# HG changeset patch # User Goffi # Date 1661958423 -7200 # Node ID 6da749bbf3207a76a11d95f542b577117d4dd9c2 # Parent 1bd44367337ddbb4e22b2e8562d3b8dbfc2d156c component AP gateway: fix headers case in signature: headers where not lower-cased in `headers` field of signature data, resulting in signature being rejected by Pleroma (but it was working with Mastodon). Also add `Content-Type` header. rel 371 diff -r 1bd44367337d -r 6da749bbf320 sat/plugins/plugin_comp_ap_gateway/__init__.py --- a/sat/plugins/plugin_comp_ap_gateway/__init__.py Wed Aug 31 17:07:03 2022 +0200 +++ b/sat/plugins/plugin_comp_ap_gateway/__init__.py Wed Aug 31 17:07:03 2022 +0200 @@ -933,7 +933,9 @@ hashes.SHA256() # type: ignore ) except InvalidSignature: - raise exceptions.EncryptionError("Invalid signature (using PKC0S1 v1.5 and SHA-256)") + raise exceptions.EncryptionError( + "Invalid signature (using PKC0S1 v1.5 and SHA-256)" + ) return actor_id @@ -955,7 +957,9 @@ ``headers`` is an updated copy of ``headers`` arguments, with pseudo-headers removed, and ``Signature`` added. """ - to_sign = "\n".join(f"{k.lower()}: {v}" for k,v in headers.items()) + # headers must be lower case + l_headers: Dict[str, str] = {k.lower(): v for k, v in headers.items()} + to_sign = "\n".join(f"{k}: {v}" for k,v in l_headers.items()) signature = base64.b64encode(self.private_key.sign( to_sign.encode(), # we have to use PKCS1v15 padding to be compatible with Mastodon @@ -965,7 +969,7 @@ sign_data = { "keyId": key_id, "Algorithm": "rsa-sha256", - "headers": " ".join(headers.keys()), + "headers": " ".join(l_headers.keys()), "signature": signature } new_headers = {k: v for k,v in headers.items() if not k.startswith("(")} @@ -1026,7 +1030,7 @@ ) else: raise exceptions.InternalError(f"unexpected element: {item.toXml()}") - resp = await self.signAndPost(inbox, url_actor, ap_item) + await self.signAndPost(inbox, url_actor, ap_item) async def convertAndPostAttachments( self, @@ -1182,6 +1186,9 @@ "Date": http.datetimeToString().decode(), "Digest": digest } + headers["Content-Type"] = ( + 'application/activity+json' + ) headers, __ = self.getSignatureData(self.getKeyId(actor_id), headers) if self.verbose: