diff --git a/index.php b/index.php index a7c2d14..db7e929 100644 --- a/index.php +++ b/index.php @@ -775,10 +775,12 @@ HTML; // Get the headers send with the request $headers = getallheaders(); + // Ensure the header keys match the format expected by the signature + $headers = array_change_key_case( $headers, CASE_LOWER ); // Validate the timestamp is within ±30 seconds - if ( !isset( $headers["Date"] ) ) { return null; } // No date set - $dateHeader = $headers["Date"]; + if ( !isset( $headers["date"] ) ) { return null; } // No date set + $dateHeader = $headers["date"]; $headerDatetime = DateTime::createFromFormat('D, d M Y H:i:s T', $dateHeader); $currentDatetime = new DateTime(); @@ -802,7 +804,7 @@ HTML; // Validate the Digest // It is the hash of the raw input string, in binary, encoded as base64 - $digestString = $headers["Digest"]; + $digestString = $headers["digest"]; // Usually in the form `SHA-256=Ofv56Jm9rlowLR9zTkfeMGLUG1JYQZj0up3aRPZgT0c=` // The Base64 encoding may have multiple `=` at the end. So split this at the first `=` $digestData = explode( "=", $digestString, 2 ); @@ -839,7 +841,7 @@ HTML; } // Examine the signature - $signatureHeader = $headers["Signature"]; + $signatureHeader = $headers["signature"]; // Extract key information from the Signature header $signatureParts = []; @@ -856,14 +858,13 @@ HTML; foreach ($signatureHeaders as $signatureHeader) { if ( "(request-target)" == $signatureHeader ) { $method = strtolower( $_SERVER["REQUEST_METHOD"] ); - $target = strtolower( $_SERVER["REQUEST_URI"] ); + $target = $_SERVER["REQUEST_URI"]; $signatureString .= "(request-target): {$method} {$target}\n"; } else if ( "host" == $signatureHeader ) { $host = strtolower( $_SERVER["HTTP_HOST"] ); $signatureString .= "host: {$host}\n"; } else { - // In the HTTP header, the keys use Title Case - $signatureString .= "{$signatureHeader}: " . $headers[ ucwords( $signatureHeader, "-" ) ] . "\n"; + $signatureString .= "{$signatureHeader}: " . $headers[$signatureHeader] . "\n"; } }