HttpSignature use - (Failing requests from Mastodon)

[daemionfox]

So this is less a problem with the library and more of a problem with my use of it. But when trying to validate signatures coming from a mastodon Follow request, the httpsignature->verify fails every time.

I'm following the examples and I don't know where things are going sideways on this. Any information to help clear this up would be great.

Thanks

@phpfox@furry.engineer

[jorijn]

I'm running into this problem as well.

[landrok]

Hi @daemionfox and @jorijn ,

could you please provide the following informations :

• the part of your script to where it happens
• error message and stack trace (if possible)

Thanks

[jorijn]

Hi @landrok

Here's a Symfony controller that is able to reproduce the issue.

<?php

namespace App\Controller;
use ActivityPhp\Server;
use ActivityPhp\Server\Http\HttpSignature;
use ActivityPhp\Type;
use Symfony\Component\HttpFoundation\JsonResponse;
use Symfony\Component\HttpFoundation\Request;

class InboxController
{
    public function __construct(private Server $server)
    {
    }

    public function index(Request $request)
    {
        $httpSignature = new HttpSignature($this->server);
        if (!$httpSignature->verify($request)) {
            return new JsonResponse(['error' => 'Unauthorized'], 401);
        }

        // validation passed

        return new JsonResponse('Hello World!');
    }
}

The server object is created by a factory method:

public function createServer(): Server
    {
        return new Server([
            'logger'     => [],
            'instance'   => [
                'host' => 'localhost',
                'port' => 8000,
                'types' => 'include'
            ],
            'cache'      => [
                'enabled' => false
            ],
            'http'       => [],
            'dialects'   => [],
            'ontologies'   => [
                '*'
            ],
        ]);
    }

[landrok]

Thanks for your quick return.

At each step of the validation process, HttpSignature provides some logs (info and debug levels).

If the info level is not sufficient, you can activate the debug one.

https://github.com/landrok/activitypub/blob/master/src/ActivityPhp/Server/Http/HttpSignature.php#L72

The goal is to identifiy which step fails.

First, a Signature key must be provided in the headers.

Can you test with those different levels and provide logs if needed ?

[jorijn]

Sure. Here you go:

[PHP-FPM    ] [04-Apr-2024 07:26:33 UTC] [info] Matched route "app_inbox".
[PHP-FPM    ] [04-Apr-2024 07:26:33 UTC] [debug] Notified event "kernel.request" to listener "Symfony\Component\HttpKernel\EventListener\DebugHandlersListener::configure".
[PHP-FPM    ] [04-Apr-2024 07:26:33 UTC] [debug] Notified event "kernel.request" to listener "Symfony\Component\HttpKernel\EventListener\ValidateRequestListener::onKernelRequest".
[PHP-FPM    ] [04-Apr-2024 07:26:33 UTC] [debug] Notified event "kernel.request" to listener "Symfony\Component\HttpKernel\EventListener\SessionListener::onKernelRequest".
[PHP-FPM    ] [04-Apr-2024 07:26:33 UTC] [debug] Notified event "kernel.request" to listener "Symfony\Component\HttpKernel\EventListener\LocaleListener::setDefaultLocale".
[PHP-FPM    ] [04-Apr-2024 07:26:33 UTC] [debug] Notified event "kernel.request" to listener "Symfony\Component\HttpKernel\EventListener\RouterListener::onKernelRequest".
[PHP-FPM    ] [04-Apr-2024 07:26:33 UTC] [debug] Notified event "kernel.request" to listener "Symfony\Component\HttpKernel\EventListener\LocaleListener::onKernelRequest".
[PHP-FPM    ] [04-Apr-2024 07:26:33 UTC] [debug] Notified event "kernel.request" to listener "Symfony\Component\HttpKernel\EventListener\LocaleAwareListener::onKernelRequest".
[PHP-FPM    ] [04-Apr-2024 07:26:33 UTC] [debug] Notified event "kernel.controller" to listener "Symfony\Bundle\FrameworkBundle\DataCollector\RouterDataCollector::onKernelController".
[PHP-FPM    ] [04-Apr-2024 07:26:33 UTC] [debug] Notified event "kernel.controller" to listener "Symfony\Component\HttpKernel\DataCollector\RequestDataCollector::onKernelController".
[PHP-FPM    ] [04-Apr-2024 07:26:33 UTC] [debug] Notified event "kernel.controller_arguments" to listener "Symfony\Component\HttpKernel\EventListener\CacheAttributeListener::onKernelControllerArguments".
[PHP-FPM    ] [04-Apr-2024 07:26:33 UTC] [debug] Notified event "kernel.controller_arguments" to listener "Symfony\Component\HttpKernel\EventListener\ErrorListener::onControllerArguments".
[PHP-FPM    ] Apr  4 07:26:33 |DEBUG  | GLOBAL Signature 0="nk8tDpHmZqMuS5MLdKTmPoeRLsz9nm4n3zhlBj2ruXwWKlz8H/KoRaelLUW/4nsJC6C1Zfd0ZWIrHoHNdol7FglZWdq0LKxlMb8WCbaw28qUnw50vYqPg5YYn2oTpPa/RFjwd/NI2MMfPAm0ttwAhONyp/CXjZA4JNvpzyrZQ8P4r692lGFpVpQ98jeBscju0zXFbL5ic+2VVsdEPhk2Mp4oORVoGq/ojVopW1ElxeQr6Jhue9A9w+y8aIxUIEZ0zgdCHLSpHfdaaT9nc1EYmBv3G5D3GNQWBSx3RqgodS/32dwXm+nTcBR9xgfqmIBKirj7mqpg2JOa6dyfp5XXkA=="
[PHP-FPM    ] Apr  4 07:26:33 |INFO   | GLOBAL https://toot.community/actor#main-key:ActivityPhp\Server::actor 
[Web Server ] Apr  4 09:26:33 |WARN   | SERVER POST (401) /inbox host="5513-2a02-a467-568b-0-c9ba-c92d-ddac-f8a8.ngrok-free.app" ip="127.0.0.1" scheme="https"
[PHP-FPM    ] Apr  4 07:26:33 |DEBUG  | GLOBAL publicKeyPem 0="-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+0aVk+tCE530ktc30QEC\n9KdDv4MIl6n2WxIdUHEaoaerummVY70DPypMxIaTlKIRPbynjp4/YukOj7zWEzcI\nd7Kd5zreYM+ZrXPLmRvT7ONqmHTUaOv7ZjoShrDcSzbWbrj1mcQ9wAT7RmoKtq78\nl8wZ8mAGFsTvuSBZ/NElNQvxqnpKIACf64QqqpuNy7WLZ9zfZ0QneS/AmdXlZDod\nUCiKMSn5KfFenqMsDBJtUQQ/bvUl2FTaVcIeEWLlEKlmjhP6iBJUoOexpnymkZ1V\na1kGdSCMT4eMrFMEtKrzM5aS+pOnMMa6zUHc2FyEL64Zoi4+B4F9+Z/5x65ak9CE\nDwIDAQAB\n-----END PUBLIC KEY-----\n"
[PHP-FPM    ] [04-Apr-2024 07:26:33 UTC] [debug] Notified event "kernel.response" to listener "Symfony\Component\HttpKernel\EventListener\ResponseListener::onKernelResponse".
[PHP-FPM    ] [04-Apr-2024 07:26:33 UTC] [debug] Notified event "kernel.response" to listener "Symfony\Component\HttpKernel\DataCollector\RequestDataCollector::onKernelResponse".
[PHP-FPM    ] [04-Apr-2024 07:26:33 UTC] [debug] Notified event "kernel.response" to listener "Symfony\Component\HttpKernel\EventListener\CacheAttributeListener::onKernelResponse".
[PHP-FPM    ] [04-Apr-2024 07:26:33 UTC] [debug] Notified event "kernel.response" to listener "Symfony\Component\HttpKernel\EventListener\ProfilerListener::onKernelResponse".
[PHP-FPM    ] [04-Apr-2024 07:26:33 UTC] [debug] Notified event "kernel.response" to listener "Symfony\Component\HttpKernel\EventListener\ErrorListener::removeCspHeader".
[PHP-FPM    ] [04-Apr-2024 07:26:33 UTC] [debug] Notified event "kernel.response" to listener "Symfony\Bundle\WebProfilerBundle\EventListener\WebDebugToolbarListener::onKernelResponse".
[PHP-FPM    ] [04-Apr-2024 07:26:33 UTC] [debug] Notified event "kernel.response" to listener "Symfony\Component\HttpKernel\EventListener\DisallowRobotsIndexingListener::onResponse".
[PHP-FPM    ] [04-Apr-2024 07:26:33 UTC] [debug] Notified event "kernel.response" to listener "Symfony\Component\HttpKernel\EventListener\SessionListener::onKernelResponse".
[PHP-FPM    ] [04-Apr-2024 07:26:33 UTC] [debug] Notified event "kernel.finish_request" to listener "Symfony\Component\HttpKernel\EventListener\LocaleListener::onKernelFinishRequest".
[PHP-FPM    ] [04-Apr-2024 07:26:33 UTC] [debug] Notified event "kernel.finish_request" to listener "Symfony\Component\HttpKernel\EventListener\RouterListener::onKernelFinishRequest".
[PHP-FPM    ] [04-Apr-2024 07:26:33 UTC] [debug] Notified event "kernel.finish_request" to listener "Symfony\Component\HttpKernel\EventListener\LocaleAwareListener::onKernelFinishRequest".
[PHP-FPM    ] [04-Apr-2024 07:26:33 UTC] [debug] Notified event "kernel.terminate" to listener "Symfony\Component\HttpKernel\EventListener\ProfilerListener::onKernelTerminate".

I'm playing around with the idea of building an ActivityPub relay in PHP, so this request is the first follow request the Mastodon instance sends after adding it to the Relay list in the administration panel.

[mediaformat]

I also ran into this.
@landrok were you able to reproduce this with @jorijn example server?