validation_state is lost with the verify call

[ttbuffey]

previously, the validation _state is valid for the embedded file, and in verify tool, it shows the signatures in the web interface.

Now with code:

with open(file_path, "rb") as stream:
       reader = Reader(mime_type, stream)
       result = reader.json()

the "validation_state": "Valid" is lost in the response. So that's why the verify tool also has issues now.

the test file is from https://spec.c2pa.org/public-testfiles/image/jpeg/adobe-20220124-CAI.jpg

[tmathern]

The file you link is a valid file. You can also check it out at https://contentauthenticity.adobe.com/inspect, or using c2patool.

From https://contentauthenticity.adobe.com/inspect:

This is what c2patool reports (please use latest version from here):

{
  "active_manifest": "contentauth:urn:uuid:8bb8ad50-ef2f-4f75-b709-a0e302d58019",
  "manifests": {
    "contentauth:urn:uuid:8bb8ad50-ef2f-4f75-b709-a0e302d58019": {
      "claim_generator": "make_test_images/0.16.1 c2pa-rs/0.16.1",
      "title": "CAI.jpg",
      "format": "image/jpeg",
      "instance_id": "xmp:iid:c959939f-cf2b-4c27-84ce-f29249818932",
      "thumbnail": {
        "format": "image/jpeg",
        "identifier": "self#jumbf=/c2pa/contentauth:urn:uuid:8bb8ad50-ef2f-4f75-b709-a0e302d58019/c2pa.assertions/c2pa.thumbnail.claim.jpeg"
      },
      "ingredients": [
        {
          "title": "A.jpg",
          "format": "image/jpeg",
          "document_id": "xmp.did:813ee422-9736-4cdc-9be6-4e35ed8e41cb",
          "instance_id": "xmp.iid:813ee422-9736-4cdc-9be6-4e35ed8e41cb",
          "thumbnail": {
            "format": "image/jpeg",
            "identifier": "self#jumbf=c2pa.assertions/c2pa.thumbnail.ingredient.jpeg"
          },
          "relationship": "parentOf",
          "label": "c2pa.ingredient"
        },
        {
          "title": "I.jpg",
          "format": "image/jpeg",
          "document_id": "xmp.did:8a00de7a-e694-43b2-a7e6-ed950421a21a",
          "instance_id": "xmp.iid:8a00de7a-e694-43b2-a7e6-ed950421a21a",
          "thumbnail": {
            "format": "image/jpeg",
            "identifier": "self#jumbf=c2pa.assertions/c2pa.thumbnail.ingredient__1.jpeg"
          },
          "relationship": "componentOf",
          "label": "c2pa.ingredient__1"
        }
      ],
      "assertions": [
        {
          "label": "stds.schema-org.CreativeWork",
          "data": {
            "@context": "http://schema.org/",
            "@type": "CreativeWork",
            "author": [
              {
                "@type": "Person",
                "name": "Adobe make_test"
              }
            ]
          },
          "kind": "Json"
        },
        {
          "label": "c2pa.actions.v2",
          "data": {
            "actions": [
              {
                "action": "c2pa.opened",
                "parameters": {
                  "ingredient": {
                    "url": "self#jumbf=c2pa.assertions/c2pa.ingredient",
                    "hash": "tTBD4/E0R0AjLUdJFpsVz3lE/KJUq22Vz0UGqzhEpVs="
                  }
                }
              },
              {
                "action": "c2pa.color_adjustments",
                "parameters": {
                  "name": "brightnesscontrast"
                }
              },
              {
                "action": "c2pa.placed",
                "parameters": {
                  "ingredient": {
                    "url": "self#jumbf=c2pa.assertions/c2pa.ingredient__1",
                    "hash": "EMeeY5a+lvy1msl+9i5DOcOoeQowrqD7NyV0d8fwAX0="
                  }
                }
              },
              {
                "action": "c2pa.resized"
              }
            ]
          }
        }
      ],
      "signature_info": {
        "alg": "Ps256",
        "issuer": "C2PA Test Signing Cert",
        "common_name": "C2PA Signer",
        "cert_serial_number": "720724073027128164015125666832722375746636448153",
        "time": "2023-01-24T14:48:57+00:00"
      },
      "label": "contentauth:urn:uuid:8bb8ad50-ef2f-4f75-b709-a0e302d58019"
    }
  },
  "validation_results": {
    "activeManifest": {
      "success": [
        {
          "code": "timeStamp.validated",
          "url": "self#jumbf=/c2pa/contentauth:urn:uuid:8bb8ad50-ef2f-4f75-b709-a0e302d58019/c2pa.signature",
          "explanation": "timestamp message digest matched: DigiCert Timestamp 2022 - 2"
        },
        {
          "code": "claimSignature.insideValidity",
          "url": "self#jumbf=/c2pa/contentauth:urn:uuid:8bb8ad50-ef2f-4f75-b709-a0e302d58019/c2pa.signature",
          "explanation": "claim signature valid"
        },
        {
          "code": "claimSignature.validated",
          "url": "self#jumbf=/c2pa/contentauth:urn:uuid:8bb8ad50-ef2f-4f75-b709-a0e302d58019/c2pa.signature",
          "explanation": "claim signature valid"
        },
        {
          "code": "assertion.hashedURI.match",
          "url": "self#jumbf=/c2pa/contentauth:urn:uuid:8bb8ad50-ef2f-4f75-b709-a0e302d58019/c2pa.assertions/c2pa.thumbnail.claim.jpeg",
          "explanation": "hashed uri matched: self#jumbf=c2pa.assertions/c2pa.thumbnail.claim.jpeg"
        },
        {
          "code": "assertion.hashedURI.match",
          "url": "self#jumbf=/c2pa/contentauth:urn:uuid:8bb8ad50-ef2f-4f75-b709-a0e302d58019/c2pa.assertions/c2pa.thumbnail.ingredient.jpeg",
          "explanation": "hashed uri matched: self#jumbf=c2pa.assertions/c2pa.thumbnail.ingredient.jpeg"
        },
        {
          "code": "assertion.hashedURI.match",
          "url": "self#jumbf=/c2pa/contentauth:urn:uuid:8bb8ad50-ef2f-4f75-b709-a0e302d58019/c2pa.assertions/c2pa.ingredient",
          "explanation": "hashed uri matched: self#jumbf=c2pa.assertions/c2pa.ingredient"
        },
        {
          "code": "assertion.hashedURI.match",
          "url": "self#jumbf=/c2pa/contentauth:urn:uuid:8bb8ad50-ef2f-4f75-b709-a0e302d58019/c2pa.assertions/c2pa.thumbnail.ingredient__1.jpeg",
          "explanation": "hashed uri matched: self#jumbf=c2pa.assertions/c2pa.thumbnail.ingredient__1.jpeg"
        },
        {
          "code": "assertion.hashedURI.match",
          "url": "self#jumbf=/c2pa/contentauth:urn:uuid:8bb8ad50-ef2f-4f75-b709-a0e302d58019/c2pa.assertions/c2pa.ingredient__1",
          "explanation": "hashed uri matched: self#jumbf=c2pa.assertions/c2pa.ingredient__1"
        },
        {
          "code": "assertion.hashedURI.match",
          "url": "self#jumbf=/c2pa/contentauth:urn:uuid:8bb8ad50-ef2f-4f75-b709-a0e302d58019/c2pa.assertions/stds.schema-org.CreativeWork",
          "explanation": "hashed uri matched: self#jumbf=c2pa.assertions/stds.schema-org.CreativeWork"
        },
        {
          "code": "assertion.hashedURI.match",
          "url": "self#jumbf=/c2pa/contentauth:urn:uuid:8bb8ad50-ef2f-4f75-b709-a0e302d58019/c2pa.assertions/c2pa.actions",
          "explanation": "hashed uri matched: self#jumbf=c2pa.assertions/c2pa.actions"
        },
        {
          "code": "assertion.hashedURI.match",
          "url": "self#jumbf=/c2pa/contentauth:urn:uuid:8bb8ad50-ef2f-4f75-b709-a0e302d58019/c2pa.assertions/c2pa.hash.data",
          "explanation": "hashed uri matched: self#jumbf=c2pa.assertions/c2pa.hash.data"
        },
        {
          "code": "assertion.dataHash.match",
          "url": "self#jumbf=/c2pa/contentauth:urn:uuid:8bb8ad50-ef2f-4f75-b709-a0e302d58019/c2pa.assertions/c2pa.hash.data",
          "explanation": "data hash valid"
        }
      ],
      "informational": [
        {
          "code": "timeStamp.untrusted",
          "url": "self#jumbf=/c2pa/contentauth:urn:uuid:8bb8ad50-ef2f-4f75-b709-a0e302d58019/c2pa.signature",
          "explanation": "timestamp cert untrusted: DigiCert Timestamp 2022 - 2"
        }
      ],
      "failure": []
    },
    "ingredientDeltas": [
      {
        "ingredientAssertionURI": "self#jumbf=/c2pa/contentauth:urn:uuid:8bb8ad50-ef2f-4f75-b709-a0e302d58019/c2pa.assertions/c2pa.ingredient",
        "validationDeltas": {
          "success": [],
          "informational": [
            {
              "code": "ingredient.unknownProvenance",
              "url": "self#jumbf=/c2pa/contentauth:urn:uuid:8bb8ad50-ef2f-4f75-b709-a0e302d58019/c2pa.assertions/c2pa.ingredient",
              "explanation": "A.jpg: ingredient does not have provenance"
            }
          ],
          "failure": []
        }
      },
      {
        "ingredientAssertionURI": "self#jumbf=/c2pa/contentauth:urn:uuid:8bb8ad50-ef2f-4f75-b709-a0e302d58019/c2pa.assertions/c2pa.ingredient__1",
        "validationDeltas": {
          "success": [],
          "informational": [
            {
              "code": "ingredient.unknownProvenance",
              "url": "self#jumbf=/c2pa/contentauth:urn:uuid:8bb8ad50-ef2f-4f75-b709-a0e302d58019/c2pa.assertions/c2pa.ingredient__1",
              "explanation": "I.jpg: ingredient does not have provenance"
            }
          ],
          "failure": []
        }
      }
    ]
  },
  "validation_state": "Valid"
}

And when I run it through the Python SDK too, the file is also reported as valid. And that validation is properly reported and present in the manifests, both when extracted using c2patool and the Python SDK.

The Verify site does not use the Python SDK. So I think the bug here is somewhere else.

ps. Note the informational validation status:

"informational": [
        {
          "code": "timeStamp.untrusted",
          "url": "self#jumbf=/c2pa/contentauth:urn:uuid:8bb8ad50-ef2f-4f75-b709-a0e302d58019/c2pa.signature",
          "explanation": "timestamp cert untrusted: DigiCert Timestamp 2022 - 2"
        }
      ]

This may be causing the difference in behavior between the tools.

[emensch]

Hi @ttbuffey, thank you for opening this issue. This is actually a UI bug on the Verify site that I'm in the process of fixing as we speak. The image will show as "untrusted," rather than the "invalid" state it has now.

[emensch]

This is fixed now. Verify shows the image as "untrusted," as it should: https://contentcredentials.org/verify?source=https://spec.c2pa.org/public-testfiles/image/jpeg/adobe-20220124-CAI.jpg

[ttbuffey]

@tmathern Thanks for the quick fix. This helps a lot. Thanks

[ttbuffey]

@emensch Thanks for the quick fix on the UI.