From 842f8ac96402d89a6adb66c9667c2121fbb721c7 Mon Sep 17 00:00:00 2001 From: Ryan Barrett Date: Sun, 16 Apr 2023 16:35:31 -0700 Subject: [PATCH] temporary: assume HTTP Signature algorithm=hs2019 means rsa-sha256 still trying to figure this out. see https://github.com/snarfed/bridgy-fed/issues/430#issuecomment-1510462267, https://arewehs2019yet.vpzom.click/ , etc. --- activitypub.py | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/activitypub.py b/activitypub.py index 546bfec8..1a8250a2 100644 --- a/activitypub.py +++ b/activitypub.py @@ -151,10 +151,17 @@ class ActivityPub(Protocol): logger.info(f'Headers: {json_dumps(dict(request.headers), indent=2)}') # parse_signature_header lower-cases all keys - keyId = fragmentless(parse_signature_header(sig).get('keyid')) + sig_fields = parse_signature_header(sig) + keyId = fragmentless(sig_fields.get('keyid')) if not keyId: error('HTTP Signature missing keyId', status=401) + # TODO: right now, assume hs2019 is rsa-sha256 🤷 + # https://github.com/snarfed/bridgy-fed/issues/430#issuecomment-1510462267 + # https://arewehs2019yet.vpzom.click/ + if sig_fields.get('algorithm') == 'hs2019': + sig_fields['algorithm'] = 'rsa-sha256' + digest = request.headers.get('Digest') or '' if not digest: error('Missing Digest header, required for HTTP Signature', status=401)