Yet another HTTP signature Mastodon POST problem (golang)

ActivityPub Server to Server
1

Here’s my code, have been banging my head against a wall for a few days:

r, err := http.NewRequest("POST", "https://c.im/users/matthewp/inbox", bytes.NewReader(b))
if err != nil {
	return "", err
}
r.Header.Set("Content-Type", `application/ld+json; profile="http://www.w3.org/ns/activitystreams"`)
r.Header.Add("Accept-Charset", "utf-8")
r.Header.Add("User-Agent", "example")
r.Header.Set("Host", "c.im")
prefs := []httpsig.Algorithm{httpsig.RSA_SHA256}
digestAlgorithm := httpsig.DigestSha256
headersToSign := []string{httpsig.RequestTarget, "host", "date", "digest"}
signer, _, err := httpsig.NewSigner(prefs, digestAlgorithm, headersToSign, httpsig.Signature, 120)
if err != nil {
	return "", err
}
now := time.Now().UTC()
r.Header.Set("Date", now.Format(http.TimeFormat))
priv, err := ssh.ParseRawPrivateKey(PrivateKeyBytes)
if err != nil {
	return "", err
}
err = signer.SignRequest(priv, "https://social.spooky.click/users/matthew#main-key", r, b)
if err != nil {
	return "", err
}

client := &http.Client{}
fmt.Printf("Headers: %+v\n", r.Header)
resp, err := client.Do(r)
2

This gets a 202 but never gets a request to my inbox

3

Is it possible this part is wrong? Am I loading the wrong type of private key? I would think that if the signature was wrong I’d get a non-202. Could that mean that the activity is the part that’s wrong?

4

This is the body I’m sending:

{
	"@context" : "https://www.w3.org/ns/activitystreams",
	"id" : "https://social.spooky.click/16606771-befe-483b-9e2c-0b8b85062374",
	"type" : "Follow",
	"actor" : "https://social.spooky.click/users/matthew",
	"object" : "https://c.im/@matthewp"
}
5

This turned out to be 2 things:

  1. My object here is the alias and not the id.
  2. More importantly, my firewall was blocking all POSTs. :man_facepalming:
1 Like
6

Yes, 202 means that the signature validated successfully