Ensuring content-md5 is signed

src/Aws/Common/Signature/SignatureV4.php

@@ -303,6 +303,12 @@ private function createPresignedRequest(
      */
     private function createSigningContext(RequestInterface $request, $payload)
     {
+        $signable = array(
+            'host'        => true,
+            'date'        => true,
+            'content-md5' => true
+        );
+
         // Normalize the path as required by SigV4 and ensure it's absolute
         $canon = $request->getMethod() . "\n"
             . $this->createCanonicalizedPath($request) . "\n"
@@ -312,10 +318,7 @@ private function createSigningContext(RequestInterface $request, $payload)
 
         foreach ($request->getHeaders()->getAll() as $key => $values) {
             $key = strtolower($key);
-            if ($key == 'host'
-                || $key == 'date'
-                || substr($key, 0, 6) === 'x-amz-'
-            ) {
+            if (isset($signable[$key]) || substr($key, 0, 6) === 'x-amz-') {
                 $values = $values->toArray();
                 if (count($values) == 1) {
                     $values = $values[0];

tests/Aws/Tests/Common/Signature/SignatureV4Test.php

@@ -357,5 +357,20 @@ public function testEnsuresMethodIsPost()
         $request = new EntityEnclosingRequest('PUT', 'http://foo.com');
         SignatureV4::convertPostToGet($request);
     }
+
+    public function testSignSpecificHeaders()
+    {
+        $sig = new SignatureV4('foo', 'bar');
+        $creds = new Credentials('a', 'b');
+        $req = new Request('PUT', 'http://foo.com', array(
+            'date' => 'today',
+            'host' => 'foo.com',
+            'x-amz-foo' => '123',
+            'content-md5' => 'bogus'
+        ));
+        $sig->signRequest($req, $creds);
+        $creq = $req->getParams()->getPath('aws.signature/canonical_request');
+        $this->assertContains('content-md5;date;host;x-amz-foo', $creq);
+    }
 }
 }