From 2288af7857e43943c5710ff7a459d0b821cc4208 Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@libreserver.org>
Date: Sun, 23 Jun 2024 13:34:47 +0100
Subject: [PATCH] Remove unresolvable privacyHeaders which prevent jsonld
 signature checks

---
 context.py         |  1 -
 linked_data_sig.py | 13 ++++++++++++-
 posts.py           | 21 ++++++++++++++++-----
 tests.py           |  4 ++--
 4 files changed, 30 insertions(+), 9 deletions(-)

diff --git a/context.py b/context.py
index 67021d39b..313353e42 100644
--- a/context.py
+++ b/context.py
@@ -34,7 +34,6 @@ def get_individual_post_context() -> []:
     """
     return [
         'https://www.w3.org/ns/activitystreams',
-        'https://fep.example/ns/privacyHeaders',
         {
             "ostatus": "http://ostatus.org#",
             "atomUri": "ostatus:atomUri",
diff --git a/linked_data_sig.py b/linked_data_sig.py
index 42af6ac6e..2a8b498ec 100644
--- a/linked_data_sig.py
+++ b/linked_data_sig.py
@@ -92,12 +92,17 @@ def verify_json_signature(doc: {}, public_key_pem: str) -> bool:
         return False
 
 
-def generate_json_signature(doc: {}, private_key_pem: str) -> None:
+def generate_json_signature(doc: {}, private_key_pem: str,
+                            debug: bool) -> None:
     """Adds a json signature to the given ActivityPub post
     """
     if not doc.get('actor'):
+        if debug:
+            print('DEBUG: generate_json_signature does not have an actor')
         return
     if not has_valid_context(doc):
+        if debug:
+            print('DEBUG: generate_json_signature does not have valid context')
         return
     options = {
         "type": "RsaSignature2017",
@@ -110,9 +115,15 @@ def generate_json_signature(doc: {}, private_key_pem: str) -> None:
 
     key = load_pem_private_key(private_key_pem.encode('utf-8'),
                                None, backend=default_backend())
+    if debug:
+        print('DEBUG: generate_json_signature get_sha_256')
     digest = get_sha_256(to_be_signed.encode("utf-8"))
+    if debug:
+        print('DEBUG: generate_json_signature key.sign')
     signature = key.sign(digest,
                          padding.PKCS1v15(),
                          hazutils.Prehashed(hashes.SHA256()))
+    if debug:
+        print('DEBUG: generate_json_signature base64.b64encode')
     sig = base64.b64encode(signature)
     options["signatureValue"] = sig.decode("utf-8")
diff --git a/posts.py b/posts.py
index 30734a230..6a184afb2 100644
--- a/posts.py
+++ b/posts.py
@@ -124,6 +124,7 @@ from keys import get_person_key
 from markdown import markdown_to_html
 from followerSync import update_followers_sync_cache
 from question import is_question
+from pyjsonld import JsonLdError
 
 
 def convert_post_content_to_html(message_json: {}) -> None:
@@ -3063,13 +3064,22 @@ def send_post(signing_priv_key_pem: str, project_version: str,
     post_path = inbox_url.split(to_domain, 1)[1]
 
     if not post_json_object.get('signature'):
+        json_copied = False
         try:
             signed_post_json_object = post_json_object.copy()
-            generate_json_signature(signed_post_json_object, private_key_pem)
-            post_json_object = signed_post_json_object
+            json_copied = True
         except BaseException as ex:
-            print('WARN: send_post failed to JSON-LD sign post, ' + str(ex))
-            pprint(signed_post_json_object)
+            print('WARN: send_post failed to copy json post, ' + str(ex))
+            pprint(post_json_object)
+
+        if json_copied:
+            try:
+                generate_json_signature(signed_post_json_object,
+                                        private_key_pem, debug)
+                post_json_object = signed_post_json_object
+            except JsonLdError as ex:
+                print('WARN: send_post failed to JSON-LD sign post, ' + str(ex))
+                pprint(signed_post_json_object)
 
     # convert json to string so that there are no
     # subsequent conversions after creating message body digest
@@ -3509,7 +3519,8 @@ def send_signed_json(post_json_object: {}, session, base_dir: str,
     if not post_json_object.get('signature'):
         try:
             signed_post_json_object = post_json_object.copy()
-            generate_json_signature(signed_post_json_object, private_key_pem)
+            generate_json_signature(signed_post_json_object,
+                                    private_key_pem, debug)
             post_json_object = signed_post_json_object
         except BaseException as ex:
             print('WARN: send_signed_json failed to JSON-LD sign post, ' +
diff --git a/tests.py b/tests.py
index 09c9e1553..04bc49f7f 100644
--- a/tests.py
+++ b/tests.py
@@ -4171,7 +4171,7 @@ def _test_jsonld():
         '-----END PUBLIC KEY-----'
 
     signed_document = jld_document.copy()
-    generate_json_signature(signed_document, private_key_pem)
+    generate_json_signature(signed_document, private_key_pem, True)
     assert signed_document
     assert signed_document.get('signature')
     assert signed_document['signature'].get('signatureValue')
@@ -4195,7 +4195,7 @@ def _test_jsonld():
         }
     }
     signed_document2 = jld_document2.copy()
-    generate_json_signature(signed_document2, private_key_pem)
+    generate_json_signature(signed_document2, private_key_pem, True)
     assert signed_document2
     assert signed_document2.get('signature')
     assert signed_document2['signature'].get('signatureValue')