From 8d615eac2a9ac8cb7ffecd0af166a21473a43038 Mon Sep 17 00:00:00 2001
From: Jean-Hugues de Raigniac <jhderaigniac@pm.me>
Date: Tue, 27 Apr 2021 17:47:50 +0400
Subject: [PATCH] minor PEP 8 fixes, expired signature check (#26)

---
 requests_http_signature/__init__.py |  3 +++
 test/test.py                        | 24 +++++++++++++++++++++++-
 2 files changed, 26 insertions(+), 1 deletion(-)

diff --git a/requests_http_signature/__init__.py b/requests_http_signature/__init__.py
index 6b0f2e7..db95b6d 100644
--- a/requests_http_signature/__init__.py
+++ b/requests_http_signature/__init__.py
@@ -166,6 +166,9 @@ class HTTPSignatureAuth(requests.auth.AuthBase):
         sts = self.get_string_to_sign(request, headers, created_timestamp, expires_timestamp=expires_timestamp)
         key = key_resolver(key_id=sig_struct["keyId"], algorithm=sig_struct["algorithm"])
         Crypto(sig_struct["algorithm"]).verify(sig, sts, key)
+        if expires_timestamp is not None:
+            assert expires_timestamp > int(time.time())
+
 
 class HTTPSignatureHeaderAuth(HTTPSignatureAuth):
     """
diff --git a/test/test.py b/test/test.py
index b08c016..c8e508d 100755
--- a/test/test.py
+++ b/test/test.py
@@ -2,9 +2,11 @@
 
 from __future__ import absolute_import, division, print_function, unicode_literals
 
-import os, sys, unittest, json, logging, base64
+import os, sys, unittest, logging, base64
+from datetime import timedelta
 
 import requests
+from cryptography.fernet import Fernet
 from requests.adapters import HTTPAdapter
 
 sys.path.insert(0, os.path.abspath(os.path.join(os.path.dirname(__file__), '..'))) # noqa
@@ -13,8 +15,10 @@ from requests_http_signature import HTTPSignatureAuth, HTTPSignatureHeaderAuth,
 hmac_secret = b"monorail_cat"
 passphrase = b"passw0rd"
 
+
 class TestAdapter(HTTPAdapter):
     def __init__(self, testcase):
+        super(TestAdapter, self).__init__()
         self.testcase = testcase
 
     def send(self, request, *args, **kwargs):
@@ -33,10 +37,12 @@ class TestAdapter(HTTPAdapter):
         response.url = request.url
         return response
 
+
 class DigestlessSignatureAuth(HTTPSignatureAuth):
     def add_digest(self, request):
         pass
 
+
 class TestRequestsHTTPSignature(unittest.TestCase):
     def setUp(self):
         logging.basicConfig(level="DEBUG")
@@ -59,6 +65,22 @@ class TestRequestsHTTPSignature(unittest.TestCase):
             self.session.get(url,
                              auth=HTTPSignatureAuth(key=hmac_secret[::-1], key_id="sekret", headers=["date", "digest"]))
 
+    def test_expired_signature(self):
+        with self.assertRaises(AssertionError):
+            preshared_key_id = 'squirrel'
+            key = Fernet.generate_key()
+            one_month = timedelta(days=-30)
+            headers = ["(expires)"]
+            auth = HTTPSignatureAuth(key=key, key_id=preshared_key_id,
+                                     expires_in=one_month, headers=headers)
+
+            def key_resolver(key_id, algorithm):
+                return key
+
+            url = 'http://example.com/path'
+            response = requests.get(url, auth=auth)
+            HTTPSignatureAuth.verify(response.request, key_resolver=key_resolver)
+
     def test_rfc_examples(self):
         # The date in the RFC is wrong (2014 instead of 2012).
         # See https://github.com/joyent/node-http-signature/issues/54