So I added some tor debug traces and had this values for those parameters at the end.
That parameters seems OK, but
`list($verified, $headers) = HTTPSignature::verify($actor_public_key, $signatureData, $headers, $path, $body);'
returns
verified: 0
headers: (request-target): post /inbox.json
host: gnusocial.sierranorte.red
date: Mon, 20 Jan 2020 14:49:11 GMT
digest: SHA-256=YHe2Dz7P9LBqoYYMlbTyed1Ph2hO5ztUS7480s2evEE=
Then, I've commented the validation code at the end of handle() function to test the rest of the process and notices and replies comes to my timeline as for example this mastodon.social user.
body: {"@context":["https://www.w3.org/ns/activitystreams",{"ostatus":"http://ostatus.org#","atomUri":"ostatus:atomUri","inReplyToAtomUri":"ostatus:inReplyToAtomUri","conversation":"ostatus:conversation","sensitive":"as:sensitive","toot":"http://joinmastodon.org/ns#","votersCount":"toot:votersCount","Hashtag":"as:Hashtag"}],"id":"https://mastodon.social/users/victorhck/statuses/103515932057829491/activity","type":"Create","actor":"https://mastodon.social/users/victorhck","published":"2020-01-20T13:42:51Z","to":["https://www.w3.org/ns/activitystreams#Public"],"cc":["https://mastodon.social/users/victorhck/followers"],"object":{"id":"https://mastodon.social/users/victorhck/statuses/103515932057829491","type":"Note","summary":null,"inReplyTo":null,"published":"2020-01-20T13:42:51Z","url":"https://mastodon.social/@victorhck/103515932057829491","attributedTo":"https://mastodon.social/users/victorhck","to":["https://www.w3.org/ns/activitystreams#Public"],"cc":["https://mastodon.social/users/victorhck/followers"],"sensitive":false,"atomUri":"https://mastodon.social/users/victorhck/statuses/103515932057829491","inReplyToAtomUri":null,"conversation":"tag:mastodon.social,2020-01-20:objectId=148736816:objectType=Conversation","content":"\u003cp\u003eUn cantaor grita «¡Vámonos!» en pleno concierto y se marcha todo el público \u003ca href=\"https://www.elmundotoday.com/2020/01/un-cantaor-grita-vamonos-en-pleno-concierto-y-se-marcha-todo-el-publico/\" rel=\"nofollow noopener noreferrer\" target=\"_blank\"\u003e\u003cspan class=\"invisible\"\u003ehttps://www.\u003c/span\u003e\u003cspan class=\"ellipsis\"\u003eelmundotoday.com/2020/01/un-ca\u003c/span\u003e\u003cspan class=\"invisible\"\u003entaor-grita-vamonos-en-pleno-concierto-y-se-marcha-todo-el-publico/\u003c/span\u003e\u003c/a\u003e \u003ca href=\"https://mastodon.social/tags/GazpachitodeUtrera\" class=\"mention hashtag\" rel=\"tag\"\u003e#\u003cspan\u003eGazpachitodeUtrera\u003c/span\u003e\u003c/a\u003e \u003ca href=\"https://mastodon.social/tags/flamenco\" class=\"mention hashtag\" rel=\"tag\"\u003e#\u003cspan\u003eflamenco\u003c/span\u003e\u003c/a\u003e \u003ca href=\"https://mastodon.social/tags/Cultura\" class=\"mention hashtag\" rel=\"tag\"\u003e#\u003cspan\u003eCultura\u003c/span\u003e\u003c/a\u003e \u003ca href=\"https://mastodon.social/tags/cantaor\" class=\"mention hashtag\" rel=\"tag\"\u003e#\u003cspan\u003ecantaor\u003c/span\u003e\u003c/a\u003e \u003ca href=\"https://mastodon.social/tags/P%C3%BAblico\" class=\"mention hashtag\" rel=\"tag\"\u003e#\u003cspan\u003ePúblico\u003c/span\u003e\u003c/a\u003e \u003ca href=\"https://mastodon.social/tags/duende\" class=\"mention hashtag\" rel=\"tag\"\u003e#\u003cspan\u003eduende\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e","contentMap":{"es":"\u003cp\u003eUn cantaor grita «¡Vámonos!» en pleno concierto y se marcha todo el público \u003ca href=\"https://www.elmundotoday.com/2020/01/un-cantaor-grita-vamonos-en-pleno-concierto-y-se-marcha-todo-el-publico/\" rel=\"nofollow noopener noreferrer\" target=\"_blank\"\u003e\u003cspan class=\"invisible\"\u003ehttps://www.\u003c/span\u003e\u003cspan class=\"ellipsis\"\u003eelmundotoday.com/2020/01/un-ca\u003c/span\u003e\u003cspan class=\"invisible\"\u003entaor-grita-vamonos-en-pleno-concierto-y-se-marcha-todo-el-publico/\u003c/span\u003e\u003c/a\u003e \u003ca href=\"https://mastodon.social/tags/GazpachitodeUtrera\" class=\"mention hashtag\" rel=\"tag\"\u003e#\u003cspan\u003eGazpachitodeUtrera\u003c/span\u003e\u003c/a\u003e \u003ca href=\"https://mastodon.social/tags/flamenco\" class=\"mention hashtag\" rel=\"tag\"\u003e#\u003cspan\u003eflamenco\u003c/span\u003e\u003c/a\u003e \u003ca href=\"https://mastodon.social/tags/Cultura\" class=\"mention hashtag\" rel=\"tag\"\u003e#\u003cspan\u003eCultura\u003c/span\u003e\u003c/a\u003e \u003ca href=\"https://mastodon.social/tags/cantaor\" class=\"mention hashtag\" rel=\"tag\"\u003e#\u003cspan\u003ecantaor\u003c/span\u003e\u003c/a\u003e \u003ca href=\"https://mastodon.social/tags/P%C3%BAblico\" class=\"mention hashtag\" rel=\"tag\"\u003e#\u003cspan\u003ePúblico\u003c/span\u003e\u003c/a\u003e \u003ca href=\"https://mastodon.social/tags/duende\" class=\"mention hashtag\" rel=\"tag\"\u003e#\u003cspan\u003eduende\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e"},"attachment":[],"tag":[{"type":"Hashtag","href":"https://mastodon.social/tags/duende","name":"#duende"},{"type":"Hashtag","href":"https://mastodon.social/tags/p%C3%BAblico","name":"#público"},{"type":"Hashtag","href":"https://mastodon.social/tags/cantaor","name":"#cantaor"},{"type":"Hashtag","href":"https://mastodon.social/tags/cultura","name":"#cultura"},{"type":"Hashtag","href":"https://mastodon.social/tags/flamenco","name":"#flamenco"},{"type":"Hashtag","href":"https://mastodon.social/tags/GazpachitodeUtrera","name":"#GazpachitodeUtrera"}],"replies":{"id":"https://mastodon.social/users/victorhck/statuses/103515932057829491/replies","type":"Collection","first":{"type":"CollectionPage","next":"https://mastodon.social/users/victorhck/statuses/103515932057829491/replies?only_other_accounts=true\u0026page=true","partOf":"https://mastodon.social/users/victorhck/statuses/103515932057829491/replies","items":[]}}},"signature":{"type":"RsaSignature2017","creator":"https://mastodon.social/users/victorhck#main-key","created":"2020-01-20T13:42:52Z","signatureValue":"mUrODNBalDdRm1/yuOEcg8dJnxWcHp9oWdSVyue/xO0qXZBHTXGLnQS+sw/FFMIUOAYAINiYsR7pofle/v0vPdgy9edJHresmnO8dDiwTEaO7HnaJaxU6LNVWooVwY2xw5aXpyqDLqhRVpon/9XPW5XAaqUATDNXW3qT84JDbPZ28MOvwEQH9z1YvkqH6IbgafR176ddc0Y+4SqmNRD2ZURTVFPpZAVtkpFiCCc8tzBV0UjvyDizk14lwxexgwaF4EuOzTNlnnQKbeiwfYLcew+iQqhCAluiwtVMcwrDQSy6LxWxP7DMfXcEB1848ecaCPStB4VoTbIPQ2RiQ86Stw=="}}
2020-01-20 13:42:53 LOG_INFO: [gnusocial.sierranorte.red:19209.a3b53881 POST /inbox.json] HTTPClient: HTTP GET https://mastodon.social/users/victorhck - 200 OK
2020-01-20 13:42:53 LOG_DEBUG: [gnusocial.sierranorte.red:19209.a3b53881 POST /inbox.json] ActivityPub Explorer: Found a valid remote actor for https://mastodon.social/users/victorhck
Hope it helps!
Colegota
Hi!
Did build a new instance at https://gnusocial.sierranorte.red with the first aim to test an debug.
Now it's running Nightly/2.0-dev from scratch.
With AP plugin enabled I can follow Mastodon 3.x accounts but timelines does not show their notices.
Then I've found that notices appears at debug log as they come to the server but finally gives an error due to signature validation.
`2020-01-20 07:25:37 LOG_DEBUG: [gnusocial.sierranorte.red:11156.e9a03dac POST /inbox.json] ActivityPub Inbox: HTTP Signature: Invalid signature.`
https://notabug.org/diogo/gnu-social/src/nightly/plugins/ActivityPub/actions/apinbox.php#L130
The result is for the call to
[list($verified, /*$headers*/) = HTTPSignature::verify($actor_public_key, $signatureData, $headers, $path, $body);](https://notabug.org/diogo/gnu-social/src/nightly/plugins/ActivityPub/actions/apinbox.php#L125)
So I added some tor debug traces and had this values for those parameters at the end.
That parameters seems OK, but
`list($verified, $headers) = HTTPSignature::verify($actor_public_key, $signatureData, $headers, $path, $body);'
returns
~~~
verified: 0
headers: (request-target): post /inbox.json
host: gnusocial.sierranorte.red
date: Mon, 20 Jan 2020 14:49:11 GMT
digest: SHA-256=YHe2Dz7P9LBqoYYMlbTyed1Ph2hO5ztUS7480s2evEE=
~~~
Then, I've commented the validation code at the end of handle() function to test the rest of the process and notices and replies comes to my timeline as for example this mastodon.social user.
https://gnusocial.sierranorte.red/user/61
Below are the paramters in call to
`list($verified, $headers) = HTTPSignature::verify($actor_public_key, $signatureData, $headers, $path, $body);`
~~~
actor_public_key: -----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7y34s/IBMGPLl4bKxKGH
TBRK0jdmEnhjRvDUGGy3ogfYAMd/g7ffLUzhGXVi14I7C+zNIU06c8Fp77Zb341d
PMK87ftDd4etcsR4lAIoCGE7jPOVyf+/TKVMv5u6zvo4Nxb9q/Ux/RCRZOQcgoqM
gWWYxspejjc9EF8W3+k2tNQhgJJk623UieCsR+nXNuvdV3+emWoQ9ka+u7X8rwaT
hTIHIKOb+zC+CG+BjCzTZJgJyz87zZSlKyv5acfMUWyV6W6kBZe4YsGpUAX4p5Xi
FsdbcVck3sjjYqWV+S9mbpK1lzF22jBczatN8iMhi/LMsaa5lAkjK66FcgNOrSu5
9QIDAQAB
-----END PUBLIC KEY-----
~~~
~~~
Request Headers: Array
(
[connection] => Keep-Alive
[signature] => keyId="https://mastodon.social/users/victorhck#main-key",algorithm="rsa-sha256",headers="(request-target) host date digest content-type",signature="IiFUvRSwo6LBFQs0BPI6agSaXSzSvWsv8hblz29GoVA4UK50QvpuHyjOBzEPuI9Qcsu1ZfWm9J8yST0UThwCYGlpg9gAGCOf4FYaElh745BfC2CKvsIMrFu6a5fu+VOc9hirtTFh9XYhoW8/7BU7AUTYX21jX1VhKNbRqea5xJjVxzCHRnUA4EIXi7Q04QMQ3GUXmCr/wbtBTFiJCG5TuBMMkVMx+cEj5wxyR2gHLFHPirje+X+HQU5s1wpuQOcZ705JmrKkMSAz5a2QkYNWucsxRXaa0L5wFWSMTkVzTj8nLaLB+tCEB1VdPOh5zHd608xwfCgs2QU0xQxHwHZfnA=="
[digest] => SHA-256=xxbPGkw6LF9TnL5K7fD85TpU3XUAC4PpyciXcvl+oXY=
[accept-encoding] => gzip
[date] => Mon, 20 Jan 2020 13:42:52 GMT
[host] => gnusocial.sierranorte.red
[user-agent] => http.rb/3.3.0 (Mastodon/3.0.1; +https://mastodon.social/)
)
~~~
~~~
path: /inbox.json
~~~
~~~
body: {"@context":["https://www.w3.org/ns/activitystreams",{"ostatus":"http://ostatus.org#","atomUri":"ostatus:atomUri","inReplyToAtomUri":"ostatus:inReplyToAtomUri","conversation":"ostatus:conversation","sensitive":"as:sensitive","toot":"http://joinmastodon.org/ns#","votersCount":"toot:votersCount","Hashtag":"as:Hashtag"}],"id":"https://mastodon.social/users/victorhck/statuses/103515932057829491/activity","type":"Create","actor":"https://mastodon.social/users/victorhck","published":"2020-01-20T13:42:51Z","to":["https://www.w3.org/ns/activitystreams#Public"],"cc":["https://mastodon.social/users/victorhck/followers"],"object":{"id":"https://mastodon.social/users/victorhck/statuses/103515932057829491","type":"Note","summary":null,"inReplyTo":null,"published":"2020-01-20T13:42:51Z","url":"https://mastodon.social/@victorhck/103515932057829491","attributedTo":"https://mastodon.social/users/victorhck","to":["https://www.w3.org/ns/activitystreams#Public"],"cc":["https://mastodon.social/users/victorhck/followers"],"sensitive":false,"atomUri":"https://mastodon.social/users/victorhck/statuses/103515932057829491","inReplyToAtomUri":null,"conversation":"tag:mastodon.social,2020-01-20:objectId=148736816:objectType=Conversation","content":"\u003cp\u003eUn cantaor grita «¡Vámonos!» en pleno concierto y se marcha todo el público \u003ca href=\"https://www.elmundotoday.com/2020/01/un-cantaor-grita-vamonos-en-pleno-concierto-y-se-marcha-todo-el-publico/\" rel=\"nofollow noopener noreferrer\" target=\"_blank\"\u003e\u003cspan class=\"invisible\"\u003ehttps://www.\u003c/span\u003e\u003cspan class=\"ellipsis\"\u003eelmundotoday.com/2020/01/un-ca\u003c/span\u003e\u003cspan class=\"invisible\"\u003entaor-grita-vamonos-en-pleno-concierto-y-se-marcha-todo-el-publico/\u003c/span\u003e\u003c/a\u003e \u003ca href=\"https://mastodon.social/tags/GazpachitodeUtrera\" class=\"mention hashtag\" rel=\"tag\"\u003e#\u003cspan\u003eGazpachitodeUtrera\u003c/span\u003e\u003c/a\u003e \u003ca href=\"https://mastodon.social/tags/flamenco\" class=\"mention hashtag\" rel=\"tag\"\u003e#\u003cspan\u003eflamenco\u003c/span\u003e\u003c/a\u003e \u003ca href=\"https://mastodon.social/tags/Cultura\" class=\"mention hashtag\" rel=\"tag\"\u003e#\u003cspan\u003eCultura\u003c/span\u003e\u003c/a\u003e \u003ca href=\"https://mastodon.social/tags/cantaor\" class=\"mention hashtag\" rel=\"tag\"\u003e#\u003cspan\u003ecantaor\u003c/span\u003e\u003c/a\u003e \u003ca href=\"https://mastodon.social/tags/P%C3%BAblico\" class=\"mention hashtag\" rel=\"tag\"\u003e#\u003cspan\u003ePúblico\u003c/span\u003e\u003c/a\u003e \u003ca href=\"https://mastodon.social/tags/duende\" class=\"mention hashtag\" rel=\"tag\"\u003e#\u003cspan\u003eduende\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e","contentMap":{"es":"\u003cp\u003eUn cantaor grita «¡Vámonos!» en pleno concierto y se marcha todo el público \u003ca href=\"https://www.elmundotoday.com/2020/01/un-cantaor-grita-vamonos-en-pleno-concierto-y-se-marcha-todo-el-publico/\" rel=\"nofollow noopener noreferrer\" target=\"_blank\"\u003e\u003cspan class=\"invisible\"\u003ehttps://www.\u003c/span\u003e\u003cspan class=\"ellipsis\"\u003eelmundotoday.com/2020/01/un-ca\u003c/span\u003e\u003cspan class=\"invisible\"\u003entaor-grita-vamonos-en-pleno-concierto-y-se-marcha-todo-el-publico/\u003c/span\u003e\u003c/a\u003e \u003ca href=\"https://mastodon.social/tags/GazpachitodeUtrera\" class=\"mention hashtag\" rel=\"tag\"\u003e#\u003cspan\u003eGazpachitodeUtrera\u003c/span\u003e\u003c/a\u003e \u003ca href=\"https://mastodon.social/tags/flamenco\" class=\"mention hashtag\" rel=\"tag\"\u003e#\u003cspan\u003eflamenco\u003c/span\u003e\u003c/a\u003e \u003ca href=\"https://mastodon.social/tags/Cultura\" class=\"mention hashtag\" rel=\"tag\"\u003e#\u003cspan\u003eCultura\u003c/span\u003e\u003c/a\u003e \u003ca href=\"https://mastodon.social/tags/cantaor\" class=\"mention hashtag\" rel=\"tag\"\u003e#\u003cspan\u003ecantaor\u003c/span\u003e\u003c/a\u003e \u003ca href=\"https://mastodon.social/tags/P%C3%BAblico\" class=\"mention hashtag\" rel=\"tag\"\u003e#\u003cspan\u003ePúblico\u003c/span\u003e\u003c/a\u003e \u003ca href=\"https://mastodon.social/tags/duende\" class=\"mention hashtag\" rel=\"tag\"\u003e#\u003cspan\u003eduende\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e"},"attachment":[],"tag":[{"type":"Hashtag","href":"https://mastodon.social/tags/duende","name":"#duende"},{"type":"Hashtag","href":"https://mastodon.social/tags/p%C3%BAblico","name":"#público"},{"type":"Hashtag","href":"https://mastodon.social/tags/cantaor","name":"#cantaor"},{"type":"Hashtag","href":"https://mastodon.social/tags/cultura","name":"#cultura"},{"type":"Hashtag","href":"https://mastodon.social/tags/flamenco","name":"#flamenco"},{"type":"Hashtag","href":"https://mastodon.social/tags/GazpachitodeUtrera","name":"#GazpachitodeUtrera"}],"replies":{"id":"https://mastodon.social/users/victorhck/statuses/103515932057829491/replies","type":"Collection","first":{"type":"CollectionPage","next":"https://mastodon.social/users/victorhck/statuses/103515932057829491/replies?only_other_accounts=true\u0026page=true","partOf":"https://mastodon.social/users/victorhck/statuses/103515932057829491/replies","items":[]}}},"signature":{"type":"RsaSignature2017","creator":"https://mastodon.social/users/victorhck#main-key","created":"2020-01-20T13:42:52Z","signatureValue":"mUrODNBalDdRm1/yuOEcg8dJnxWcHp9oWdSVyue/xO0qXZBHTXGLnQS+sw/FFMIUOAYAINiYsR7pofle/v0vPdgy9edJHresmnO8dDiwTEaO7HnaJaxU6LNVWooVwY2xw5aXpyqDLqhRVpon/9XPW5XAaqUATDNXW3qT84JDbPZ28MOvwEQH9z1YvkqH6IbgafR176ddc0Y+4SqmNRD2ZURTVFPpZAVtkpFiCCc8tzBV0UjvyDizk14lwxexgwaF4EuOzTNlnnQKbeiwfYLcew+iQqhCAluiwtVMcwrDQSy6LxWxP7DMfXcEB1848ecaCPStB4VoTbIPQ2RiQ86Stw=="}}
2020-01-20 13:42:53 LOG_INFO: [gnusocial.sierranorte.red:19209.a3b53881 POST /inbox.json] HTTPClient: HTTP GET https://mastodon.social/users/victorhck - 200 OK
2020-01-20 13:42:53 LOG_DEBUG: [gnusocial.sierranorte.red:19209.a3b53881 POST /inbox.json] ActivityPub Explorer: Found a valid remote actor for https://mastodon.social/users/victorhck
~~~
Hope it helps!
Colegota
Don't know if this is correct...
As seen in [manual, openssl_verify() first argument](https://www.php.net/manual/en/function.openssl-verify.php) must be an string, but it receives an array:
signingString:
`(request-target): post /inbox.json
digest: SHA-256=5BzkbCPUSd8UFrq3srpatTBMHnThhSy/QHI6aK3fHNs=`
https://notabug.org/diogo/gnu-social/src/nightly/plugins/ActivityPub/lib/httpsignature.php#L176
Fixed with https://notabug.org/diogo/gnu-social/commit/737f3eb55338a2d196b281114b9bb72e0a53168c . Related to https://notabug.org/diogo/gnu-social/issues/108
Hi!
Did build a new instance at https://gnusocial.sierranorte.red with the first aim to test an debug. Now it's running Nightly/2.0-dev from scratch.
With AP plugin enabled I can follow Mastodon 3.x accounts but timelines does not show their notices.
Then I've found that notices appears at debug log as they come to the server but finally gives an error due to signature validation.
2020-01-20 07:25:37 LOG_DEBUG: [gnusocial.sierranorte.red:11156.e9a03dac POST /inbox.json] ActivityPub Inbox: HTTP Signature: Invalid signature.
https://notabug.org/diogo/gnu-social/src/nightly/plugins/ActivityPub/actions/apinbox.php#L130
The result is for the call to
list($verified, /$headers/) = HTTPSignature::verify($actor_public_key, $signatureData, $headers, $path, $body);
So I added some tor debug traces and had this values for those parameters at the end.
That parameters seems OK, but `list($verified, $headers) = HTTPSignature::verify($actor_public_key, $signatureData, $headers, $path, $body);' returns
Then, I've commented the validation code at the end of handle() function to test the rest of the process and notices and replies comes to my timeline as for example this mastodon.social user.
https://gnusocial.sierranorte.red/user/61
Below are the paramters in call to
list($verified, $headers) = HTTPSignature::verify($actor_public_key, $signatureData, $headers, $path, $body);
Hope it helps! Colegota
Hi,
I can confirm this. I've commented out 129 to 132 in apinbox.php, and notices from Mastodon 3.0 and 3.1 have started to arrive.
Don't know if this is correct...
As seen in manual, openssl_verify() first argument must be an string, but it receives an array:
signingString:
(request-target): post /inbox.json digest: SHA-256=5BzkbCPUSd8UFrq3srpatTBMHnThhSy/QHI6aK3fHNs=
https://notabug.org/diogo/gnu-social/src/nightly/plugins/ActivityPub/lib/httpsignature.php#L176
Fixed with
737f3eb553
. Related to #108