diff --git a/docs/manifest/examples.mdx b/docs/manifest/examples.mdx index 2d3aea8..6b4d691 100644 --- a/docs/manifest/examples.mdx +++ b/docs/manifest/examples.mdx @@ -7,12 +7,17 @@ import CodeBlock from '@theme/CodeBlock'; ## C2PA test files -The C2PA [public-testfiles](https://github.com/c2pa-org/public-testfiles) repository contains numerous examples of asset files with Content Credentials. See https://spec.c2pa.org/public-testfiles/ for links to easily inspect each asset file using Verify using [an asset URL](../verify.mdx#using-an-asset-url) and to the corresponding [manifest report](../c2patool/docs/usage.md#displaying-manifest-data) and [detailed manifest report](../c2patool/docs/usage.md#detailed-manifest-report) from C2PA Tool. +The C2PA [public-testfiles](https://github.com/c2pa-org/public-testfiles) repository contains numerous examples of asset files with Content Credentials. This repository is currently being updated. + + + ## Examples from C2PA Tool The command-line [C2PA Tool](../c2patool/readme.md), `c2patool`, is helpful when developing applications to work with manifest data. When saving a manifest, it has two modes: diff --git a/docs/manifest/reading/ingredients-reading.md b/docs/manifest/reading/ingredients-reading.md index 15c018f..d370954 100644 --- a/docs/manifest/reading/ingredients-reading.md +++ b/docs/manifest/reading/ingredients-reading.md @@ -77,16 +77,19 @@ The ingredient object's `relationship` property describes its relationship to th The [ValidationResults](/docs/manifest/json-ref/reader#validationresults) object contains the the validation results for the active manifest and any changes to ingredients. When ingredients are added, the SDK validates their Content Credentials (if any). However, the validation status of an ingredient does not imply anything about the validation status of the composed asset containing the ingredient. In other words: -- A composed asset's Content Credentials may be valid, but one or more of its ingredients may have invalid Content Credentials. For example, test file [adobe-20220124-XCA.jpg](https://verify.contentauthenticity.org?source=https://spec.c2pa.org/public-testfiles/image/jpeg/adobe-20220124-XCA.jpg) -- A composed asset's Content Credentials may be invalid, but one or more of its ingredients may have valid Content Credentials. For example, test file [adobe-20220124-CIE-sig-CA.jpg](https://verify.contentauthenticity.org?source=https://spec.c2pa.org/public-testfiles/image/jpeg/adobe-20220124-CIE-sig-CA.jpg). + +- A composed asset's Content Credentials may be valid, but one or more of its ingredients may have invalid Content Credentials. +- A composed asset's Content Credentials may be invalid, but one or more of its ingredients may have valid Content Credentials. :::note -Ingredient certificates are validated when they are added to the manifest store, NOT during validation of the composed asset. +Ingredient certificates are validated when they are added to the manifest store, NOT during validation of the composed asset. ::: ### Example of ingredient with invalid credentials + ```json ... @@ -123,8 +126,11 @@ As noted above, the test file [adobe-20220124-CIE-sig-CA.jpg](https://verify.con ] ``` + diff --git a/docs/manifest/reading/validation.md b/docs/manifest/reading/validation.md index a2f1210..aeb38e7 100644 --- a/docs/manifest/reading/validation.md +++ b/docs/manifest/reading/validation.md @@ -10,15 +10,16 @@ In the latest version of the SDK: - Builder performs validation by default, so you can't create an invalid manifest. Previously, the SDK was permissive in this regard. - Validation is much stricter. -::: note +:::note There is a setting to disable full validation when signing. ::: -
+ `Reader` has these validation methods: + - `validation_state()` returns `ValidationState` object (`validation_state` in JSON), which can be `Invalid`, `Valid` or `Trusted`. - `validation_results()` returns `ValidationResults` (`validation_results` in JSON), which can be `success`, `informational`, and `failure` codes for the active manifest and ingredients. diff --git a/docs/manifest/writing/writing.md b/docs/manifest/writing/writing.md index 7f81dea..24cc505 100644 --- a/docs/manifest/writing/writing.md +++ b/docs/manifest/writing/writing.md @@ -3,8 +3,8 @@ id: writing-index title: Building and writing manifest data --- -Use a [ManifestDefinition](../json-ref/manifest-def.mdx) structure to define and construct manifest data for writing. The Rust library and other language libraries provide methods and objects for working with this structure. This JSON reference is generated from the JSON schema for the [ManifestDefinition](https://docs.rs/c2pa/latest/c2pa/struct.ManifestDefinition.html) object (_struct_ in Rust terminology). +Use a [ManifestDefinition](../json-ref/manifest-def.mdx) structure to define and construct manifest data for writing. The Rust library and other language libraries provide methods and objects for working with this structure. - [Writing ingredients](ingredients.md) - [Writing assertions and actions](assertions-actions.md) -- [ManifestDefinition JSON reference](manifest/json-ref/manifest-def.mdx) +- [ManifestDefinition JSON reference](manifest/json-ref/manifest-def.mdx) generated from the JSON schema for the [ManifestDefinition](https://docs.rs/c2pa/latest/c2pa/struct.ManifestDefinition.html) object (_struct_ in Rust terminology). diff --git a/docs/verify.mdx b/docs/verify.mdx index 35af500..00094e1 100644 --- a/docs/verify.mdx +++ b/docs/verify.mdx @@ -46,17 +46,15 @@ https://verify.contentauthenticity.org?source= where `` is the URL of the asset. -For example: https://verify.contentauthenticity.org?source=https://spec.c2pa.org/public-testfiles/image/jpeg/adobe-20220124-CICA.jpg +For example: https://verify.contentauthenticity.org/?source=https://contentauth.github.io/example-assets/images/car-es-Ps-Cr.jpg :::note To use Verify on an asset URL, the URL must not require any authentication and the hosting server must allow cross-origin resource sharing (CORS) in the `Access-Control-Allow-Origin` HTTP response header. ::: -### C2PA test files +### Example assets -The [C2PA public-testfiles](https://spec.c2pa.org/public-testfiles/image/) repository contains image files that demonstrate Content Credentials, including multiple ingredients, Exif metadata, and various error conditions, along with links to inspect the assets using Verify and to view the corresponding manifest reports from the [C2PA Tool](c2patool). - -Currently, most of the asset files in the repository are JPEG images, but a few [PDF](https://spec.c2pa.org/public-testfiles/pdf/) and [video](https://spec.c2pa.org/public-testfiles/video/) test files are also available. +The [example-assets](https://contentauth.github.io/example-assets/) repository contains some sample assets that demonstrate Content Credentials, including links to view the corresponding manifest reports from the [C2PA Tool](c2patool) and to inspect the assets using Verify. See [the README as rendered in GitHub Pages](https://contentauth.github.io/example-assets/). ## Information displayed @@ -206,7 +204,12 @@ import verify_validation_error from '../static/img/verify-validation-error.png'; style={{ width: '300px', display: 'block', margin: '10px auto' }} /> -Verify displays this warning if the `validation_status` array contains any elements. For example, a [this image](https://verify.contentauthenticity.org?source=https://spec.c2pa.org/public-testfiles/image/jpeg/adobe-20220124-E-dat-CA.jpg) with a hard binding hash mismatch error, as shown in [this manifest store](https://spec.c2pa.org/public-testfiles/image/jpeg/manifests/adobe-20220124-E-dat-CA/manifest_store.json): +Verify displays this warning if the `validation_status` array contains any elements. For example, here is an snippet from the manifest of an image with a hard binding hash mismatch error, + + ``` "validation_status": [ @@ -218,8 +221,14 @@ Verify displays this warning if the `validation_status` array contains any eleme ] ``` + + +Another example that can result in this message is a missing referenced claim, as shown in snippet of manifest data: + ``` "validation_status": [ { @@ -250,11 +259,15 @@ import verify_process from '../static/img/verify-process.png'; + + #### App or device used The value shown for **App or device used** is derived from the `claim_generator` property in the active manifest. The string is truncated at the first space character and then underscore and slash characters are converted to spaces. In the above example, `"claim_generator": "make_test_images/0.16.1 c2pa-rs/0.16.1"` is displayed as **make test images 0.16.1**. @@ -401,7 +414,10 @@ The Exif metadata assertions from the JSON manifest for the above example is sho +