Topic/convert headers to lowercase when calculating signature (#179)

* Convert headers to lowercase when calculating signature via HttpSignatureHeaders::forConfig. guzzle/nyholm psr7 libraries infer the "Host" header (capitalized) from the URI if not explicitly specified. User may also specify other headers which aren't already lowercased.

Amazon requires header names to be lowercased before generating the hash: https://docs.aws.amazon.com/general/latest/gr/sigv4-create-canonical-request.html

"To create the canonical headers list, convert all header names to lowercase ...".

Mixed header case was already somewhat handled but inconsistent across different functions.

* Added test for somewhat validating header names are converted to lowercase.

* Fixed failing test.

Author: raing3

src/AmazonPHP/SellingPartner/HttpSignatureHeaders.php

@@ -73,7 +73,9 @@ public static function forConfig(
         $canonicalHeaders = [];
 
         foreach ($allHeaders as $headerName => $headerValue) {
-            if (\in_array(\strtolower($headerName), $blacklistHeaders, true)) {
+            $headerName = \strtolower($headerName);
+
+            if (\in_array($headerName, $blacklistHeaders, true)) {
                 continue;
             }
 
@@ -204,17 +206,19 @@ public static function raw(
         $canonicalHeaders = [];
 
         foreach ($allHeaders as $headerName => $headerValue) {
-            if (\in_array(\strtolower($headerName), $blacklistHeaders, true)) {
+            $headerName = \strtolower($headerName);
+
+            if (\in_array($headerName, $blacklistHeaders, true)) {
                 continue;
             }
 
-            $canonicalHeaders[\strtolower($headerName)] = $headerValue;
+            $canonicalHeaders[$headerName] = $headerValue;
 
             if (\count($headerValue) > 0) {
                 \sort($headerValue);
             }
 
-            $canonicalHeadersStr .= \strtolower($headerName) . ':' . \implode(',', $headerValue) . "\n";
+            $canonicalHeadersStr .= $headerName . ':' . \implode(',', $headerValue) . "\n";
         }
 
         $signedHeadersStr = \implode(';', \array_keys($canonicalHeaders));

tests/AmazonPHP/SellingPartner/Tests/Unit/HttpSignatureHeadersTest.php

@@ -0,0 +1,54 @@
+<?php
+
+namespace AmazonPHP\Test\AmazonPHP\SellingPartner\Tests\Unit;
+
+use AmazonPHP\SellingPartner\AccessToken;
+use AmazonPHP\SellingPartner\Configuration;
+use AmazonPHP\SellingPartner\HttpSignatureHeaders;
+use AmazonPHP\SellingPartner\Regions;
+use Nyholm\Psr7\Request;
+use PHPUnit\Framework\TestCase;
+
+class HttpSignatureHeadersTest extends TestCase
+{
+    private ?Configuration $configuration;
+
+    private ?AccessToken $accessToken;
+
+    protected function setUp(): void
+    {
+        $this->configuration = Configuration::forIAMUser('testId', 'testSecret', 'testAccessKey', 'testSecretKey');
+        $this->accessToken   = new AccessToken('testAccessToken', 'testRefreshToken', 'bearer', 3600, 'refresh_token');
+    }
+
+    protected function tearDown(): void
+    {
+        $this->configuration = null;
+        $this->accessToken   = null;
+    }
+
+    public function test_converts_header_names_to_lowercase(): void
+    {
+        $shortDate = gmdate('Ymd');
+        $request = new Request(
+            'GET',
+            'https://sellingpartnerapi-fe.amazon.com/sellers/v1/marketplaceParticipations',
+            // both guzzlehttp/psr7 and nyholm/psr7 infer the host from the URI as "Host" (capitalized).
+            // explicitly specifying uppercase in-case behaviour of the PSR7 library used in the test changes.
+            ['Host' => ['sellingpartnerapi-fe.amazon.com']]
+        );
+        $signedRequest = HttpSignatureHeaders::forConfig(
+            $this->configuration,
+            $this->accessToken,
+            Regions::FAR_EAST,
+            $request
+        );
+
+        $this->assertMatchesRegularExpression(
+            "#^AWS4-HMAC-SHA256 Credential=testAccessKey/$shortDate/us-west-2/execute-api/aws4_request, " .
+            "SignedHeaders=host;x-amz-access-token;x-amz-date, " .
+            "Signature=[0-9a-f]{64}$#",
+            $signedRequest->getHeader('Authorization')[0]
+        );
+    }
+}