verify required headers are signed

inc/iSchedule.php

@@ -34,10 +34,10 @@ class iSchedule
   private $failOnError = true;
   private $subdomainsOK = true;
   private $remote_public_key ;
-  private $required_headers = Array ( 'Host',  // draft 01 section 7.1 required headers
+  private $required_headers = Array ( 'host',  // draft 01 section 7.1 required headers
-                                      'Originator', 
+                                      'originator', 
-                                      'Recipient', 
+                                      'recipient', 
-                                      'Content-Type' );
+                                      'content-type' );
   private $disallowed_headers = Array ( 'connection',  // draft 01 section 7.1 disallowed headers
                                         'keep-alive', 
                                         'dkim-signature', 
@@ -539,9 +539,16 @@ class iSchedule
       return 'missing list of signed headers';
     $this->signed_headers = preg_split ( '/:/', $dkim['h'] );
     
+    $sh = Array ();
     foreach ( $this->signed_headers as $h )
+    {
+      $sh[] = strtolower ( $h );
       if ( in_array ( strtolower ( $h ), $this->disallowed_headers ) )
         return "$h is NOT allowed in signed header fields per RFC4871 or iSchedule";
+    }
+    foreach ( $this->required_headers as $h )
+      if ( ! in_array ( strtolower ( $h ), $sh ) )
+        return "$h is REQUIRED but missing in signed header fields per iSchedule";
     // body hash REQUIRED
     if ( ! isset ( $dkim['bh'] ) ) 
       return 'missing body signature';