try this again

1 files changed, 30 insertions, 40 deletions

diff --git a/registry/registry.go b/registry/registry.go
index 6733c74..1901f0c 100644
--- a/registry/registry.go
+++ b/registry/registry.go
@@ -3,9 +3,6 @@ package registry
 import (
 	"bytes"
 	"context"
-	"crypto"
-	"crypto/rand"
-	"crypto/rsa"
 	"crypto/sha256"
 	"crypto/x509"
 	"encoding/base64"
@@ -288,51 +285,44 @@ func (r *Registry) deliverAcceptToInbox(url, actorUrl, actorKeyUrl *url.URL, fol
 		request.Header.Get("host"),
 	).Debugf("signing request")
 
-	digestBytes := sha256.Sum256([]byte(signedString))
-
-	fmt.Println()
-	fmt.Println()
-	fmt.Println("'" + signedString + "'")
-	fmt.Println()
-	fmt.Println()
+	//manual mode
+	// digestBytes := sha256.Sum256([]byte(signedString))
+	// r.mu.Lock()
+	// signature, err := rsa.SignPKCS1v15(rand.Reader, privKey, crypto.SHA256, digestBytes[:])
+	// if err != nil {
+	// 	return err
+	// }
 
-	r.mu.Lock()
-	signature, err := rsa.SignPKCS1v15(rand.Reader, privKey, crypto.SHA256, digestBytes[:])
-	if err != nil {
-		return err
-	}
+	// // TODO sanity check: decode our own public key from our PEM representation and attempt to verify
+	// err = rsa.VerifyPKCS1v15(&privKey.PublicKey, crypto.SHA256, digestBytes[:], signature)
+	// if err != nil {
+	// 	return err
+	// } else {
+	// 	r.log.With("type", "delivery").Debugf("verified own signature")
+	// }
+	// r.mu.Unlock()
 
-	// sanity check: decode our own public key from our PEM representation and attempt to verify
+	// b64sig := base64.StdEncoding.Strict().EncodeToString(signature)
+	// var header = `keyId="` + actorKeyUrl.String() + `",algorithm="hs2019",headers="(request-target) date digest host",signature="` + b64sig + `"`
+	// request.Header.Add("Signature", header)
 
-	err = rsa.VerifyPKCS1v15(&privKey.PublicKey, crypto.SHA256, digestBytes[:], signature)
+	//http sig signing code - broken?
+	r.mu.Lock()
+	prefs := []httpsig.Algorithm{}
+	digestAlgorithm := httpsig.DigestSha256
+	// The "Date" and "Digest" headers must already be set on r, as well as r.URL.
+	headersToSign := []string{httpsig.RequestTarget, "host", "date", "digest", "content-type"}
+	signer, _, err := httpsig.NewSigner(prefs, digestAlgorithm, headersToSign, httpsig.Signature, 100)
 	if err != nil {
 		return err
-	} else {
-		r.log.With("type", "delivery").Debugf("verified own signature")
 	}
+	// To sign the digest, we need to give the signer a copy of the body...
+	// ...but it is optional, no digest will be signed if given "nil"
+	// body := nil
+	// If r were a http.ResponseWriter, call SignResponse instead.
+	err = signer.SignRequest(privKey, actorKeyUrl.String(), request, jsonData)
 	r.mu.Unlock()
 
-	b64sig := base64.StdEncoding.Strict().EncodeToString(signature)
-	var header = `keyId="` + actorKeyUrl.String() + `",algorithm="hs2019",headers="(request-target) date digest host",signature="` + b64sig + `"`
-	request.Header.Add("Signature", header)
-
-	//http sig signing code - broken?
-	// r.mu.Lock()
-	// prefs := []httpsig.Algorithm{}
-	// digestAlgorithm := httpsig.DigestSha256
-	// // The "Date" and "Digest" headers must already be set on r, as well as r.URL.
-	// headersToSign := []string{httpsig.RequestTarget, "host", "date", "digest", "content-type"}
-	// signer, _, err := httpsig.NewSigner(prefs, digestAlgorithm, headersToSign, httpsig.Signature, 100)
-	// if err != nil {
-	// 	return err
-	// }
-	// // To sign the digest, we need to give the signer a copy of the body...
-	// // ...but it is optional, no digest will be signed if given "nil"
-	// // body := nil
-	// // If r were a http.ResponseWriter, call SignResponse instead.
-	// err = signer.SignRequest(privKey, actorKeyUrl.String(), request, jsonData)
-	// r.mu.Unlock()
-
 	// // HACK
 	// oldSig := request.Header.Get("signature")
 	// request.Header.Set("signature", strings.ReplaceAll(oldSig, "hs2019", "rsa-sha256"))