Allow incoming posts with failing http signatures provided that they have a json signature which passes

This provides the same level of assurance, but allows posts to arrive via relays

inbox.py

@@ -2726,6 +2726,7 @@ def runInboxQueue(recentPostsCache: {}, maxRecentPosts: int,
             print('DEBUG: checking http header signature')
             pprint(queueJson['httpHeaders'])
         postStr = json.dumps(queueJson['post'])
+        httpSignatureFailed = False
         if not verifyPostHeaders(httpPrefix,
                                  pubKey,
                                  queueJson['httpHeaders'],
@@ -2733,19 +2734,15 @@ def runInboxQueue(recentPostsCache: {}, maxRecentPosts: int,
                                  queueJson['digest'],
                                  postStr,
                                  debug):
+            httpSignatureFailed = True
             print('Queue: Header signature check failed')
             pprint(queueJson['httpHeaders'])
-            if os.path.isfile(queueFilename):
-                os.remove(queueFilename)
-            if len(queue) > 0:
-                queue.pop(0)
-            continue
-
+        else:
             if debug:
                 print('DEBUG: http header signature check success')
 
         # check if a json signature exists on this post
-        checkJsonSignature = False
+        hasJsonSignature = False
         originalJson = queueJson['original']
         if originalJson.get('@context') and \
            originalJson.get('signature'):
@@ -2756,25 +2753,31 @@ def runInboxQueue(recentPostsCache: {}, maxRecentPosts: int,
                 if jwebsig.get('type') and jwebsig.get('signatureValue'):
                     if jwebsig['type'] == 'RsaSignature2017':
                         if hasValidContext(originalJson):
-                            checkJsonSignature = True
+                            hasJsonSignature = True
                         else:
                             print('unrecognised @context: ' +
                                   str(originalJson['@context']))
 
         # strict enforcement of json signatures
-        if verifyAllSignatures and \
-           not checkJsonSignature:
-            print('inbox post does not have a jsonld signature ' +
+        if not hasJsonSignature:
+            if httpSignatureFailed:
+                print('Queue: Header signature check failed and ' +
+                      'unable to check json signature')
+
+            if verifyAllSignatures:
+                print('Queue: inbox post does not have a jsonld signature ' +
                       keyId + ' ' + str(originalJson))
+
+            if httpSignatureFailed or verifyAllSignatures:
                 if os.path.isfile(queueFilename):
                     os.remove(queueFilename)
                 if len(queue) > 0:
                     queue.pop(0)
                 continue
-
-        if checkJsonSignature and verifyAllSignatures:
-            # use the original json message received, not one which may have
-            # been modified along the way
+        else:
+            if httpSignatureFailed or verifyAllSignatures:
+                # use the original json message received, not one which
+                # may have been modified along the way
                 if not verifyJsonSignature(originalJson, pubKey):
                     if debug:
                         print('WARN: jsonld inbox signature check failed ' +
@@ -2787,6 +2790,10 @@ def runInboxQueue(recentPostsCache: {}, maxRecentPosts: int,
                     if len(queue) > 0:
                         queue.pop(0)
                     continue
+                else:
+                    if httpSignatureFailed:
+                        print('jsonld inbox signature check success ' +
+                              'via relay ' + keyId)
                     else:
                         print('jsonld inbox signature check success ' + keyId)