From b2b88253f5cc4221b01ed860b02ae156941e03ce Mon Sep 17 00:00:00 2001 From: pdp8 Date: Sun, 23 Apr 2023 16:37:01 +0200 Subject: http signatures (beware of encodings!) --- post.rb | 32 +++++++++++++++++++++++++------- 1 file changed, 25 insertions(+), 7 deletions(-) mode change 100644 => 100755 post.rb (limited to 'post.rb') diff --git a/post.rb b/post.rb old mode 100644 new mode 100755 index dc881b1..ed7a964 --- a/post.rb +++ b/post.rb @@ -1,12 +1,30 @@ -require 'http' +#!/usr/bin/env ruby +require 'json' +require 'time' require 'openssl' +require 'base64' +require 'net/http' +require 'uri' -document = File.read('create-hello-world.json') +document = { "a" => 2 } # .to_json date = Time.now.utc.httpdate keypair = OpenSSL::PKey::RSA.new(File.read('private.pem')) -signed_string = "(request-target): post /inbox\nhost: mastodon.social\ndate: #{date}" -signature = Base64.strict_encode64(keypair.sign(OpenSSL::Digest::SHA256.new, signed_string)) -header = 'keyId="https://my-example.com/actor",headers="(request-target) host date",signature="' + signature + '"' +signed_string = "(request-target): post /inbox\nhost: social.pdp8.info\ndate: #{date}" +signed_string = keypair.sign(OpenSSL::Digest::SHA256.new, signed_string) +signature = Base64.urlsafe_encode64(signed_string).encode("UTF-8") +signed_header = 'keyId="https://social.pdp8.info/pdp8",headers="(request-target) host date",signature="' + signature + '"' -HTTP.headers({ 'Host': 'mastodon.social', 'Date': date, 'Signature': header }) - .post('https://mastodon.social/inbox', body: document) +uri = URI.parse("https://social.pdp8.info/inbox") +http = Net::HTTP.new(uri.host, uri.port) +http.use_ssl = true +http.verify_mode = OpenSSL::SSL::VERIFY_NONE +header = { + 'Host' => 'social.pdp8.info', + 'Date' => date, + 'Signature' => signed_header, +} +request = Net::HTTP::Post.new(uri.request_uri, header) +request.body = document.to_json + +response = http.request(request) +puts(response.body, response.code) -- cgit v1.2.3