The issue was that Java's DateTimeFormatter.RFC_1123_DATE_TIME produces
dates like 'Tue, 2 Dec 2025' (without zero-padded day) but Mastodon
requires strict RFC 1123 format with zero-padded day: 'Tue, 02 Dec 2025'.
This was causing HTTP Signature validation failures (401 Unauthorized)
because the Date header in the signed string didn't match the actual header.
Changes:
- Fixed date format in HttpSignatureValidator to use custom pattern
- Pattern: 'EEE, dd MMM yyyy HH:mm:ss GMT' with Locale.US
- Added date format test to verify correct output
- Added debug endpoint for key validation
- Explicitly set Host header in FederationService
This should fix the 401 errors when federating with Mastodon.
- Added key pair validation debug endpoint
- Verified that public/private key pairs match correctly
- Fixed HTTP Signature issue by explicitly setting Host header
- Previously relied on RestTemplate to auto-set Host, which could differ from signed value
- Now explicitly set Host header to match the value used in signature calculation
This should fix the 401 Unauthorized errors when sending activities to Mastodon
