From 5d1a7628fd83b8c7ffbe0d1e044fcf7f4cee4835 Mon Sep 17 00:00:00 2001
From: Jean-Hugues de Raigniac <jhderaigniac@multiply.cloud>
Date: Mon, 26 Apr 2021 13:46:11 +0400
Subject: [PATCH] verify expiration date

---
 requests_http_signature/__init__.py | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/requests_http_signature/__init__.py b/requests_http_signature/__init__.py
index 6b0f2e7..1c2a829 100644
--- a/requests_http_signature/__init__.py
+++ b/requests_http_signature/__init__.py
@@ -166,6 +166,9 @@ class HTTPSignatureAuth(requests.auth.AuthBase):
         sts = self.get_string_to_sign(request, headers, created_timestamp, expires_timestamp=expires_timestamp)
         key = key_resolver(key_id=sig_struct["keyId"], algorithm=sig_struct["algorithm"])
         Crypto(sig_struct["algorithm"]).verify(sig, sts, key)
+        if expires_timestamp is not None:
+            assert expires_timestamp > created_timestamp
+
 
 class HTTPSignatureHeaderAuth(HTTPSignatureAuth):
     """