# HG changeset patch
# User Goffi <goffi@goffi.org>
# Date 1661958423 -7200
# Node ID 6da749bbf3207a76a11d95f542b577117d4dd9c2
# Parent  1bd44367337ddbb4e22b2e8562d3b8dbfc2d156c
component AP gateway: fix headers case in signature:

headers where not lower-cased in `headers` field of signature data, resulting in signature
being rejected by Pleroma (but it was working with Mastodon).

Also add `Content-Type` header.


rel 371

diff -r 1bd44367337d -r 6da749bbf320 sat/plugins/plugin_comp_ap_gateway/__init__.py
--- a/sat/plugins/plugin_comp_ap_gateway/__init__.py	Wed Aug 31 17:07:03 2022 +0200
+++ b/sat/plugins/plugin_comp_ap_gateway/__init__.py	Wed Aug 31 17:07:03 2022 +0200
@@ -933,7 +933,9 @@
                 hashes.SHA256()  # type: ignore
             )
         except InvalidSignature:
-            raise exceptions.EncryptionError("Invalid signature (using PKC0S1 v1.5 and SHA-256)")
+            raise exceptions.EncryptionError(
+                "Invalid signature (using PKC0S1 v1.5 and SHA-256)"
+            )
 
         return actor_id
 
@@ -955,7 +957,9 @@
             ``headers`` is an updated copy of ``headers`` arguments, with pseudo-headers
             removed, and ``Signature`` added.
         """
-        to_sign = "\n".join(f"{k.lower()}: {v}" for k,v in headers.items())
+        # headers must be lower case
+        l_headers: Dict[str, str] = {k.lower(): v for k, v in headers.items()}
+        to_sign = "\n".join(f"{k}: {v}" for k,v in l_headers.items())
         signature = base64.b64encode(self.private_key.sign(
             to_sign.encode(),
             # we have to use PKCS1v15 padding to be compatible with Mastodon
@@ -965,7 +969,7 @@
         sign_data = {
             "keyId": key_id,
             "Algorithm": "rsa-sha256",
-            "headers": " ".join(headers.keys()),
+            "headers": " ".join(l_headers.keys()),
             "signature": signature
         }
         new_headers = {k: v for k,v in headers.items() if not k.startswith("(")}
@@ -1026,7 +1030,7 @@
                 )
             else:
                 raise exceptions.InternalError(f"unexpected element: {item.toXml()}")
-            resp = await self.signAndPost(inbox, url_actor, ap_item)
+            await self.signAndPost(inbox, url_actor, ap_item)
 
     async def convertAndPostAttachments(
         self,
@@ -1182,6 +1186,9 @@
             "Date": http.datetimeToString().decode(),
             "Digest": digest
         }
+        headers["Content-Type"] = (
+            'application/activity+json'
+        )
         headers, __ = self.getSignatureData(self.getKeyId(actor_id), headers)
 
         if self.verbose: