diff --git a/daemon.py b/daemon.py index 9b3da6fc3..ff6562e19 100644 --- a/daemon.py +++ b/daemon.py @@ -729,7 +729,9 @@ class PubServer(BaseHTTPRequestHandler): return False # verify the GET request without any digest - if verifyPostHeaders(self.server.httpPrefix, pubKey, self.headers, + if verifyPostHeaders(self.server.httpPrefix, + self.server.domainFull, + pubKey, self.headers, self.path, True, None, '', self.server.debug): return True diff --git a/httpsig.py b/httpsig.py index 779855eda..3b1623019 100644 --- a/httpsig.py +++ b/httpsig.py @@ -272,7 +272,8 @@ def _verifyRecentSignature(signedDateStr: str) -> bool: return True -def verifyPostHeaders(httpPrefix: str, publicKeyPem: str, headers: dict, +def verifyPostHeaders(httpPrefix: str, + publicKeyPem: str, headers: dict, path: str, GETmethod: bool, messageBodyDigest: str, messageBodyJsonStr: str, debug: bool, @@ -366,6 +367,17 @@ def verifyPostHeaders(httpPrefix: str, publicKeyPem: str, headers: dict, elif '@method' in signedHeader: appendStr = f'@expires: {method}' signedHeaderList.append(appendStr) + elif '@scheme' in signedHeader: + signedHeaderList.append('@scheme: http') + elif '@authority' in signedHeader: + authorityStr = None + if signatureDict.get('authority'): + authorityStr = str(signatureDict['authority']) + elif signatureDict.get('Authority'): + authorityStr = str(signatureDict['Authority']) + if authorityStr: + appendStr = f'@authority: {authorityStr}' + signedHeaderList.append(appendStr) elif signedHeader == 'algorithm': if headers.get(signedHeader): algorithm = headers[signedHeader]