Fixing signed get

2021-09-01 19:46:28 +01:00 · 2021-09-01 19:46:28 +01:00 · a751dbdf14
parent 1398685e74
commit a751dbdf14
3 changed files with 13 additions and 8 deletions
--- a/httpsig.py
+++ b/httpsig.py
@ -56,7 +56,7 @@ def signPostHeaders(dateStr: str, privateKeyPem: str,
        keyID = httpPrefix + '://' + domain + '/actor#main-key'
    if not messageBodyJsonStr:
        headers = {
-            '(request-target)': f'post {path}',
+            '(request-target)': f'get {path}',
            'host': toDomain,
            'date': dateStr,
            'accept': 'application/json'
@ -201,7 +201,7 @@ def createSignedHeader(privateKeyPem: str, nickname: str,
    dateStr = strftime("%a, %d %b %Y %H:%M:%S %Z", gmtime())
    if not withDigest:
        headers = {
-            '(request-target)': f'post {path}',
+            '(request-target)': f'get {path}',
            'host': headerDomain,
            'date': dateStr,
            'accept': contentType
--- a/session.py
+++ b/session.py
@ -184,9 +184,13 @@ def _getJsonSigned(session, url: str, domainFull: str, sessionHeaders: {},
    print('Signed GET httpPrefix: ' + httpPrefix)
    messageStr = ''
    withDigest = False
+    if toDomainFull + '/' in url:
+        path = '/' + url.split(toDomainFull + '/')[1]
+    else:
+        path = '/actor'
    signatureHeaderJson = \
        createSignedHeader(signingPrivateKeyPem, nickname, domain, port,
-                           toDomain, toPort, url, httpPrefix, withDigest,
+                           toDomain, toPort, path, httpPrefix, withDigest,
                           messageStr)
    print('Signed GET signatureHeaderJson ' + str(signatureHeaderJson))
    for key, value in signatureHeaderJson.items():
--- a/tests.py
+++ b/tests.py
@ -452,20 +452,21 @@ def _testHttpsigBase(withDigest):
                            boxpath, httpPrefix, messageBodyJsonStr)

    headers['signature'] = signatureHeader
+    GETmethod = not withDigest
    assert verifyPostHeaders(httpPrefix, publicKeyPem, headers,
-                             boxpath, False, None,
+                             boxpath, GETmethod, None,
                             messageBodyJsonStr, False)
    if withDigest:
        # everything correct except for content-length
        headers['content-length'] = str(contentLength + 2)
        assert verifyPostHeaders(httpPrefix, publicKeyPem, headers,
-                                 boxpath, False, None,
+                                 boxpath, GETmethod, None,
                                 messageBodyJsonStr, False) is False
    assert verifyPostHeaders(httpPrefix, publicKeyPem, headers,
-                             '/parambulator' + boxpath, False, None,
+                             '/parambulator' + boxpath, GETmethod, None,
                             messageBodyJsonStr, False) is False
    assert verifyPostHeaders(httpPrefix, publicKeyPem, headers,
-                             boxpath, True, None,
+                             boxpath, not GETmethod, None,
                             messageBodyJsonStr, False) is False
    if not withDigest:
        # fake domain
@ -490,7 +491,7 @@ def _testHttpsigBase(withDigest):
        }
    headers['signature'] = signatureHeader
    assert verifyPostHeaders(httpPrefix, publicKeyPem, headers,
-                             boxpath, True, None,
+                             boxpath, not GETmethod, None,
                             messageBodyJsonStr, False) is False

    os.chdir(baseDir)