Open ioggstream opened 5 years ago
Actually, it seems there is an inconsistency within C.3. All headers test. 1) the signing string is (request-target): post /foo?param=value&pet=dog host: example.com date: Sun, 05 Jan 2014 21:31:40 GMT content-type: application/json digest: SHA-256=X48E9qOokqqrvdts8nOJRJN3OWDUoyWxBf7kbu9DBPE= content-length: 18
2) the authorization header is Authorization: Signature keyId="Test",algorithm="rsa-sha256", created=1402170695, expires=1402170699, headers="(request-target) (created) (expires) host date content-type digest content-length", signature="vSdrb+dS3EceC9bcwHSo4MlyKS59iFIrhgYkz8+oVLEEzmYZZvRs 8rgOp+63LEM3v+MFHB32NfpB2bEKBIvB1q52LaEUHFv120V01IL+TAD48XaERZF ukWgHoBTLMhYS2Gb51gWxpeIq8knRmPnYePbF5MOkR0Zkly4zKH7s1dE="
So:
@hrobache Right. After adding created,expires I have to regenerate the signature value too. I'll try to do it soon
This PR
Adds missing virtual headers in signature string:
(created) (expires)
.Fixes: #68