From caf544e9fafcc467554f1d53223f2dfcab10fea4 Mon Sep 17 00:00:00 2001
From: Max Kukartsev <mxxk@users.noreply.github.com>
Date: Thu, 25 Jul 2024 01:31:33 -0700
Subject: [PATCH] Respect extraHeaders* options in canonical headers

---
 aws4.js      | 22 +++++++++++-----------
 test/fast.js |  4 ++--
 test/slow.js | 23 +++++++++++++++++++++++
 3 files changed, 36 insertions(+), 13 deletions(-)

diff --git a/aws4.js b/aws4.js
index 77da049..ad16239 100644
--- a/aws4.js
+++ b/aws4.js
@@ -296,21 +296,21 @@ RequestSigner.prototype.canonicalString = function() {
 }
 
 RequestSigner.prototype.canonicalHeaders = function() {
-  var headers = this.request.headers
+  var headers = this.request.headers,
+      extraHeadersToInclude = this.extraHeadersToInclude,
+      extraHeadersToIgnore = this.extraHeadersToIgnore
   function trimAll(header) {
     return header.toString().trim().replace(/\s+/g, ' ')
   }
-
-  var extraHeadersToInclude = this.extraHeadersToInclude,
-  extraHeadersToIgnore = this.extraHeadersToIgnore
-
-  return Object.keys(headers)
-    .filter(function(key) {
-      return extraHeadersToInclude[key.toLowerCase()] ||
-        (HEADERS_TO_IGNORE[key.toLowerCase()] == null && !extraHeadersToIgnore[key.toLowerCase()])
+  return Object.entries(headers)
+    .map(function(entry) { return [entry[0].toLowerCase(), entry[1]] })
+    .filter(function(entry) {
+      var key = entry[0]
+      return extraHeadersToInclude[key] ||
+        (HEADERS_TO_IGNORE[key] == null && !extraHeadersToIgnore[key])
     })
-    .sort(function(a, b) { return a.toLowerCase() < b.toLowerCase() ? -1 : 1 })
-    .map(function(key) { return key.toLowerCase() + ':' + trimAll(headers[key]) })
+    .sort(function(a, b) { return a[0] < b[0] ? -1 : 1 })
+    .map(function(entry) { return entry[0] + ':' + trimAll(entry[1]) })
     .join('\n')
 }
 
diff --git a/test/fast.js b/test/fast.js
index 1a88db4..e7fe302 100644
--- a/test/fast.js
+++ b/test/fast.js
@@ -407,7 +407,7 @@ describe('aws4', function() {
       opts.headers.Authorization.should.equal(
         'AWS4-HMAC-SHA256 Credential=ABCDEF/20121226/us-east-1/aoss/aws4_request, ' +
         'SignedHeaders=content-type;date;host;x-amz-content-sha256;x-amz-date, ' +
-        'Signature=ade8635c05bfa4961bc28be0b0a0fbfd3d64e79feb1862f822ee6a4517417bcd')
+        'Signature=742b9db3c09dbc6d29dd965fa44ec2d004d4aed4f0f4d179d0ee989c08c9bf06')
     })
   })
 
@@ -427,7 +427,7 @@ describe('aws4', function() {
       opts.headers.Authorization.should.equal(
         'AWS4-HMAC-SHA256 Credential=ABCDEF/20121226/us-east-1/someservice/aws4_request, ' +
         'SignedHeaders=date;host;range;x-amz-date, ' +
-        'Signature=8f3eba7a5743091daae62d00ce1c911c018d48f72dbdf180b15abe701718317a')
+        'Signature=8298a63e47319d57c1af6dfb5e5e5f1b30d2515ad1130d7f240b57ce94302d59')
     })
   })
 
diff --git a/test/slow.js b/test/slow.js
index 21cca65..092550a 100644
--- a/test/slow.js
+++ b/test/slow.js
@@ -132,6 +132,29 @@ void (async() => {
       'Accept-Encoding': 'gzip, deflate, br',
     },
     body: '{}',
+  }, {
+    url: 'https://dynamodb.us-east-1.amazonaws.com/',
+    headers: {
+      'Content-Type': 'application/x-amz-json-1.0',
+      'X-Amz-Target': 'DynamoDB_20120810.ListTables',
+      'Accept-Encoding': 'gzip, deflate, br',
+      'User-Agent': 'node',
+    },
+    extraHeadersToInclude: {
+      'user-agent': true,
+    },
+    body: '{}',
+  }, {
+    url: 'https://dynamodb.us-east-1.amazonaws.com/',
+    headers: {
+      'Content-Type': 'application/x-amz-json-1.0',
+      'X-Amz-Target': 'DynamoDB_20120810.ListTables',
+      'Accept-Encoding': 'gzip, deflate, br',
+    },
+    extraHeadersToIgnore: {
+      'content-type': true,
+    },
+    body: '{}',
   }, {
     service: 'appstream',
     url: 'https://appstream2.us-east-1.amazonaws.com/',