From a5d5dde58b47af73a058d84957c617efd110113a Mon Sep 17 00:00:00 2001
From: Jean-Hugues de Raigniac <jhderaigniac@multiply.cloud>
Date: Mon, 26 Apr 2021 15:30:46 +0400
Subject: [PATCH] expired signature test added, check corrected

---
 requests_http_signature/__init__.py |  2 +-
 test/test.py                        | 17 +++++++++++++++++
 2 files changed, 18 insertions(+), 1 deletion(-)

diff --git a/requests_http_signature/__init__.py b/requests_http_signature/__init__.py
index 1c2a829..db95b6d 100644
--- a/requests_http_signature/__init__.py
+++ b/requests_http_signature/__init__.py
@@ -167,7 +167,7 @@ class HTTPSignatureAuth(requests.auth.AuthBase):
         key = key_resolver(key_id=sig_struct["keyId"], algorithm=sig_struct["algorithm"])
         Crypto(sig_struct["algorithm"]).verify(sig, sts, key)
         if expires_timestamp is not None:
-            assert expires_timestamp > created_timestamp
+            assert expires_timestamp > int(time.time())
 
 
 class HTTPSignatureHeaderAuth(HTTPSignatureAuth):
diff --git a/test/test.py b/test/test.py
index d2ab029..75518a4 100755
--- a/test/test.py
+++ b/test/test.py
@@ -3,6 +3,7 @@
 from __future__ import absolute_import, division, print_function
 
 import os, sys, unittest, logging, base64
+from datetime import timedelta
 
 import requests
 from requests.adapters import HTTPAdapter
@@ -65,6 +66,22 @@ class TestRequestsHTTPSignature(unittest.TestCase):
             self.session.get(url,
                              auth=HTTPSignatureAuth(key=hmac_secret[::-1], key_id="sekret", headers=["date", "digest"]))
 
+    def test_expired_signature(self):
+        with self.assertRaises(AssertionError):
+            preshared_key_id = 'squirrel'
+            preshared_secret = 'monorail_cat'
+            one_month = timedelta(days=-30)
+            headers = ["(expires)"]
+            auth = HTTPSignatureAuth(key=preshared_secret, key_id=preshared_key_id,
+                                     expires_in=one_month, headers=headers)
+
+            def key_resolver(key_id, algorithm):
+                return preshared_secret
+
+            url = 'http://example.com/path'
+            response = requests.get(url, auth=auth)
+            HTTPSignatureAuth.verify(response.request, key_resolver=key_resolver)
+
     def test_rfc_examples(self):
         # The date in the RFC is wrong (2014 instead of 2012).
         # See https://github.com/joyent/node-http-signature/issues/54