File size: 5,821 Bytes
707c523 b16d75f 707c523 2da4724 707c523 b16d75f 707c523 b16d75f 707c523 b16d75f 707c523 b16d75f 707c523 b16d75f 707c523 b16d75f 707c523 b16d75f 707c523 b16d75f 707c523 b16d75f 707c523 b16d75f 707c523 b16d75f 707c523 b16d75f 707c523 b16d75f 707c523 b16d75f 707c523 b16d75f 2da4724 b16d75f 707c523 b16d75f 2da4724 707c523 b16d75f 707c523 b16d75f 707c523 409803f 707c523 b16d75f 2da4724 707c523 2da4724 707c523 b16d75f 707c523 b16d75f 707c523 b16d75f 2da4724 707c523 b16d75f 2da4724 |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 |
#!/usr/bin/env bash
if [ "$TRUEPIC_DEBUG" = "2" ]; then
set -xeo pipefail
else
set -eo pipefail
fi
debug_echo() {
if [ -n "$TRUEPIC_DEBUG" ]; then
echo "$@"
fi
}
MEDIA_FILE=$(readlink -f "$1")
OUTPUT_FILE=$2
TRUEPIC_CLI=/home/user/app/truepic
STEG_SCRIPTS=/home/user/app/scripts/
filename=$(basename "${MEDIA_FILE}")
extension="${filename##*.}"
if [ "${extension}" = "jpg" ] || [ "${extension}" = "jpeg" ]; then
mime_type="image/jpeg"
else
if [ "${extension}" = "png" ]; then
mime_type="image/png"
else
echo "Unsupported file extension: ${extension}"
exit 1
fi
fi
debug_echo -n "Checking for C2PA data in the media..."
set +e
verification_json=$(${TRUEPIC_CLI} verify $MEDIA_FILE 2>&1)
set -e
if jq -e . <<< "$verification_json" >/dev/null 2>&1; then
c2pa_manifest_found=true
debug_echo " embedded C2PA manifest found."
else
c2pa_manifest_found=false
debug_echo " no embedded C2PA manifest found."
fi
debug_echo
debug_echo -n "Uploading media to steg.ai..."
media_id=$(${STEG_SCRIPTS}/upload.sh ${MEDIA_FILE} $mime_type)
debug_echo " --> media_id=${media_id}"
debug_echo
debug_echo -n "Detecting a watermark..."
decode_response=$(
curl -s https://api.steg.ai/decode_image_async \
-H "x-api-key: ${STEG_AI_API_KEY}" \
--data-raw '{ "media_id": "'${media_id}'" }'
)
request_id=$(echo "$decode_response" | jq -r '.data.request_id')
if [ -z "$request_id" ] || [ "$request_id" = "null" ]; then
debug_echo
echo "No request_id"
exit 1;
fi
status_response=""
decode_status=""
while [ "$decode_status" != "Completed." ]; do
sleep 1
debug_echo -n ".."
status_response=$(
curl -s https://api.steg.ai/media_status?request_id=${request_id} \
-H "x-api-key: ${STEG_AI_API_KEY}"
)
decode_status=$(echo "${status_response}" | jq -r '.data.status')
done
original_id=$(echo "${status_response}" | jq -r '.data.media_data.custom' | jq -r '.original_id')
manifest_id=$(echo "${status_response}" | jq -r '.data.media_data.custom' | jq -r '.manifest_id')
watermark_signature=$(echo "${status_response}" | jq -r '.data.media_data.custom' | jq -r '.watermark_signature')
if [ -z "$manifest_id" ] || [ "$manifest_id" = "null" ]; then
debug_echo
debug_echo "No manifest_id"
else
debug_echo " --> media_id=${manifest_id}"
fi
debug_echo
debug_echo -n "Deleting uploaded media (${media_id}) from steg.ai... "
delete_result=$(
curl -s https://api.steg.ai/asset \
-X DELETE \
-H "x-api-key: ${STEG_AI_API_KEY}" \
--data-raw '{
"media_id" : "'${media_id}'"
}'
)
if [ -n "${TRUEPIC_DEBUG}" ]; then echo ${delete_result} | jq -r '.message'; fi
if [ -z "$manifest_id" ] || [ "$manifest_id" = "null" ]; then
echo "Contains C2PA manifest: ${c2pa_manifest_found}"
echo "Contains watermark: false"
echo "Original watermarked media: n/a"
exit 0
fi
debug_echo
debug_echo -n "Downloading original watermarked media..."
original_info=$(curl -s https://api.steg.ai/asset?media_id=${original_id} -H "x-api-key: ${STEG_AI_API_KEY}")
original_url=$(echo ${original_info} | jq -r '.data[0].path')
downloaded_original=$(mktemp).${extension}
curl -s -o ${downloaded_original} ${original_url}
debug_echo " --> ${downloaded_original}"
debug_echo
debug_echo -n "Downloading new manifest..."
manifest_info=$(curl -s https://api.steg.ai/asset?media_id=${manifest_id} -H "x-api-key: ${STEG_AI_API_KEY}")
manifest_url=$(echo ${manifest_info} | jq -r '.data[0].path')
downloaded_manifest=$(mktemp).bin
curl -s -o ${downloaded_manifest} ${manifest_url}
debug_echo " --> ${downloaded_manifest}"
debug_echo
debug_echo -n "Inserting new manifest into media file..."
${TRUEPIC_CLI} manifest insert ${downloaded_manifest} ${downloaded_original} --output "${OUTPUT_FILE}" > /dev/null 2>&1
debug_echo " --> ${OUTPUT_FILE}"
rm -f ${downloaded_original}
rm -f ${downloaded_manifest}
debug_echo
debug_echo "Checking the manifest."
verification_json=$(${TRUEPIC_CLI} verify "${OUTPUT_FILE}")
hash_status=$(
echo "${verification_json}" | \
jq -r '.manifest_store[] | select(.is_active == true) | .assertions."c2pa.hash.data"[0].status'
)
if echo "${verification_json}" | jq -e '.manifest_store[0].assertions."c2pa.thumbnail.claim.jpeg"' >/dev/null; then
thumbnail_key="c2pa.thumbnail.claim.jpeg"
else
if echo "${verification_json}" | jq -e '.manifest_store[0].assertions."c2pa.thumbnail.claim.png"' >/dev/null; then
thumbnail_key="c2pa.thumbnail.claim.png"
else
echo "Couldn't find thumbnail assertion in the C2PA manifest."
exit 1
fi
fi
thumbnail_hash=$(
echo "${verification_json}" | \
jq -r '.manifest_store[0].assertions."'${thumbnail_key}'"[0].thumbnail_id'
)
timestamp=$(
echo "${verification_json}" | \
jq -r '.manifest_store[0].trusted_timestamp.timestamp'
)
public_key=$(
echo "${verification_json}" | \
jq -r '.manifest_store[0].certificate.cert_der' | \
base64 -d | \
openssl x509 -pubkey -noout
)
debug_echo -n "Checking watermark signature... ${thumbnail_hash}|${timestamp} ... ${watermark_signature} ..."
set +e
signature_verification=$(
openssl dgst -sha256 \
-verify <(echo "${public_key}") \
-signature <(echo "${watermark_signature}" | base64 -d) \
<(echo "${thumbnail_hash}|${timestamp}")
)
set -e
if [ "${signature_verification}" != "Verified OK" ]; then
debug_echo " FAILED"
echo "Watermark signature verification failed"
exit 1
fi
debug_echo " ${signature_verification}"
debug_echo -n "Checking image hash..."
if [ "$hash_status" = "VALID" ]; then
debug_echo " hashes match."
if [ -n "$TRUEPIC_DEBUG" ]; then echo "${verification_json}" | jq; fi
echo "Contains C2PA manifest: ${c2pa_manifest_found}"
echo "Contains watermark: true"
echo "Original watermarked media: ${OUTPUT_FILE}"
exit 0
fi
debug_echo " hashes DON'T match!"
rm -f "${OUTPUT_FILE}" |