Remove unresolvable privacyHeaders which prevent jsonld signature checks

main
Bob Mottram 2024-06-23 13:34:47 +01:00
parent 8faf85e553
commit 2288af7857
4 changed files with 30 additions and 9 deletions

View File

@ -34,7 +34,6 @@ def get_individual_post_context() -> []:
""" """
return [ return [
'https://www.w3.org/ns/activitystreams', 'https://www.w3.org/ns/activitystreams',
'https://fep.example/ns/privacyHeaders',
{ {
"ostatus": "http://ostatus.org#", "ostatus": "http://ostatus.org#",
"atomUri": "ostatus:atomUri", "atomUri": "ostatus:atomUri",

View File

@ -92,12 +92,17 @@ def verify_json_signature(doc: {}, public_key_pem: str) -> bool:
return False return False
def generate_json_signature(doc: {}, private_key_pem: str) -> None: def generate_json_signature(doc: {}, private_key_pem: str,
debug: bool) -> None:
"""Adds a json signature to the given ActivityPub post """Adds a json signature to the given ActivityPub post
""" """
if not doc.get('actor'): if not doc.get('actor'):
if debug:
print('DEBUG: generate_json_signature does not have an actor')
return return
if not has_valid_context(doc): if not has_valid_context(doc):
if debug:
print('DEBUG: generate_json_signature does not have valid context')
return return
options = { options = {
"type": "RsaSignature2017", "type": "RsaSignature2017",
@ -110,9 +115,15 @@ def generate_json_signature(doc: {}, private_key_pem: str) -> None:
key = load_pem_private_key(private_key_pem.encode('utf-8'), key = load_pem_private_key(private_key_pem.encode('utf-8'),
None, backend=default_backend()) None, backend=default_backend())
if debug:
print('DEBUG: generate_json_signature get_sha_256')
digest = get_sha_256(to_be_signed.encode("utf-8")) digest = get_sha_256(to_be_signed.encode("utf-8"))
if debug:
print('DEBUG: generate_json_signature key.sign')
signature = key.sign(digest, signature = key.sign(digest,
padding.PKCS1v15(), padding.PKCS1v15(),
hazutils.Prehashed(hashes.SHA256())) hazutils.Prehashed(hashes.SHA256()))
if debug:
print('DEBUG: generate_json_signature base64.b64encode')
sig = base64.b64encode(signature) sig = base64.b64encode(signature)
options["signatureValue"] = sig.decode("utf-8") options["signatureValue"] = sig.decode("utf-8")

View File

@ -124,6 +124,7 @@ from keys import get_person_key
from markdown import markdown_to_html from markdown import markdown_to_html
from followerSync import update_followers_sync_cache from followerSync import update_followers_sync_cache
from question import is_question from question import is_question
from pyjsonld import JsonLdError
def convert_post_content_to_html(message_json: {}) -> None: def convert_post_content_to_html(message_json: {}) -> None:
@ -3063,13 +3064,22 @@ def send_post(signing_priv_key_pem: str, project_version: str,
post_path = inbox_url.split(to_domain, 1)[1] post_path = inbox_url.split(to_domain, 1)[1]
if not post_json_object.get('signature'): if not post_json_object.get('signature'):
json_copied = False
try: try:
signed_post_json_object = post_json_object.copy() signed_post_json_object = post_json_object.copy()
generate_json_signature(signed_post_json_object, private_key_pem) json_copied = True
post_json_object = signed_post_json_object
except BaseException as ex: except BaseException as ex:
print('WARN: send_post failed to JSON-LD sign post, ' + str(ex)) print('WARN: send_post failed to copy json post, ' + str(ex))
pprint(signed_post_json_object) pprint(post_json_object)
if json_copied:
try:
generate_json_signature(signed_post_json_object,
private_key_pem, debug)
post_json_object = signed_post_json_object
except JsonLdError as ex:
print('WARN: send_post failed to JSON-LD sign post, ' + str(ex))
pprint(signed_post_json_object)
# convert json to string so that there are no # convert json to string so that there are no
# subsequent conversions after creating message body digest # subsequent conversions after creating message body digest
@ -3509,7 +3519,8 @@ def send_signed_json(post_json_object: {}, session, base_dir: str,
if not post_json_object.get('signature'): if not post_json_object.get('signature'):
try: try:
signed_post_json_object = post_json_object.copy() signed_post_json_object = post_json_object.copy()
generate_json_signature(signed_post_json_object, private_key_pem) generate_json_signature(signed_post_json_object,
private_key_pem, debug)
post_json_object = signed_post_json_object post_json_object = signed_post_json_object
except BaseException as ex: except BaseException as ex:
print('WARN: send_signed_json failed to JSON-LD sign post, ' + print('WARN: send_signed_json failed to JSON-LD sign post, ' +

View File

@ -4171,7 +4171,7 @@ def _test_jsonld():
'-----END PUBLIC KEY-----' '-----END PUBLIC KEY-----'
signed_document = jld_document.copy() signed_document = jld_document.copy()
generate_json_signature(signed_document, private_key_pem) generate_json_signature(signed_document, private_key_pem, True)
assert signed_document assert signed_document
assert signed_document.get('signature') assert signed_document.get('signature')
assert signed_document['signature'].get('signatureValue') assert signed_document['signature'].get('signatureValue')
@ -4195,7 +4195,7 @@ def _test_jsonld():
} }
} }
signed_document2 = jld_document2.copy() signed_document2 = jld_document2.copy()
generate_json_signature(signed_document2, private_key_pem) generate_json_signature(signed_document2, private_key_pem, True)
assert signed_document2 assert signed_document2
assert signed_document2.get('signature') assert signed_document2.get('signature')
assert signed_document2['signature'].get('signatureValue') assert signed_document2['signature'].get('signatureValue')