diff --git a/app/api/routes/validate.py b/app/api/routes/validate.py index 84ef13d..e8774e4 100644 --- a/app/api/routes/validate.py +++ b/app/api/routes/validate.py @@ -68,11 +68,15 @@ async def validate_media( app_id=capture_trust.get("app_id"), issued_at=capture_trust["issued_at"], key_id=capture_trust.get("key_id"), + device_public_key_fingerprint=capture_trust[ + "device_public_key_fingerprint" + ], ), media_integrity=MediaIntegrityInfo( content_hash_valid=media_integrity["content_hash_valid"], signature_valid=media_integrity["signature_valid"], capture_id_match=media_integrity["capture_id_match"], + fingerprint_match=media_integrity["fingerprint_match"], content_hash=media_integrity["content_hash"], capture_id=media_integrity["capture_id"], captured_at=media_integrity["captured_at"], diff --git a/app/schemas/validate.py b/app/schemas/validate.py index 1a52d99..514a960 100644 --- a/app/schemas/validate.py +++ b/app/schemas/validate.py @@ -19,6 +19,9 @@ class CaptureTrustInfo(APIResponse): ) issued_at: int = Field(description="Unix timestamp when token was issued") key_id: str | None = Field(default=None, description="Key ID used for signing") + device_public_key_fingerprint: str = Field( + description="SHA-256 fingerprint of the device's public key from the JWT" + ) class MediaIntegrityInfo(APIResponse): @@ -33,6 +36,9 @@ class MediaIntegrityInfo(APIResponse): capture_id_match: bool = Field( description="Whether capture ID matches between JWT and media integrity" ) + fingerprint_match: bool = Field( + description="Whether device public key fingerprint matches between JWT and media integrity" + ) content_hash: str = Field(description="SHA256 hash of the media content") capture_id: str = Field(description="Capture ID from media integrity") captured_at: str = Field(description="ISO8601 timestamp of capture")