Mercurial > libervia-backend
diff sat/plugins/plugin_comp_ap_gateway/__init__.py @ 3883:6da749bbf320
component AP gateway: fix headers case in signature:
headers where not lower-cased in `headers` field of signature data, resulting in signature
being rejected by Pleroma (but it was working with Mastodon).
Also add `Content-Type` header.
rel 371
author | Goffi <goffi@goffi.org> |
---|---|
date | Wed, 31 Aug 2022 17:07:03 +0200 |
parents | 2e4a0f6050bd |
children | aa7197b67c26 |
line wrap: on
line diff
--- a/sat/plugins/plugin_comp_ap_gateway/__init__.py Wed Aug 31 17:07:03 2022 +0200 +++ b/sat/plugins/plugin_comp_ap_gateway/__init__.py Wed Aug 31 17:07:03 2022 +0200 @@ -933,7 +933,9 @@ hashes.SHA256() # type: ignore ) except InvalidSignature: - raise exceptions.EncryptionError("Invalid signature (using PKC0S1 v1.5 and SHA-256)") + raise exceptions.EncryptionError( + "Invalid signature (using PKC0S1 v1.5 and SHA-256)" + ) return actor_id @@ -955,7 +957,9 @@ ``headers`` is an updated copy of ``headers`` arguments, with pseudo-headers removed, and ``Signature`` added. """ - to_sign = "\n".join(f"{k.lower()}: {v}" for k,v in headers.items()) + # headers must be lower case + l_headers: Dict[str, str] = {k.lower(): v for k, v in headers.items()} + to_sign = "\n".join(f"{k}: {v}" for k,v in l_headers.items()) signature = base64.b64encode(self.private_key.sign( to_sign.encode(), # we have to use PKCS1v15 padding to be compatible with Mastodon @@ -965,7 +969,7 @@ sign_data = { "keyId": key_id, "Algorithm": "rsa-sha256", - "headers": " ".join(headers.keys()), + "headers": " ".join(l_headers.keys()), "signature": signature } new_headers = {k: v for k,v in headers.items() if not k.startswith("(")} @@ -1026,7 +1030,7 @@ ) else: raise exceptions.InternalError(f"unexpected element: {item.toXml()}") - resp = await self.signAndPost(inbox, url_actor, ap_item) + await self.signAndPost(inbox, url_actor, ap_item) async def convertAndPostAttachments( self, @@ -1182,6 +1186,9 @@ "Date": http.datetimeToString().decode(), "Digest": digest } + headers["Content-Type"] = ( + 'application/activity+json' + ) headers, __ = self.getSignatureData(self.getKeyId(actor_id), headers) if self.verbose: