mirror of https://gitlab.com/bashrc2/epicyon
Remove unresolvable privacyHeaders which prevent jsonld signature checks
parent
8faf85e553
commit
2288af7857
|
@ -34,7 +34,6 @@ def get_individual_post_context() -> []:
|
|||
"""
|
||||
return [
|
||||
'https://www.w3.org/ns/activitystreams',
|
||||
'https://fep.example/ns/privacyHeaders',
|
||||
{
|
||||
"ostatus": "http://ostatus.org#",
|
||||
"atomUri": "ostatus:atomUri",
|
||||
|
|
|
@ -92,12 +92,17 @@ def verify_json_signature(doc: {}, public_key_pem: str) -> bool:
|
|||
return False
|
||||
|
||||
|
||||
def generate_json_signature(doc: {}, private_key_pem: str) -> None:
|
||||
def generate_json_signature(doc: {}, private_key_pem: str,
|
||||
debug: bool) -> None:
|
||||
"""Adds a json signature to the given ActivityPub post
|
||||
"""
|
||||
if not doc.get('actor'):
|
||||
if debug:
|
||||
print('DEBUG: generate_json_signature does not have an actor')
|
||||
return
|
||||
if not has_valid_context(doc):
|
||||
if debug:
|
||||
print('DEBUG: generate_json_signature does not have valid context')
|
||||
return
|
||||
options = {
|
||||
"type": "RsaSignature2017",
|
||||
|
@ -110,9 +115,15 @@ def generate_json_signature(doc: {}, private_key_pem: str) -> None:
|
|||
|
||||
key = load_pem_private_key(private_key_pem.encode('utf-8'),
|
||||
None, backend=default_backend())
|
||||
if debug:
|
||||
print('DEBUG: generate_json_signature get_sha_256')
|
||||
digest = get_sha_256(to_be_signed.encode("utf-8"))
|
||||
if debug:
|
||||
print('DEBUG: generate_json_signature key.sign')
|
||||
signature = key.sign(digest,
|
||||
padding.PKCS1v15(),
|
||||
hazutils.Prehashed(hashes.SHA256()))
|
||||
if debug:
|
||||
print('DEBUG: generate_json_signature base64.b64encode')
|
||||
sig = base64.b64encode(signature)
|
||||
options["signatureValue"] = sig.decode("utf-8")
|
||||
|
|
21
posts.py
21
posts.py
|
@ -124,6 +124,7 @@ from keys import get_person_key
|
|||
from markdown import markdown_to_html
|
||||
from followerSync import update_followers_sync_cache
|
||||
from question import is_question
|
||||
from pyjsonld import JsonLdError
|
||||
|
||||
|
||||
def convert_post_content_to_html(message_json: {}) -> None:
|
||||
|
@ -3063,13 +3064,22 @@ def send_post(signing_priv_key_pem: str, project_version: str,
|
|||
post_path = inbox_url.split(to_domain, 1)[1]
|
||||
|
||||
if not post_json_object.get('signature'):
|
||||
json_copied = False
|
||||
try:
|
||||
signed_post_json_object = post_json_object.copy()
|
||||
generate_json_signature(signed_post_json_object, private_key_pem)
|
||||
post_json_object = signed_post_json_object
|
||||
json_copied = True
|
||||
except BaseException as ex:
|
||||
print('WARN: send_post failed to JSON-LD sign post, ' + str(ex))
|
||||
pprint(signed_post_json_object)
|
||||
print('WARN: send_post failed to copy json post, ' + str(ex))
|
||||
pprint(post_json_object)
|
||||
|
||||
if json_copied:
|
||||
try:
|
||||
generate_json_signature(signed_post_json_object,
|
||||
private_key_pem, debug)
|
||||
post_json_object = signed_post_json_object
|
||||
except JsonLdError as ex:
|
||||
print('WARN: send_post failed to JSON-LD sign post, ' + str(ex))
|
||||
pprint(signed_post_json_object)
|
||||
|
||||
# convert json to string so that there are no
|
||||
# subsequent conversions after creating message body digest
|
||||
|
@ -3509,7 +3519,8 @@ def send_signed_json(post_json_object: {}, session, base_dir: str,
|
|||
if not post_json_object.get('signature'):
|
||||
try:
|
||||
signed_post_json_object = post_json_object.copy()
|
||||
generate_json_signature(signed_post_json_object, private_key_pem)
|
||||
generate_json_signature(signed_post_json_object,
|
||||
private_key_pem, debug)
|
||||
post_json_object = signed_post_json_object
|
||||
except BaseException as ex:
|
||||
print('WARN: send_signed_json failed to JSON-LD sign post, ' +
|
||||
|
|
4
tests.py
4
tests.py
|
@ -4171,7 +4171,7 @@ def _test_jsonld():
|
|||
'-----END PUBLIC KEY-----'
|
||||
|
||||
signed_document = jld_document.copy()
|
||||
generate_json_signature(signed_document, private_key_pem)
|
||||
generate_json_signature(signed_document, private_key_pem, True)
|
||||
assert signed_document
|
||||
assert signed_document.get('signature')
|
||||
assert signed_document['signature'].get('signatureValue')
|
||||
|
@ -4195,7 +4195,7 @@ def _test_jsonld():
|
|||
}
|
||||
}
|
||||
signed_document2 = jld_document2.copy()
|
||||
generate_json_signature(signed_document2, private_key_pem)
|
||||
generate_json_signature(signed_document2, private_key_pem, True)
|
||||
assert signed_document2
|
||||
assert signed_document2.get('signature')
|
||||
assert signed_document2['signature'].get('signatureValue')
|
||||
|
|
Loading…
Reference in New Issue