From 786d49b884124e5cf83594558974999078b90242 Mon Sep 17 00:00:00 2001 From: Julio Capote Date: Thu, 5 Jan 2023 19:14:57 -0500 Subject: work on signature string --- registry/registry.go | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/registry/registry.go b/registry/registry.go index 5f128f5..01d92c7 100644 --- a/registry/registry.go +++ b/registry/registry.go @@ -266,6 +266,12 @@ func (r *Registry) deliverAcceptToInbox(url, actorUrl, actorKeyUrl *url.URL, fol request.Header.Set("Content-Type", "application/activity+json") request.Header.Set("Host", url.Host) + h := sha256.New() + h.Write(jsonData) + digestHeader := base64.StdEncoding.EncodeToString(h.Sum(nil)) + request.Header.Add("Digest", "SHA-256="+digestHeader) + request.Header.Add("Content-Type", "application/activity+json") + r.log.With( "type", "delivery", @@ -280,7 +286,7 @@ func (r *Registry) deliverAcceptToInbox(url, actorUrl, actorKeyUrl *url.URL, fol request.Header.Get("host"), ).Debugf("signing request") - signed_string := fmt.Sprintf("(request-target): post %s\nhost: %s\ndate: %s", url.Path, url.Host, date) + signed_string := fmt.Sprintf("(request-target): post %s\ncontent-type: %s\ndate: %s\ndigest: %s\nhost: %s", url.Path, request.Header.Get("Content-Type"), date, digestHeader, url.Host) digest := sha256.New() digest.Write([]byte(signed_string)) @@ -291,13 +297,7 @@ func (r *Registry) deliverAcceptToInbox(url, actorUrl, actorKeyUrl *url.URL, fol r.mu.Unlock() b64sig := base64.StdEncoding.EncodeToString(signature) - - h := sha256.New() - h.Write(jsonData) var header = `keyId="` + actorKeyUrl.String() + `",algorithm="rsa-sha256",headers="(request-target) content-type date digest host",signature="` + b64sig + `"` - - request.Header.Add("Digest", "SHA-256="+base64.StdEncoding.EncodeToString(h.Sum(nil))) - request.Header.Add("Content-Type", "application/activity+json") request.Header.Add("Signature", header) //http sig signing code - broken? -- cgit v1.2.3