diff --git a/context.py b/context.py index 67021d39b..313353e42 100644 --- a/context.py +++ b/context.py @@ -34,7 +34,6 @@ def get_individual_post_context() -> []: """ return [ 'https://www.w3.org/ns/activitystreams', - 'https://fep.example/ns/privacyHeaders', { "ostatus": "http://ostatus.org#", "atomUri": "ostatus:atomUri", diff --git a/linked_data_sig.py b/linked_data_sig.py index 42af6ac6e..2a8b498ec 100644 --- a/linked_data_sig.py +++ b/linked_data_sig.py @@ -92,12 +92,17 @@ def verify_json_signature(doc: {}, public_key_pem: str) -> bool: return False -def generate_json_signature(doc: {}, private_key_pem: str) -> None: +def generate_json_signature(doc: {}, private_key_pem: str, + debug: bool) -> None: """Adds a json signature to the given ActivityPub post """ if not doc.get('actor'): + if debug: + print('DEBUG: generate_json_signature does not have an actor') return if not has_valid_context(doc): + if debug: + print('DEBUG: generate_json_signature does not have valid context') return options = { "type": "RsaSignature2017", @@ -110,9 +115,15 @@ def generate_json_signature(doc: {}, private_key_pem: str) -> None: key = load_pem_private_key(private_key_pem.encode('utf-8'), None, backend=default_backend()) + if debug: + print('DEBUG: generate_json_signature get_sha_256') digest = get_sha_256(to_be_signed.encode("utf-8")) + if debug: + print('DEBUG: generate_json_signature key.sign') signature = key.sign(digest, padding.PKCS1v15(), hazutils.Prehashed(hashes.SHA256())) + if debug: + print('DEBUG: generate_json_signature base64.b64encode') sig = base64.b64encode(signature) options["signatureValue"] = sig.decode("utf-8") diff --git a/posts.py b/posts.py index 30734a230..6a184afb2 100644 --- a/posts.py +++ b/posts.py @@ -124,6 +124,7 @@ from keys import get_person_key from markdown import markdown_to_html from followerSync import update_followers_sync_cache from question import is_question +from pyjsonld import JsonLdError def convert_post_content_to_html(message_json: {}) -> None: @@ -3063,13 +3064,22 @@ def send_post(signing_priv_key_pem: str, project_version: str, post_path = inbox_url.split(to_domain, 1)[1] if not post_json_object.get('signature'): + json_copied = False try: signed_post_json_object = post_json_object.copy() - generate_json_signature(signed_post_json_object, private_key_pem) - post_json_object = signed_post_json_object + json_copied = True except BaseException as ex: - print('WARN: send_post failed to JSON-LD sign post, ' + str(ex)) - pprint(signed_post_json_object) + print('WARN: send_post failed to copy json post, ' + str(ex)) + pprint(post_json_object) + + if json_copied: + try: + generate_json_signature(signed_post_json_object, + private_key_pem, debug) + post_json_object = signed_post_json_object + except JsonLdError as ex: + print('WARN: send_post failed to JSON-LD sign post, ' + str(ex)) + pprint(signed_post_json_object) # convert json to string so that there are no # subsequent conversions after creating message body digest @@ -3509,7 +3519,8 @@ def send_signed_json(post_json_object: {}, session, base_dir: str, if not post_json_object.get('signature'): try: signed_post_json_object = post_json_object.copy() - generate_json_signature(signed_post_json_object, private_key_pem) + generate_json_signature(signed_post_json_object, + private_key_pem, debug) post_json_object = signed_post_json_object except BaseException as ex: print('WARN: send_signed_json failed to JSON-LD sign post, ' + diff --git a/tests.py b/tests.py index 09c9e1553..04bc49f7f 100644 --- a/tests.py +++ b/tests.py @@ -4171,7 +4171,7 @@ def _test_jsonld(): '-----END PUBLIC KEY-----' signed_document = jld_document.copy() - generate_json_signature(signed_document, private_key_pem) + generate_json_signature(signed_document, private_key_pem, True) assert signed_document assert signed_document.get('signature') assert signed_document['signature'].get('signatureValue') @@ -4195,7 +4195,7 @@ def _test_jsonld(): } } signed_document2 = jld_document2.copy() - generate_json_signature(signed_document2, private_key_pem) + generate_json_signature(signed_document2, private_key_pem, True) assert signed_document2 assert signed_document2.get('signature') assert signed_document2['signature'].get('signatureValue')