From 78eacf165e077d19439d8dcb2d9e2d359a64dd49 Mon Sep 17 00:00:00 2001
From: Kelson Vibber <kelson@pobox.com>
Date: Fri, 3 Mar 2023 08:18:11 -0800
Subject: [PATCH] Accept hs2019 in signatures (#529)

Fixes part of federation with GoToSocial - this is just a different name for the same algorithm.
---
 core/signatures.py | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/core/signatures.py b/core/signatures.py
index 9434588..e78a3cb 100644
--- a/core/signatures.py
+++ b/core/signatures.py
@@ -160,7 +160,12 @@ class HttpSignature:
             raise VerificationFormatError("No signature header present")
         signature_details = cls.parse_signature(request.headers["signature"])
         # Reject unknown algorithms
-        if signature_details["algorithm"] != "rsa-sha256":
+        # hs2019 is used by some libraries to obfuscate the real algorithm per the spec
+        # https://datatracker.ietf.org/doc/html/draft-cavage-http-signatures-12
+        if (
+            signature_details["algorithm"] != "rsa-sha256"
+            and signature_details["algorithm"] != "hs2019"
+        ):
             raise VerificationFormatError("Unknown signature algorithm")
         # Create the signature payload
         headers_string = cls.headers_from_request(request, signature_details["headers"])