Skip to content

DRAFT: release 1.0.0#105

Open
aasheptunov wants to merge 75 commits into
masterfrom
develop
Open

DRAFT: release 1.0.0#105
aasheptunov wants to merge 75 commits into
masterfrom
develop

Conversation

@aasheptunov

Copy link
Copy Markdown

No description provided.

lasnown and others added 30 commits October 20, 2025 16:40
Automatically generated by python-semantic-release

skip-checks: true
Automatically generated by python-semantic-release

skip-checks: true
Automatically generated by python-semantic-release

skip-checks: true
* feat(signing): add draft schema loading

* feat(signing): add schema validation

* feat(signing): add signature customization
github-actions and others added 27 commits October 23, 2025 08:11
Automatically generated by python-semantic-release

skip-checks: true
Added features:

- Python implementation for core C2PA objects
- Python implementation for injecting C2PA manifests into JPEG/JPEG and PDF files
- CLI tool for file signing
…fix the installation error in python 3.9 (#54)

* fix(ci): #53: change poetry version into install poetry step so that fix the installation error in python 3.9

* fix(ci): #53: change poetry version into install poetry step in other jobs so that fix the installation error in python 3.9

---------

Co-authored-by: Artem Sheptunov <106321977+Infindery@users.noreply.github.com>
…itattributes (#52)

Co-authored-by: Artem Sheptunov <106321977+Infindery@users.noreply.github.com>
…57)

* feat(actions-assertion): #55: add implementation of actions assertion

* test(actions-assertion): #55: add tests for Actions Assertion

* fix: #55: convert line endings from CRLF to LF

* docs(actions-assertion): #55: correct of the comment to reflect the facts

* docs(readme): bring test coverage score up to date

* refactor(actions-assertion): #55: move Actions assertion tests to separate test file so that to split the tests among yourselves

* refactor(actions-assertion): #55: formatting correction

* fix(actions-assertion): #55: fix a formatting-related error

* refactor(actions-assertion): #55: simplification of the condition

* feat(actions-assertion): #55: add a validation step for valid values in the Actions assertion constructor to prevent the creation of an unsupported action

* docs(readme): bring test coverage score up to date

---------

Co-authored-by: Artem Sheptunov <106321977+Infindery@users.noreply.github.com>
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
* feat(hash-uri-map): #56: add implementation of generate hashed uri map function

* test(hash-uri-map): #56: add tests for generate hashed uri map function

* refactor(hash-uri-map): #56: formatting corrections

---------

Co-authored-by: Artem Sheptunov <106321977+Infindery@users.noreply.github.com>
* fix: #62: update package versions so that the package can be linked to the source code

* fix: #62: add the postCreateCommand to the devcontainer configuration to link the package to the project's source code

* fix: #62: revert the changes and adjust the paths in the Dockerfile so that the package points to the correct directory

---------

Co-authored-by: Artem Sheptunov <106321977+Infindery@users.noreply.github.com>
* feat(actions-assertion): #55: add implementation of actions assertion

* test(actions-assertion): #55: add tests for Actions Assertion

* fix: #55: convert line endings from CRLF to LF

* docs(actions-assertion): #55: correct of the comment to reflect the facts

* docs(readme): bring test coverage score up to date

* feat(claim): #60: update claim to C2PA v2.4

* refactor(creative-work): #60: removal of the CreativeWork assertion, as it has been deprecated in C2PA v2.4

* refactor(creative-work): #60: move Actions assertion tests to separate test file so that to split the tests among yourselves

* fix: #60: correction of formatting errors

* fix: #60: fix for an issue caused by differences in type definitions between Python versions 3.9 and 3.10+

* docs(readme): bring test coverage score up to date

* feat(claim): #60: remove deprecated field and method; add a field containing the file name so that the validator displays the file name

* feat(embedded-data-assertion): #60: replace the outdated codestream content type with embedded file; add Thumbnail and EmbeddedData assertions

* feat(embedded-data-assertion): #60: add embedded-data assertion type

* fix: #60: correction of formatting errors

* test(embedded-data-assertion): #60: add tests for EmbeddedData assertion

* test(assertion): #60: add tests for json_to_bytes function

* test: #60: add a required parameter to the Claim constructor in tests; changing the value of the test variable to one that more closely reflects reality

* test(interface): #60: add tests for interface functions

* fix: #60: correction of formatting errors

* refactor: #60: removal of the ability to provide an external c2pie schema, since the CreativeWork assertion has been removed

* fix: #60: correction of formatting errors

* refactor: #60: revision of the gathered_assertions addition condition

* test: #60: add the missing test_ prefix to test cases

* docs(readme): bring test coverage score up to date

* reafctor: #60: changing the type of the received parameter to the correct one

* refactor: #60: formatting corrections

* fix: #60: fix a lint error by removing unused imports

* feat(thumbnail-assertion): #60: add a separate class for the Thumbnail assertion

* test: #60: add tests for thumbnail assertions; remove duplicate tests; move data hash assertion tests to a separate file

* refactor: #60: formatting corrections

---------

Co-authored-by: Artem Sheptunov <106321977+Infindery@users.noreply.github.com>
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
* feat: #46: implement box parsing from bytes and base box class

* test: #46: add tests for box parsing

* test: #46: add tests for extracting manifest strore from pdf

* feat: #46: add parcing manifest store from pdf

* feat: #46: add helper functions for parcing boxes

* test: #46: add tests for extracting manifest strore from jpeg

* test: #46: add jpeg parsing

* refactor: #46: add a strategy pattern based on content_type

* refactor: #46: move extractor functions to a one file

* refactor: #46: run ruff format

* refactor: #46: formatting corrections

* refactor: #46: modify the logic for extracting bytes from the manifest store for JPG files to handle cases where the APP11 marker appears in the raw bytes

* refactor: #46: formatting corrections

---------

Co-authored-by: Artem Sheptunov <106321977+Infindery@users.noreply.github.com>
* feat(time-stamps): #59: add support for adding timestamps

* docs(time-stamps): #59: add time-stamps research board

* refactor(time-stamps): #59: moving logic into separate functions; adding the ability to specify tsa parameters via the cli

* chore: #59: add new dependencies to pyproject for timestamp functionality

* feat(time-stamp): #59: update implementation of time-stamps to C2PA v2.4

* fix(time-stamps): #59: correct the chain of trust for timestamps

* refactor: #59: formatting corrections

* feat(actions-assertion): #55: add implementation of action assertion (#57)

* feat(actions-assertion): #55: add implementation of actions assertion

* test(actions-assertion): #55: add tests for Actions Assertion

* fix: #55: convert line endings from CRLF to LF

* docs(actions-assertion): #55: correct of the comment to reflect the facts

* docs(readme): bring test coverage score up to date

* refactor(actions-assertion): #55: move Actions assertion tests to separate test file so that to split the tests among yourselves

* refactor(actions-assertion): #55: formatting correction

* fix(actions-assertion): #55: fix a formatting-related error

* refactor(actions-assertion): #55: simplification of the condition

* feat(actions-assertion): #55: add a validation step for valid values in the Actions assertion constructor to prevent the creation of an unsupported action

* docs(readme): bring test coverage score up to date

---------

Co-authored-by: Artem Sheptunov <106321977+Infindery@users.noreply.github.com>
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>

* test(time-stamps): #59: add test for time-stamps functionality

* refactor: #59: formatting corrections

* fix: #59: fix an error related to missing parameters

* refactor: #59: update the variable name and description to make them more clear

* refactor: #59: formatting corrections

* refactor: #59: formatting corrections; change python version for ruff configuration

* chore: #59: delete the file from the board, since the board was only needed for development

* chore: #59: adjusting linter configurations

* chore: #59: add new environment variables to .env-example

* refactor: #59: remove an unused exception

* refactor: #59: add the mock prefix to mock test functions

* docs: #59: add a todo to move configurations to the config file

Co-authored-by: JDRkow <flot74kl@gmail.com>

* docs: #59: rename variables in the test case to more descriptive names

Co-authored-by: JDRkow <flot74kl@gmail.com>

* fix: #59: fix an error related to the use of an undefined variable in the test

* fix: #59: fix an error related to incorrect parameter settings after accepting a suggestion

* test: #59: extract an equivalent function call into a separate mock function

* feat(time-spamps): #59: add tsa_response_timeout parameter so that be able change timeout

* test: #59: add the tsa_response_timeout parameter to the mock function; update the test case that checks for the timeout

* test: #59: add a step to check the timeout value to the test case; add tests for _build_request

---------

Co-authored-by: Artem Sheptunov <106321977+Infindery@users.noreply.github.com>
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: JDRkow <flot74kl@gmail.com>
#72)

* chore: #69: change to the supported Python version range, update to Python 3.10

* chore: #69: change to the supported Python version range, update to Python 3.10

* ci: #69: update poetry to the latest version

* ci: #69: change to the workflow being used, since the previous one did not have the wget utility pre-installed

* refactor: #69: change the imported module, since Python 3.10 allows you to use the embedded

* docs: #69: update information about the Python versions supported by the library

* ci: #69: change the Python image used in the pipeline

---------

Co-authored-by: Artem Sheptunov <106321977+Infindery@users.noreply.github.com>
…assertion (#48)

* feat(ingredient-assertion): #47: add implementation of ingredient assertion

* test(ingredient-assertion): #47: add tests for ingredient assertion

* docs(readme): bring test coverage score up to date

* feat(ingredient-assertion): #47: add support for the c2pa_manifest_ref feature to the ingredient assertion implementation

* feat(jumbf-parser): #47: add of the JUMBF parser method, which extracts manifests from the existing Manifest Store so that the provenance can be built into the resulting asset

* feat(ingredient-assertion): #47: update Ingredient Assertion to C2PA v2.4

* test: #47: add tests for the Manifest Store

* test: #47: add tests for the manifest extraction functionality

* refactor: #47: formatting corrections

* feat: #47: implementation of the logic for adding the validationResults field to IngredientAssertion

* refactor: #47: refactor the Ingredient Assertion

* refactor: #47: formatting corrections

* feat: #47: move the generate_hash_uri_map method to a separate file; implement the logic for adding c2pa.opened in the Actions Assertion

* test: #47: correction of an error in the parameter name

* refactor: #47: refactor Manifest Store tests

* test: #47: add tests for extract_manifest_boxes

* refactor: #47: formatting corrections

* test: #47: update tests for the manifest store

* test: #47: update tests for generate_hash_uri_map

* refactor: #47: remove the redundant call to calculate the length of TBox

* refactor: #47: adjust of the expected parameter type for AssertionStore

* refactor: #47: add tests for Ingredient Assertion; move shared mock functions to a separate file so they can be reused

* refactor: #47: formatting corrections

* refactor: #47: formatting corrections

* docs(readme): bring test coverage score up to date

* refactor: #47: move validation logic in methods of IngredientAssertion class

* refactor: #47: revert changes, since previously implemented logic was optimal

* refactor: #47: formatting corrections

* docs(readme): bring test coverage score up to date

* ci: #47: update poetry lock file

* fix: #47: add missing parameter to a class method definition

* feat: #47: add claimSignature field to the Ingredient Assertion

* chore: #47: remove unnecessary imports

* docs(readme): bring test coverage score up to date

---------

Co-authored-by: Artem Sheptunov <106321977+Infindery@users.noreply.github.com>
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
…#74)

* ci: separate old large workflow into separate ones

* ci: add separate workflow for tests coverage operations based on items-api example

* ci: fix env section

* ci: fix unit tests command

* ci: add step for adding .env to prevent build fail

* ci: remove env section from running tests in devcontainer

* ci: fix missing coverage for unit tests

* docs(readme): replace badge now that workflows are separate

* ci: update workflow name

* docs(readme): add placeholders for test coverage badges

* docs(readme): bring test coverage score up to date

* ci: remove all-in-one workflow

* feat: remove 3.10 python support and update poetry in workflows

* docs: add notes about updates to test coverage commands

* ci: add concurrency to coverage workflow

* ci: fix formatting

* ci: fix indentation

* docs: fix wording

* ci: fix typo and use the same checkout action version as in other workflows

* ci: fix typo in function reference

* ci: experiment with bumping artifact related actions version up to the latest ones

* docs(readme): bring test coverage score up to date

---------

Co-authored-by: Workflow Action <contact@tourmalinecore.com>
Co-authored-by: Artem Sheptunov <106321977+Infindery@users.noreply.github.com>
* feat(ci): add dependency check workflow

* fix(ci): remove wrongly used group filter

* chore(pyproject): add deptry to dev dependencies

* chore(pyproject): remove unused dependencies

* ci: change triggers for readme run-through test to unify triggers with other workflows

* ci: try matrix-ing python versions for linting workflow

* ci: apply formatting and annotation-related suggestions from review

Co-authored-by: Artem Sheptunov <106321977+aasheptunov@users.noreply.github.com>

* ci: remove python-version matrix from linting and add annotations regarding py version setting choices for ruff

---------

Co-authored-by: Artem Sheptunov <106321977+aasheptunov@users.noreply.github.com>
… signing process (#86)

* test: #80: refactor e2e test to make it cleaner

* test: #80: add a test to verify that specified exclusion value matches size of serialized app11 segments

* refactor: #80: refactor c2pa storage data hash exclusion calculation flow

* test: #80: modify exclusion cover test so that it covers pdf case

* refactor: #80: refactor c2pa storage data hash exclusion calculation flow

* chore: #80: rename pdf test file so that filename more readability

* refactor: #80: move logic for adding exclusions to C2PA structure into separate method

* test: #80: add test to align serialized COSE_Sign1

* feat: #80: add alignment logic for serialized COSE_Sign1

* test: #80: update to Data Hash Assertion test, as pad size has been updated

* test: #80: update exclusion coverage test to reflect the changes made to the Data Hash Assertion constructor

* docs(readme): bring test coverage score up to date

* feat: #80: add handling for CBOR boundary violation cases for TSA tokens

* refactor: #80: rework logic for handling CBOR boundary violations for Data Hash Assertion

* chore: #80: rename serialized_length to serialized_cose_sign1_length so that make it more readability

* fix: #80: correct of a typo in the condition

* test: #80: add a test that checks for a ValueError exception if the difference exceeds the length of the pad

* docs(readme): bring test coverage score up to date

* docs: #80: add a clarifying comment for the additional_exclusions parameter in the Data Hash Assertion

* test: #80: add a test to verify the CBOR tag in COSE_Sign1_Tagged

* fix: #80: fix for an error related to the pad not changing when the CBOR boundary is violated

* test: #80: move the test for checking additional_exclusions to the appropriate file; comment them out

* docs(readme): bring test coverage score up to date

* docs: #80: add a comment explaining how JPG_SEGMENT_MAX_PAYLOAD_LENGTH was determined

* refactor: #80: move logic for emplacing the APP11 storage bytes into a separate method;

* docs(readme): bring test coverage score up to date

* refactor: #80: minimize pad size for unprotected header, since the difference is no more than 3 bytes

* test: #80: update tests after changing pad length

* fix: #80: correction of a typo in the calculation of the additional length byte in the CBOR header

* refactor: #80: refactoring

* test: #80: add tests to verify the calculation of the CBOR length in bytes

* docs: #80: add clarifying comments

* docs(readme): bring test coverage score up to date

* fix: #80: formatting corrections

* fix: #80: formatting corrections

* test: #80: add a stress test to verify the signature

* fix: #80: fix an error in the calculation of incorrect exclusions in broken pdf case

* docs(readme): bring test coverage score up to date

* chore: #80: remove unused file

* docs(readme): bring test coverage score up to date

* docs: #80: add clarifying comment about additional byte of length for serialized exclusions array

* test: #80: add test for check redundant lenght byte was removed from pad when exclusions array length exceed 23

* test: #80: change hash in the test schema override for Data Hash Assertion

* fix: #80: fix for error caused by incorrect length specified in the pdf object

* docs: #80: add clarifying comments for value stored in pad field in Data Hash Assertion and unprotected header

* test: #80: update test after changing value of pad field in unprotected header

* chore: #80: fix a typo

* docs: #80: add number of issue to todo comment for additional_exclusions

* test: #80: add test for check that pad calcutation was performed correctly

* docs(readme): bring test coverage score up to date

* fix: #80: remove redundant call of _scan_pdf_to_get_its_data()

* fix: #80: fix a typo

* docs(readme): bring test coverage score up to date

* refactor: #80: change variable name from FIXTURES_DIR to TEST_FILES_DIR

* refactor: #80: remove of the unused additional_exclusions parameter and related tests

* docs: #80: refactor clarifying test comment

* refactor: #80: formatting changes

---------

Co-authored-by: Artem Sheptunov <106321977+Infindery@users.noreply.github.com>
Co-authored-by: Workflow Action <contact@tourmalinecore.com>
… and signing with timestamp (#96)

* test: #95: add e2e test to verify that, in the case of multi-signing, multiple related manifests are included in the file

* test: #95: add e2e test to verify that, when signing file with specific TSA URL, the manifest contains timestamp

* docs(readme): bring test coverage score up to date

* test: #95: simplify variable containing TSA URL in e2e test

---------

Co-authored-by: Artem Sheptunov <106321977+Infindery@users.noreply.github.com>
Co-authored-by: Workflow Action <contact@tourmalinecore.com>
* test: #79: add tests for implementation of Ingredient Assertion; add test for interface function for generation Ingredient Thumbnail Assertion

* test: #79: remove redundant Thumbnail Assertion tests; rename Thumbnail Assertion test so that it is more readability; change mock data for Thumbnail Assertion tests

* refactor: #79: formatting changes

* feat: #79: add implementation of ingredient thumbnail assertion

* test: #80: add test to verify that passing thumbnail file in unsupported format to sign_file causes error

* feat: #79: add logic for reading and validating thumbnail_file to signing process; add Thumbnail Assertion to signing process

* feat: #79: implementation of logic for adding ingredient thumbnail assertion

* refactor: #79: modify logic for retrieving active_manifest within Ingredient Assertion so that it can reuse active_manifest

* feat: #79: add support PNG IANA media type format in supported thumbnail file formats iana_media_types dictionary

* test: #79: fix tests after applying changes

* fix: #79: fix supported_extensions array so that it includes only JPG and PNG formats; update condition with active_manifest into ingredient assertion

* feat: #79: change logic of creation Ingredient Thumbnail Assertion so that, provided a Thumbnail Assertion exists, the bfdb and bidb boxes are copied

* refactor: #79: move logic for extracting thumbnail bytes from active manifest to c2pie_GenerateIngredientThumbnailAssertion interface

* test: #79: add test for check handling thumbnail file sizes

* feat: #79: add thumbnail file size handling

* test: #79: add tests using c2pie_GenerateIngredientThumbnailAssertion() to cover all possible cases

* refactor: #79: remove of redundant condition, since it is unachievable

* fix: #79: fix typo in error message

* test: #79: refactor tests after applying changes; fix typos

* docs(readme): bring test coverage score up to date

* refactor: #79: formatting changes

* fix: #79: fix error involving undefined values for private_key and certificate

* docs(readme): bring test coverage score up to date

---------

Co-authored-by: Artem Sheptunov <106321977+Infindery@users.noreply.github.com>
Co-authored-by: Workflow Action <contact@tourmalinecore.com>
…d and unnecessary configurations (#98)

* refactor(pyproject): remove tool.poetry as both name and version can and should be declared in project section

* refactor(pyproject): remove tool,poetry.source section as we only use one package source

* refactor(pyproject): switch to license-files to get rid of mapping for this field as its deprecated

* chore: regenerate poetry.lock
* feat(ci): add dependency check workflow

* Revert "feat(ci): add dependency check workflow"

This reverts commit 09d0337.

* refactor: #84: formatting changes

* feat: #84: update logic for extracting Manifest Store, as previous version did not account for duplication of LBox + TBox starting at Z = 2

* feat: #84: add logic for splitting APP11 segment

* test: #84: update existing tests following changes made; add new tests to handle new event branches

* test: #84: add test to verify logic for handling cases where maximum size of serialized Manifest Store is exceeded

* feat: #84: add logic to handle cases where serialized Manifest Store exceeds its maximum size

* refactor: #84: formatting changes

* docs(readme): bring test coverage score up to date

* docs: #84: delete outdated comments

* refactor: #84: rename _DC_FORMAT_BY_CONTENT_TYPE to _IANA_MEDIA_TYPES; reuse existing dictionary in logic for adding Thumbnail and Ingredient Thumbnail Assertion

* docs(readme): bring test coverage score up to date

* feat: #84: add error handler to control execution

* docs(readme): bring test coverage score up to date

---------

Co-authored-by: lasnown <125271962+lasnown@users.noreply.github.com>
Co-authored-by: Artem Sheptunov <106321977+Infindery@users.noreply.github.com>
Co-authored-by: Workflow Action <contact@tourmalinecore.com>
…erge conflict (#102)

* test: #100: rollback of error in deleting e2e tests after resolving merge conflict

* docs(readme): bring test coverage score up to date

---------

Co-authored-by: Artem Sheptunov <106321977+Infindery@users.noreply.github.com>
Co-authored-by: Workflow Action <contact@tourmalinecore.com>
…ltiple signatures (#101)

* feat: #100: add logic to remove existing C2PA structure from JPEG raw bytes to prevent multiple Manifest Stores from being present after signing

* test: #100: update existing tests and adding new tests to cover functionality of extracting bytes from Manifest Store, as well as ranges

* test: #100: add tests to cover functionality of deleting bytes within specified ranges

* refactor: #100: formatting changes

* docs(readme): bring test coverage score up to date

* docs(readme): bring test coverage score up to date

* refactor: #100: remove underscore from EXTRACTORS variable name

* fix: #100: fix issue where asset validation was performed after Manifest Store was deleted

* docs(readme): bring test coverage score up to date

---------

Co-authored-by: Artem Sheptunov <106321977+Infindery@users.noreply.github.com>
Co-authored-by: Workflow Action <contact@tourmalinecore.com>
* docs: #103: update project readme after applying changes

* docs(readme): bring test coverage score up to date

---------

Co-authored-by: Artem Sheptunov <106321977+Infindery@users.noreply.github.com>
Co-authored-by: Workflow Action <contact@tourmalinecore.com>
Comment thread c2pie/signing.py
Comment on lines +249 to 254
# Remove old C2PA APP11 segments so the resulting
# file contains exactly one Manifest Store.
raw_bytes = strip_c2pa_app11_segments(
raw_bytes,
segment_ranges,
)

Copy link
Copy Markdown
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We could add a condition so that the method is called only in cases where the APP11 segment is present.

There is no issue at the moment, since when we extract the Manifest Store, the returned range is empty, and therefore no deletion takes place.

… lightweight option (#107)

* build(pyproject): update build backend to poetry core

* build(pyproject): use a less strict version constraint for poetry core
Comment thread README.md

[![Linting and Testing](https://github.com/TourmalineCore/c2pie/actions/workflows/lint-and-test.yml/badge.svg?branch=develop)](https://github.com/TourmalineCore/c2pie/actions/workflows/lint-and-test.yml)
[![Linting](https://github.com/TourmalineCore/c2pie/actions/workflows/lint-on-pull-request.yml/badge.svg?branch=develop)](https://github.com/TourmalineCore/c2pie/actions/workflows/lint-on-pull-request.yml)
[![c2pa](https://img.shields.io/badge/c2pa-v1.4-seagreen.svg)](https://c2pa.org/)

@aasheptunov aasheptunov Jun 11, 2026

Copy link
Copy Markdown
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

C2PA version badge needs updating

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

5 participants