updates

main.py

@@ -81,13 +81,20 @@ def verify_image(fileUpload: UploadFile):
         # open read and write the file into the server
         open(fn, 'wb').write(fileUpload.file.read())
 
+        # subprocess.check_output(
+        #     [
+        #        "./truepic",
+        #        "sign",
+        #        fileUpload.filename,
+        #        "--output",
+        #        (os.getcwd() + "/static/" + fileUpload.filename),
+        #    ]
+        # )
+
         subprocess.check_output(
-            [
-                "./truepic",
-                "sign",
+             [
+                "./scripts/sign.sh",
                 fileUpload.filename,
-                "--output",
-                (os.getcwd() + "/static/" + fileUpload.filename),
             ]
         )
 

scripts/sign.sh

@@ -0,0 +1,169 @@
+#!/usr/bin/env bash
+
+set -e
+
+MEDIA_FILE=$(readlink -f "$1")
+
+TRUEPIC_CLI=/home/user/app/truepic
+STEG_SCRIPTS=/home/user/app/scripts/
+PRIVATE_KEY=/home/user/.truepic/default/private.key
+
+echo -n "Signing media..."
+signed_no_watermark=$(mktemp).jpg
+${TRUEPIC_CLI} sign $MEDIA_FILE --output ${signed_no_watermark} > /dev/null 2>&1
+echo " --> ${signed_no_watermark}"
+
+echo
+echo -n "Extracting manifest..."
+no_watermark_manifest=$(mktemp).bin
+${TRUEPIC_CLI} manifest extract ${signed_no_watermark} --output ${no_watermark_manifest} > /dev/null 2>&1
+echo " --> ${no_watermark_manifest}"
+
+echo
+echo -n "Creating watermark signature..."
+verification_json=$(${TRUEPIC_CLI} verify ${signed_no_watermark})
+thumbnail_hash=$(
+  echo "${verification_json}" | \
+  jq -r '.manifest_store[0].assertions."c2pa.thumbnail.claim.jpeg"[0].thumbnail_id'
+)
+timestamp=$(
+  echo "${verification_json}" | \
+  jq -r '.manifest_store[0].trusted_timestamp.timestamp'
+)
+echo -n " ${thumbnail_hash}|${timestamp} ..."
+watermark_signature=$(openssl dgst -sha256 -sign ${PRIVATE_KEY} <(echo "${thumbnail_hash}|${timestamp}") | base64)
+echo " ${watermark_signature}"
+
+echo
+echo -n "Uploading signed media to steg.ai..."
+media_id=$(${STEG_SCRIPTS}/upload.sh ${signed_no_watermark} "image/jpeg")
+echo " --> media_id=${media_id}"
+rm -f ${signed_no_watermark}
+
+echo
+echo -n "Uploading manifest to steg.ai..."
+manifest_id=$(${STEG_SCRIPTS}/upload.sh ${no_watermark_manifest} "application/cbor")
+echo " --> media_id=${manifest_id}"
+
+echo
+echo -n "Watermarking media..."
+encode_response=$(
+  curl -s https://api.steg.ai/encode_image_async \
+    -H "x-api-key: ${STEG_AI_API_KEY}" \
+    --data-raw '{
+        "media_id": "'${media_id}'",
+        "method": 0,
+        "owner": "Truepic",
+        "custom": "{\"manifest_id\":\"'${manifest_id}'\",\"watermark_signature\":\"'${watermark_signature}'\"}"
+      }'
+)
+request_id=$(echo "$encode_response" | jq -r '.data.request_id')
+
+if [ -z "$request_id" ] || [ "$request_id" = "null" ]; then
+  echo
+  echo "No request_id"
+  rm -f ${no_watermark_manifest}
+  exit 1;
+fi
+
+watermark_id=$(echo "$encode_response" | jq -r '.data.encode_media_id')
+
+status_response=""
+watermarking_status=""
+while [ "$watermarking_status" != "Completed." ]; do
+  sleep 1
+  echo -n ".."
+  status_response=$(
+    curl -s https://api.steg.ai/media_status?request_id=${request_id} \
+      -H "x-api-key: ${STEG_AI_API_KEY}"
+  )
+  watermarking_status=$(echo "${status_response}" | jq -r '.data.status')
+done
+
+download_url=$(echo "${status_response}" | jq -r '.data.media_data.media_url')
+echo " --> media_id=${watermark_id}"
+
+echo
+echo -n "Downloading watermarked media..."
+watermarked_image=$(mktemp).jpg
+curl -s -o ${watermarked_image} "$download_url"
+echo " --> ${watermarked_image}"
+
+echo
+echo -n "Re-signing the watermarked media..."
+${TRUEPIC_CLI} sign ${watermarked_image} \
+    --ingredient-manifest-store ${no_watermark_manifest} \
+    --output output.jpg \
+    --assertions-inline '{
+        "assertions": [
+          {
+            "label": "c2pa.actions",
+            "data": {
+              "actions": [
+                {
+                  "action": "c2pa.edited",
+                  "when": "@now",
+                  "softwareAgent": "steg.ai",
+                  "parameters": {
+                    "description": "A watermark was applied."
+                  }
+                }
+              ]
+            }
+          }
+        ]
+      }' > /dev/null 2>&1
+echo " --> output.jpg"
+rm -f ${no_watermark_manifest}
+
+echo
+echo -n "Extracting new manifest..."
+with_watermark_manifest=$(mktemp).bin
+${TRUEPIC_CLI} manifest extract output.jpg --output ${with_watermark_manifest} > /dev/null 2>&1
+echo " --> ${with_watermark_manifest}"
+
+echo
+echo -n "Uploading new manifest to steg.ai..."
+new_manifest_id=$(${STEG_SCRIPTS}/upload.sh ${with_watermark_manifest} "application/cbor")
+echo " --> media_id=${new_manifest_id}"
+rm -f ${with_watermark_manifest}
+
+echo
+echo -n "Updating media with new manifest ID... "
+update_result=$(
+  curl -s https://api.steg.ai/asset \
+    -X POST \
+    -H "x-api-key: ${STEG_AI_API_KEY}" \
+    --data-raw '{
+        "media_id" : "'${watermark_id}'",
+        "custom": "{\"manifest_id\":\"'${new_manifest_id}'\",\"watermark_signature\":\"'${watermark_signature}'\"}"
+      }'
+)
+
+echo ${update_result} | jq -r '.message'
+
+echo
+echo -n "Deleting un-watermarked image (${media_id}) from steg.ai... "
+delete_result=$(
+  curl -s https://api.steg.ai/asset \
+    -X DELETE \
+    -H "x-api-key: ${STEG_AI_API_KEY}" \
+    --data-raw '{
+        "media_id" : "'${media_id}'"
+      }'
+)
+
+echo ${delete_result} | jq -r '.message'
+
+echo
+echo -n "Deleting old manifest (${manifest_id}) from steg.ai... "
+delete_result=$(
+  curl -s https://api.steg.ai/asset \
+    -X DELETE \
+    -H "x-api-key: ${STEG_AI_API_KEY}" \
+    --data-raw '{
+        "media_id" : "'${manifest_id}'"
+      }'
+)
+
+echo ${delete_result} | jq -r '.message'