From be1a06112244c53e0a89690f1d5eaf1b4fc0b036 Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Thu, 15 Aug 2019 10:08:18 +0100
Subject: [PATCH] Include date in http signature

---
 httpsig.py | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/httpsig.py b/httpsig.py
index 6e229816..1564fee0 100644
--- a/httpsig.py
+++ b/httpsig.py
@@ -14,6 +14,7 @@ from Crypto.Signature import pkcs1_15
 from requests.auth import AuthBase
 import base64
 import json
+from time import gmtime, strftime
 
 def signPostHeaders(privateKeyPem: str, nickname: str, domain: str, \
                     port: int,path: str, \
@@ -30,7 +31,7 @@ def signPostHeaders(privateKeyPem: str, nickname: str, domain: str, \
     else:
         bodyDigest = \
             base64.b64encode(SHA256.new(messageBodyJson.encode()).digest())
-        headers = {'host': domain, 'digest': f'SHA-256={bodyDigest}'}
+        headers = {'host': domain, 'date': strftime("%a, %d %b %Y %H:%M:%S %Z", gmtime()),'digest': f'SHA-256={bodyDigest}'}
     privateKeyPem = RSA.import_key(privateKeyPem)
     headers.update({
         '(request-target)': f'post {path}',
@@ -72,7 +73,7 @@ def createSignedHeader(privateKeyPem: str,nickname: str,domain: str,port: int, \
         messageBodyJsonStr=json.dumps(messageBodyJson)
         bodyDigest = \
             base64.b64encode(SHA256.new(messageBodyJsonStr.encode()).digest())
-        headers = {'host': headerDomain, 'digest': f'SHA-256={bodyDigest}'}        
+        headers = {'host': headerDomain, 'date': strftime("%a, %d %b %Y %H:%M:%S %Z", gmtime()), 'digest': f'SHA-256={bodyDigest}'}        
     path='/inbox'
     signatureHeader = signPostHeaders(privateKeyPem, nickname, domain, port, \
                                       path, httpPrefix, None)