From 9bec20223211100895ce69a9c3abca99ecc4a326 Mon Sep 17 00:00:00 2001 From: Michael Date: Mon, 14 Jan 2019 16:33:23 +0000 Subject: [PATCH] Adding the date to signed get requests as well --- src/Util/HTTPSignature.php | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/src/Util/HTTPSignature.php b/src/Util/HTTPSignature.php index 32785a60aa..db1ea90dcb 100644 --- a/src/Util/HTTPSignature.php +++ b/src/Util/HTTPSignature.php @@ -336,14 +336,15 @@ class HTTPSignature // Header data that is about to be signed. $host = parse_url($request, PHP_URL_HOST); $path = parse_url($request, PHP_URL_PATH); + $date = DateTimeFormat::utcNow(DateTimeFormat::HTTP); - $headers = ['Host: ' . $host]; + $headers = ['Date: ' . $date, 'Host: ' . $host]; - $signed_data = "(request-target): get " . $path . "\nhost: " . $host; + $signed_data = "(request-target): get " . $path . "\ndate: ". $date . "\nhost: " . $host; $signature = base64_encode(Crypto::rsaSign($signed_data, $owner['uprvkey'], 'sha256')); - $headers[] = 'Signature: keyId="' . $owner['url'] . '#main-key' . '",algorithm="rsa-sha256",headers="(request-target) host",signature="' . $signature . '"'; + $headers[] = 'Signature: keyId="' . $owner['url'] . '#main-key' . '",algorithm="rsa-sha256",headers="(request-target) date host",signature="' . $signature . '"'; $headers[] = 'Accept: application/activity+json, application/ld+json';