.ai... "
delete_result=$(
  curl -s https://api.steg.ai/asset \
    -X DELETE \
    -H "x-api-key: ${STEG_AI_API_KEY}" \
    --data-raw '{
        "media_id" : "'${media_id}'"
      }'
)
if [ -n "${TRUEPIC_DEBUG}" ]; then echo ${delete_result} | jq -r '.message'; fi

if [ -z "$manifest_id" ] || [ "$manifest_id" = "null" ]; then
  echo "Contains C2PA manifest: ${c2pa_manifest_found}"
  echo "Contains watermark: false"
  echo "Original watermarked media: n/a"
  exit 0
fi

debug_echo
debug_echo -n "Downloading original watermarked media..."
original_info=$(curl -s https://api.steg.ai/asset?media_id=${original_id} -H "x-api-key: ${STEG_AI_API_KEY}")
original_url=$(echo ${original_info} | jq -r '.data[0].path')
downloaded_original=$(mktemp).${extension}
curl -s -o ${downloaded_original} ${original_url}
debug_echo " --> ${downloaded_original}"

debug_echo
debug_echo -n "Downloading new manifest..."
manifest_info=$(curl -s https://api.steg.ai/asset?media_id=${manifest_id} -H "x-api-key: ${STEG_AI_API_KEY}")
manifest_url=$(echo ${manifest_info} | jq -r '.data[0].path')
downloaded_manifest=$(mktemp).bin
curl -s -o ${downloaded_manifest} ${manifest_url}
debug_echo " --> ${downloaded_manifest}"

debug_echo
debug_echo -n "Inserting new manifest into media file..."
${TRUEPIC_CLI} manifest insert ${downloaded_manifest} ${downloaded_original} --output "${OUTPUT_FILE}" > /dev/null 2>&1
debug_echo " --> ${OUTPUT_FILE}"
rm -f ${downloaded_original}
rm -f ${downloaded_manifest}

debug_echo
debug_echo "Checking the manifest."
verification_json=$(${TRUEPIC_CLI} verify "${OUTPUT_FILE}")

hash_status=$(
  echo "${verification_json}" | \
  jq -r '.manifest_store[] | select(.is_active == true) | .assertions."c2pa.hash.data"[0].status'
)
if echo "${verification_json}" | jq -e '.manifest_store[0].assertions."c2pa.thumbnail.claim.jpeg"' >/dev/null; then
  thumbnail_key="c2pa.thumbnail.claim.jpeg"
else
  if echo "${verification_json}" | jq -e '.manifest_store[0].assertions."c2pa.thumbnail.claim.png"' >/dev/null; then
    thumbnail_key="c2pa.thumbnail.claim.png"
  else
    echo "Couldn't find thumbnail assertion in the C2PA manifest."
    exit 1
  fi
fi
thumbnail_hash=$(
  echo "${verification_json}" | \
  jq -r '.manifest_store[0].assertions."'${thumbnail_key}'"[0].thumbnail_id'
)
timestamp=$(
  echo "${verification_json}" | \
  jq -r '.manifest_store[0].trusted_timestamp.timestamp'
)
public_key=$(
  echo "${verification_json}" | \
  jq -r '.manifest_store[0].certificate.cert_der' | \
  base64 -d | \
  openssl x509 -pubkey -noout
)

debug_echo -n "Checking watermark signature... ${thumbnail_hash}|${timestamp} ... ${watermark_signature} ..."
set +e
signature_verification=$(
  openssl dgst -sha256 \
    -verify <(echo "${public_key}") \
    -signature <(echo "${watermark_signature}" | base64 -d) \
    <(echo "${thumbnail_hash}|${timestamp}")
)
set -e

if [ "${signature_verification}" != "Verified OK" ]; then
  debug_echo " FAILED"
  echo "Watermark signature verification failed"
  exit 1
fi
debug_echo " ${signature_verification}"

debug_echo -n "Checking image hash..."
if [ "$hash_status" = "VALID" ]; then
  debug_echo " hashes match."
  if [ -n "$TRUEPIC_DEBUG" ]; then echo "${verification_json}" | jq; fi

  echo "Contains C2PA manifest: ${c2pa_manifest_found}"
  echo "Contains watermark: true"
  echo "Original watermarked media: ${OUTPUT_FILE}"
  exit 0
fi
debug_echo " hashes DON'T match!"
rm -f "${OUTPUT_FILE}"