Fixing signed get

httpsig.py

@@ -56,7 +56,7 @@ def signPostHeaders(dateStr: str, privateKeyPem: str,
         keyID = httpPrefix + '://' + domain + '/actor#main-key'
     if not messageBodyJsonStr:
         headers = {
-            '(request-target)': f'post {path}',
+            '(request-target)': f'get {path}',
             'host': toDomain,
             'date': dateStr,
             'accept': 'application/json'
@@ -201,7 +201,7 @@ def createSignedHeader(privateKeyPem: str, nickname: str,
     dateStr = strftime("%a, %d %b %Y %H:%M:%S %Z", gmtime())
     if not withDigest:
         headers = {
-            '(request-target)': f'post {path}',
+            '(request-target)': f'get {path}',
             'host': headerDomain,
             'date': dateStr,
             'accept': contentType

session.py

@@ -184,9 +184,13 @@ def _getJsonSigned(session, url: str, domainFull: str, sessionHeaders: {},
     print('Signed GET httpPrefix: ' + httpPrefix)
     messageStr = ''
     withDigest = False
+    if toDomainFull + '/' in url:
+        path = '/' + url.split(toDomainFull + '/')[1]
+    else:
+        path = '/actor'
     signatureHeaderJson = \
         createSignedHeader(signingPrivateKeyPem, nickname, domain, port,
-                           toDomain, toPort, url, httpPrefix, withDigest,
+                           toDomain, toPort, path, httpPrefix, withDigest,
                            messageStr)
     print('Signed GET signatureHeaderJson ' + str(signatureHeaderJson))
     for key, value in signatureHeaderJson.items():

tests.py

@@ -452,20 +452,21 @@ def _testHttpsigBase(withDigest):
                             boxpath, httpPrefix, messageBodyJsonStr)
 
     headers['signature'] = signatureHeader
+    GETmethod = not withDigest
     assert verifyPostHeaders(httpPrefix, publicKeyPem, headers,
-                             boxpath, False, None,
+                             boxpath, GETmethod, None,
                              messageBodyJsonStr, False)
     if withDigest:
         # everything correct except for content-length
         headers['content-length'] = str(contentLength + 2)
         assert verifyPostHeaders(httpPrefix, publicKeyPem, headers,
-                                 boxpath, False, None,
+                                 boxpath, GETmethod, None,
                                  messageBodyJsonStr, False) is False
     assert verifyPostHeaders(httpPrefix, publicKeyPem, headers,
-                             '/parambulator' + boxpath, False, None,
+                             '/parambulator' + boxpath, GETmethod, None,
                              messageBodyJsonStr, False) is False
     assert verifyPostHeaders(httpPrefix, publicKeyPem, headers,
-                             boxpath, True, None,
+                             boxpath, not GETmethod, None,
                              messageBodyJsonStr, False) is False
     if not withDigest:
         # fake domain
@@ -490,7 +491,7 @@ def _testHttpsigBase(withDigest):
         }
     headers['signature'] = signatureHeader
     assert verifyPostHeaders(httpPrefix, publicKeyPem, headers,
-                             boxpath, True, None,
+                             boxpath, not GETmethod, None,
                              messageBodyJsonStr, False) is False
 
     os.chdir(baseDir)