Skip to content

Feat: Add embeddable and fragmented signing#98

Open
redaranj wants to merge 4 commits into
contentauth:mainfrom
redaranj:feat/embeddable-and-fragmented-signing
Open

Feat: Add embeddable and fragmented signing#98
redaranj wants to merge 4 commits into
contentauth:mainfrom
redaranj:feat/embeddable-and-fragmented-signing

Conversation

@redaranj

@redaranj redaranj commented Jun 25, 2026

Copy link
Copy Markdown
Member

Changes in this pull request

Adds two-pass embeddable signing (to sign large assets in place without a rewrite) and fragmented BMFF Merkle hashing for videos and streamed media

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to change)

Checklist

  • All applicable changes have been documented
  • Any TO DO items (or similar) have been entered as GitHub issues and the link to that issue has been included in a comment

redaranj added 3 commits June 25, 2026 08:32
@redaranj
feat: data-hash, embeddable, and fragmented BMFF signing
7ad5131 
Complete the lower-level, two-pass signing surface on Builder:

- Embeddable / data-hash (GP-255): signEmbeddable, formatEmbeddable, placeholder,
  needsPlaceholder, setDataHashExclusions for caller-managed embedding.
- Fragmented BMFF Merkle hashing (GP-256): setFixedSizeMerkle, hashMdatBytes,
  updateHashFromStream, hashType, plus a HashType enum (DATA_HASH/BMFF_HASH).

Wraps the corresponding c2pa_builder_* FFI through the JNI bridge, with shared
+ Android instrumented tests.
@redaranj
test: cover embeddable and BMFF Merkle signing paths
4754c9d 
Exercise the previously-uncovered signing methods so they are not reported at
0% coverage, and fix the placeholder embeddable test:

- Sign Embeddable (data hash): direct-mode updateHashFromStream + signEmbeddable
  on a JPEG, using a context-configured signer.
- BMFF Merkle Hashing: placeholder + setFixedSizeMerkle + hashMdatBytes +
  updateHashFromStream + signEmbeddable on a fragmented MP4.
- Embeddable and Placeholder: rewritten to the canonical placeholder workflow.
  placeholder() reserves space sized to the signature, so it requires a signer on
  the context; the original built the placeholder on a signer-less Builder.fromJson
  and threw on device. Now uses a context-backed signer, embeds after the SOI
  marker, registers the exclusion, hashes, and signs.

All mirror the c2pa-rs c-ffi / data_hash embeddable workflows. Adds the video1.mp4
test fixture (from the upstream c2pa-rs fixtures) for the BMFF path.
@redaranj
chore: include built-in Kotlin classes in JaCoCo coverage
02b2553 
The jacocoInstrumentedTestReport task pointed classDirectories at
intermediates/javac/debug and tmp/kotlin-classes/debug, both empty under AGP's
built-in Kotlin compilation, so the report rendered "No class files specified"
despite execution data being present. Add the
intermediates/built_in_kotlinc/debug/compileDebugKotlin/classes path alongside
the existing ones (non-existent dirs are ignored, so it stays robust across AGP
layouts). GP-314.
@codecov

codecov Bot commented Jun 25, 2026

Copy link
Copy Markdown

Codecov Report

❌ Patch coverage is 51.21951% with 20 lines in your changes missing coverage. Please review.
✅ Project coverage is 71.66%. Comparing base (5d4838e) to head (02b2553).

Files with missing lines Patch % Lines
...ry/src/main/kotlin/org/contentauth/c2pa/Builder.kt 45.71% 9 Missing and 10 partials ⚠️
...y/src/main/kotlin/org/contentauth/c2pa/HashType.kt 83.33% 0 Missing and 1 partial ⚠️
Additional details and impacted files 
@@             Coverage Diff              @@
##               main      #98      +/-   ##
============================================
- Coverage     72.04%   71.66%   -0.38%     
+ Complexity      267       38     -229     
============================================
  Files            59       60       +1     
  Lines          2214     2255      +41     
  Branches        243      260      +17     
============================================
+ Hits           1595     1616      +21     
- Misses          482      491       +9     
- Partials        137      148      +11

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@redaranj
test: cover embeddable/BMFF error-return paths
82fad89 
Add deterministic error-path coverage for the signing methods' failure branches
(the uncovered 'if (result < 0) throw' lines that dominated the patch). On a
signer-less Builder.fromJson with no placeholder, placeholder/signEmbeddable
have no context signer and setFixedSizeMerkle/setDataHashExclusions have no
DataHash assertion, so each must throw C2PAError; the test asserts that.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@redaranj