|
#!/usr/bin/env bash |
|
|
|
if [ "$TRUEPIC_DEBUG" = "2" ]; then |
|
set -xeo pipefail |
|
else |
|
set -eo pipefail |
|
fi |
|
|
|
debug_echo() { |
|
if [ -n "$TRUEPIC_DEBUG" ]; then |
|
echo "$@" |
|
fi |
|
} |
|
|
|
MEDIA_FILE=$(readlink -f "$1") |
|
|
|
TRUEPIC_CLI=/home/user/app/truepic |
|
STEG_SCRIPTS=/home/user/app/scripts/ |
|
|
|
filename=$(basename "${MEDIA_FILE}") |
|
extension="${filename##*.}" |
|
if [ "${extension}" = "jpg" ] || [ "${extension}" = "jpeg" ]; then |
|
mime_type="image/jpeg" |
|
else |
|
if [ "${extension}" = "png" ]; then |
|
mime_type="image/png" |
|
else |
|
echo "Unsupported file extension: ${extension}" |
|
exit 1 |
|
fi |
|
fi |
|
|
|
debug_echo -n "Checking for C2PA data in the media..." |
|
set +e |
|
verification_json=$(${TRUEPIC_CLI} verify $MEDIA_FILE 2>&1) |
|
set -e |
|
|
|
if jq -e . <<< "$verification_json" >/dev/null 2>&1; then |
|
c2pa_manifest_found=true |
|
debug_echo " embedded C2PA manifest found." |
|
else |
|
c2pa_manifest_found=false |
|
debug_echo " no embedded C2PA manifest found." |
|
fi |
|
|
|
debug_echo |
|
debug_echo -n "Uploading media to steg.ai..." |
|
media_id=$(${STEG_SCRIPTS}/upload.sh ${MEDIA_FILE} $mime_type) |
|
debug_echo " --> media_id=${media_id}" |
|
|
|
debug_echo |
|
debug_echo -n "Detecting a watermark..." |
|
decode_response=$( |
|
curl -s https://api.steg.ai/decode_image_async \ |
|
-H "x-api-key: ${STEG_AI_API_KEY}" \ |
|
--data-raw '{ "media_id": "'${media_id}'" }' |
|
) |
|
request_id=$(echo "$decode_response" | jq -r '.data.request_id') |
|
|
|
if [ -z "$request_id" ] || [ "$request_id" = "null" ]; then |
|
debug_echo |
|
echo "No request_id" |
|
exit 1; |
|
fi |
|
|
|
status_response="" |
|
decode_status="" |
|
while [ "$decode_status" != "Completed." ]; do |
|
sleep 1 |
|
debug_echo -n ".." |
|
status_response=$( |
|
curl -s https://api.steg.ai/media_status?request_id=${request_id} \ |
|
-H "x-api-key: ${STEG_AI_API_KEY}" |
|
) |
|
decode_status=$(echo "${status_response}" | jq -r '.data.status') |
|
done |
|
|
|
original_id=$(echo "${status_response}" | jq -r '.data.media_data.custom' | jq -r '.original_id') |
|
manifest_id=$(echo "${status_response}" | jq -r '.data.media_data.custom' | jq -r '.manifest_id') |
|
watermark_signature=$(echo "${status_response}" | jq -r '.data.media_data.custom' | jq -r '.watermark_signature') |
|
|
|
if [ -z "$manifest_id" ] || [ "$manifest_id" = "null" ]; then |
|
debug_echo |
|
debug_echo "No manifest_id" |
|
else |
|
debug_echo " --> media_id=${manifest_id}" |
|
fi |
|
|
|
debug_echo |
|
debug_echo -n "Deleting uploaded media (${media_id}) from steg.ai... " |
|
delete_result=$( |
|
curl -s https://api.steg.ai/asset \ |
|
-X DELETE \ |
|
-H "x-api-key: ${STEG_AI_API_KEY}" \ |
|
--data-raw '{ |
|
"media_id" : "'${media_id}'" |
|
}' |
|
) |
|
if [ -n "${TRUEPIC_DEBUG}" ]; then echo ${delete_result} | jq -r '.message'; fi |
|
|
|
if [ -z "$manifest_id" ] || [ "$manifest_id" = "null" ]; then |
|
echo "Contains C2PA manifest: ${c2pa_manifest_found}" |
|
echo "Contains watermark: false" |
|
echo "Original watermarked media: n/a" |
|
exit 0 |
|
fi |
|
|
|
debug_echo |
|
debug_echo -n "Downloading original watermarked media..." |
|
original_info=$(curl -s https://api.steg.ai/asset?media_id=${original_id} -H "x-api-key: ${STEG_AI_API_KEY}") |
|
original_url=$(echo ${original_info} | jq -r '.data[0].path') |
|
downloaded_original=$(mktemp).${extension} |
|
curl -s -o ${downloaded_original} ${original_url} |
|
debug_echo " --> ${downloaded_original}" |
|
|
|
debug_echo |
|
debug_echo -n "Downloading new manifest..." |
|
manifest_info=$(curl -s https://api.steg.ai/asset?media_id=${manifest_id} -H "x-api-key: ${STEG_AI_API_KEY}") |
|
manifest_url=$(echo ${manifest_info} | jq -r '.data[0].path') |
|
downloaded_manifest=$(mktemp).bin |
|
curl -s -o ${downloaded_manifest} ${manifest_url} |
|
debug_echo " --> ${downloaded_manifest}" |
|
|
|
debug_echo |
|
debug_echo -n "Inserting new manifest into media file..." |
|
${TRUEPIC_CLI} manifest insert ${downloaded_manifest} ${downloaded_original} --output watermarked_original.${extension} > /dev/null 2>&1 |
|
debug_echo " --> watermarked_original.${extension}" |
|
rm -f ${downloaded_original} |
|
rm -f ${downloaded_manifest} |
|
|
|
debug_echo |
|
debug_echo "Checking the manifest." |
|
verification_json=$(${TRUEPIC_CLI} verify watermarked_original.${extension}) |
|
|
|
hash_status=$( |
|
echo "${verification_json}" | \ |
|
jq -r '.manifest_store[] | select(.is_active == true) | .assertions."c2pa.hash.data"[0].status' |
|
) |
|
if echo "${verification_json}" | jq -e '.manifest_store[0].assertions."c2pa.thumbnail.claim.jpeg"' >/dev/null; then |
|
thumbnail_key="c2pa.thumbnail.claim.jpeg" |
|
else |
|
if echo "${verification_json}" | jq -e '.manifest_store[0].assertions."c2pa.thumbnail.claim.png"' >/dev/null; then |
|
thumbnail_key="c2pa.thumbnail.claim.png" |
|
else |
|
echo "Couldn't find thumbnail assertion in the C2PA manifest." |
|
exit 1 |
|
fi |
|
fi |
|
thumbnail_hash=$( |
|
echo "${verification_json}" | \ |
|
jq -r '.manifest_store[0].assertions."'${thumbnail_key}'"[0].thumbnail_id' |
|
) |
|
timestamp=$( |
|
echo "${verification_json}" | \ |
|
jq -r '.manifest_store[0].trusted_timestamp.timestamp' |
|
) |
|
public_key=$( |
|
echo "${verification_json}" | \ |
|
jq -r '.manifest_store[] | select(.is_active == true) | .certificate.cert_der' | \ |
|
base64 -d | \ |
|
openssl x509 -pubkey -noout |
|
) |
|
|
|
debug_echo -n "Checking watermark signature... ${thumbnail_hash}|${timestamp} ... ${watermark_signature} ..." |
|
signature_verification=$( |
|
openssl dgst -sha256 \ |
|
-verify <(echo "${public_key}") \ |
|
-signature <(echo "${watermark_signature}" | base64 -d) \ |
|
<(echo "${thumbnail_hash}|${timestamp}") |
|
) |
|
|
|
if [ "${signature_verification}" != "Verified OK" ]; then |
|
debug_echo " FAILED" |
|
echo "Watermark signature verification failed" |
|
exit 1 |
|
fi |
|
debug_echo " ${signature_verification}" |
|
|
|
debug_echo -n "Checking image hash..." |
|
if [ "$hash_status" = "VALID" ]; then |
|
debug_echo " hashes match." |
|
if [ -n "$TRUEPIC_DEBUG" ]; then echo "${verification_json}" | jq; fi |
|
|
|
echo "Contains C2PA manifest: ${c2pa_manifest_found}" |
|
echo "Contains watermark: true" |
|
echo "Original watermarked media: watermarked_original.${extension}" |
|
exit 0 |
|
fi |
|
debug_echo " hashes DON'T match!" |
|
rm -f watermarked_original.${extension} |