Implement support for special headers (created) and (expires)

2024-06-11 20:04:41 +02:00 · 2024-06-11 20:04:41 +02:00 · d29930f310
commit d29930f310
parent a97f558d82
2 changed files with 13 additions and 6 deletions
--- a/lib/http_signatures/http_signatures.ex
+++ b/lib/http_signatures/http_signatures.ex
@ -27,7 +27,7 @@ defmodule HTTPSignatures do
  end

  def validate(headers, signature, public_key) do
-    sigstring = build_signing_string(headers, signature["headers"])
+    sigstring = build_signing_string(headers, signature["headers"], signature["created"], signature["expires"])
    Logger.debug("Signature: #{signature["signature"]}")
    Logger.debug("Sigstring: #{sigstring}")
    {:ok, sig} = Base.decode64(signature["signature"])
@ -71,13 +71,17 @@ defmodule HTTPSignatures do
    end
  end

-  def build_signing_string(headers, used_headers) do
+  def build_signing_string(headers, used_headers, created, expires) do
    used_headers
-    |> Enum.map_join("\n", fn header -> "#{header}: #{headers[header]}" end)
+    |> Enum.map_join("\n", fn
+        "(created)" -> "(created): #{created}"
+        "(expires)" -> "(expires): #{expires}"
+        header -> "#{header}: #{headers[header]}"
+       end)
  end

  def sign(private_key, key_id, headers) do
-    sigstring = build_signing_string(headers, Enum.sort(Map.keys(headers)))
+    sigstring = build_signing_string(headers, Enum.sort(Map.keys(headers)), headers["(created)"], headers["(expires)"])

    signature =
      :public_key.sign(sigstring, :sha256, private_key)
@ -87,8 +91,11 @@ defmodule HTTPSignatures do
      keyId: key_id,
      algorithm: "rsa-sha256",
      headers: Map.keys(headers) |> Enum.sort() |> Enum.join(" "),
-      signature: signature
+      signature: signature,
+      created: headers["(created)"],
+      expires: headers["(expires)"],
    ]
+    |> Enum.filter(fn {_, v} -> v != nil end)
    |> Enum.map_join(",", fn {k, v} -> "#{k}=\"#{v}\"" end)
  end
 end
--- a/test/http_signatures_test.exs
+++ b/test/http_signatures_test.exs
@ -62,7 +62,7 @@ defmodule HttpSignaturesTest do

  test "it contructs a signing string" do
    expected = "date: Thu, 05 Jan 2014 21:31:40 GMT\ncontent-length: 18"
-    assert expected == HTTPSignatures.build_signing_string(@headers, ["date", "content-length"])
+    assert expected == HTTPSignatures.build_signing_string(@headers, ["date", "content-length"], nil, nil)
  end

  test "it parses the http signature for a conn" do