Spaces:

Truepic
/

watermarked-content-credentials

Sleeping

App Files Files Community

watermarked-content-credentials / scripts /verify.sh

jclyo1

updates

2da4724 9 months ago

raw history blame

No virus

5.82 kB

	#!/usr/bin/env bash

	if [ "$TRUEPIC_DEBUG" = "2" ]; then
	set -xeo pipefail
	else
	set -eo pipefail
	fi

	debug_echo() {
	if [ -n "$TRUEPIC_DEBUG" ]; then
	echo "$@"
	fi
	}

	MEDIA_FILE=$(readlink -f "$1")
	OUTPUT_FILE=$2

	TRUEPIC_CLI=/home/user/app/truepic
	STEG_SCRIPTS=/home/user/app/scripts/

	filename=$(basename "${MEDIA_FILE}")
	extension="${filename##*.}"
	if [ "${extension}" = "jpg" ] \|\| [ "${extension}" = "jpeg" ]; then
	mime_type="image/jpeg"
	else
	if [ "${extension}" = "png" ]; then
	mime_type="image/png"
	else
	echo "Unsupported file extension: ${extension}"
	exit 1
	fi
	fi

	debug_echo -n "Checking for C2PA data in the media..."
	set +e
	verification_json=$(${TRUEPIC_CLI} verify $MEDIA_FILE 2>&1)
	set -e

	if jq -e . <<< "$verification_json" >/dev/null 2>&1; then
	c2pa_manifest_found=true
	debug_echo " embedded C2PA manifest found."
	else
	c2pa_manifest_found=false
	debug_echo " no embedded C2PA manifest found."
	fi

	debug_echo
	debug_echo -n "Uploading media to steg.ai..."
	media_id=$(${STEG_SCRIPTS}/upload.sh ${MEDIA_FILE} $mime_type)
	debug_echo " --> media_id=${media_id}"

	debug_echo
	debug_echo -n "Detecting a watermark..."
	decode_response=$(
	curl -s https://api.steg.ai/decode_image_async \
	-H "x-api-key: ${STEG_AI_API_KEY}" \
	--data-raw '{ "media_id": "'${media_id}'" }'
	)
	request_id=$(echo "$decode_response" \| jq -r '.data.request_id')

	if [ -z "$request_id" ] \|\| [ "$request_id" = "null" ]; then
	debug_echo
	echo "No request_id"
	exit 1;
	fi

	status_response=""
	decode_status=""
	while [ "$decode_status" != "Completed." ]; do
	sleep 1
	debug_echo -n ".."
	status_response=$(
	curl -s https://api.steg.ai/media_status?request_id=${request_id} \
	-H "x-api-key: ${STEG_AI_API_KEY}"
	)
	decode_status=$(echo "${status_response}" \| jq -r '.data.status')
	done

	original_id=$(echo "${status_response}" \| jq -r '.data.media_data.custom' \| jq -r '.original_id')
	manifest_id=$(echo "${status_response}" \| jq -r '.data.media_data.custom' \| jq -r '.manifest_id')
	watermark_signature=$(echo "${status_response}" \| jq -r '.data.media_data.custom' \| jq -r '.watermark_signature')

	if [ -z "$manifest_id" ] \|\| [ "$manifest_id" = "null" ]; then
	debug_echo
	debug_echo "No manifest_id"
	else
	debug_echo " --> media_id=${manifest_id}"
	fi

	debug_echo
	debug_echo -n "Deleting uploaded media (${media_id}) from steg.ai... "
	delete_result=$(
	curl -s https://api.steg.ai/asset \
	-X DELETE \
	-H "x-api-key: ${STEG_AI_API_KEY}" \
	--data-raw '{
	"media_id" : "'${media_id}'"
	}'
	)
	if [ -n "${TRUEPIC_DEBUG}" ]; then echo ${delete_result} \| jq -r '.message'; fi

	if [ -z "$manifest_id" ] \|\| [ "$manifest_id" = "null" ]; then
	echo "Contains C2PA manifest: ${c2pa_manifest_found}"
	echo "Contains watermark: false"
	echo "Original watermarked media: n/a"
	exit 0
	fi

	debug_echo
	debug_echo -n "Downloading original watermarked media..."
	original_info=$(curl -s https://api.steg.ai/asset?media_id=${original_id} -H "x-api-key: ${STEG_AI_API_KEY}")
	original_url=$(echo ${original_info} \| jq -r '.data[0].path')
	downloaded_original=$(mktemp).${extension}
	curl -s -o ${downloaded_original} ${original_url}
	debug_echo " --> ${downloaded_original}"

	debug_echo
	debug_echo -n "Downloading new manifest..."
	manifest_info=$(curl -s https://api.steg.ai/asset?media_id=${manifest_id} -H "x-api-key: ${STEG_AI_API_KEY}")
	manifest_url=$(echo ${manifest_info} \| jq -r '.data[0].path')
	downloaded_manifest=$(mktemp).bin
	curl -s -o ${downloaded_manifest} ${manifest_url}
	debug_echo " --> ${downloaded_manifest}"

	debug_echo
	debug_echo -n "Inserting new manifest into media file..."
	${TRUEPIC_CLI} manifest insert ${downloaded_manifest} ${downloaded_original} --output "${OUTPUT_FILE}" > /dev/null 2>&1
	debug_echo " --> ${OUTPUT_FILE}"
	rm -f ${downloaded_original}
	rm -f ${downloaded_manifest}

	debug_echo
	debug_echo "Checking the manifest."
	verification_json=$(${TRUEPIC_CLI} verify "${OUTPUT_FILE}")

	hash_status=$(
	echo "${verification_json}" \| \
	jq -r '.manifest_store[] \| select(.is_active == true) \| .assertions."c2pa.hash.data"[0].status'
	)
	if echo "${verification_json}" \| jq -e '.manifest_store[0].assertions."c2pa.thumbnail.claim.jpeg"' >/dev/null; then
	thumbnail_key="c2pa.thumbnail.claim.jpeg"
	else
	if echo "${verification_json}" \| jq -e '.manifest_store[0].assertions."c2pa.thumbnail.claim.png"' >/dev/null; then
	thumbnail_key="c2pa.thumbnail.claim.png"
	else
	echo "Couldn't find thumbnail assertion in the C2PA manifest."
	exit 1
	fi
	fi
	thumbnail_hash=$(
	echo "${verification_json}" \| \
	jq -r '.manifest_store[0].assertions."'${thumbnail_key}'"[0].thumbnail_id'
	)
	timestamp=$(
	echo "${verification_json}" \| \
	jq -r '.manifest_store[0].trusted_timestamp.timestamp'
	)
	public_key=$(
	echo "${verification_json}" \| \
	jq -r '.manifest_store[0].certificate.cert_der' \| \
	base64 -d \| \
	openssl x509 -pubkey -noout
	)

	debug_echo -n "Checking watermark signature... ${thumbnail_hash}\|${timestamp} ... ${watermark_signature} ..."
	set +e
	signature_verification=$(
	openssl dgst -sha256 \
	-verify <(echo "${public_key}") \
	-signature <(echo "${watermark_signature}" \| base64 -d) \
	<(echo "${thumbnail_hash}\|${timestamp}")
	)
	set -e

	if [ "${signature_verification}" != "Verified OK" ]; then
	debug_echo " FAILED"
	echo "Watermark signature verification failed"
	exit 1
	fi
	debug_echo " ${signature_verification}"

	debug_echo -n "Checking image hash..."
	if [ "$hash_status" = "VALID" ]; then
	debug_echo " hashes match."
	if [ -n "$TRUEPIC_DEBUG" ]; then echo "${verification_json}" \| jq; fi

	echo "Contains C2PA manifest: ${c2pa_manifest_found}"
	echo "Contains watermark: true"
	echo "Original watermarked media: ${OUTPUT_FILE}"
	exit 0
	fi
	debug_echo " hashes DON'T match!"
	rm -f "${OUTPUT_FILE}"