Merge pull request #59 from bunq/feature/make_sure_headers_are_correctly_cased_bunq/sdk_csharp#49

andrederoos · web-flow · commit 9e66f21262b8 · 2017-12-21T17:02:22.000+01:00
Insure that headers are correctly cased before signature verification…
diff --git a/BunqSdk/Security/SecurityUtils.cs b/BunqSdk/Security/SecurityUtils.cs
@@ -6,6 +6,7 @@
 using System.Security;
 using System.Security.Cryptography;
 using System.Text;
+using System.Text.RegularExpressions;
 using Bunq.Sdk.Context;
 using Bunq.Sdk.Exception;
 using Bunq.Sdk.Http;
@@ -78,6 +79,16 @@ public class SecurityUtils
         /// </summary>
         private const int INDEX_FIRST = 0;
 
+        /// <summary>
+        /// The index after the firts character in a string. 
+        /// </summary>
+        private const int INDEX_LAST_FIRST_CHAR = 1;
+        
+        /// <summary>
+        /// Regex constants.
+        /// </summary>
+        private const string REGEX_FOR_LOWERCASE_HEADERS = "(-[a-z])";
+
         /// <summary>
         /// Generates a base64-representation of RSA/SHA256/PKCS1 signature for a given RequestMessage.
         /// </summary>
@@ -127,6 +138,20 @@ private static string GenerateRequestHeadersSortedString(HttpRequestMessage requ
             );
         }
 
+        private static string GetHeaderNameCorrectlyCased(string headerName)
+        {
+            headerName = headerName.ToLower();
+            headerName = headerName.First().ToString().ToUpper() + headerName.Substring(INDEX_LAST_FIRST_CHAR);
+            var matches = Regex.Matches(headerName, REGEX_FOR_LOWERCASE_HEADERS);
+
+            return matches.Cast<Match>().Aggregate(
+                headerName,
+                (current, match) => current.Replace(
+                        match.Groups[INDEX_FIRST].Value, match.Groups[INDEX_FIRST].Value.ToUpper()
+                    )
+                );
+        }
+
         private static string GenerateHeadersSortedString(
             IEnumerable<KeyValuePair<string, IEnumerable<string>>> headers)
         {
@@ -307,8 +332,8 @@ private static string GenerateResponseHeadersSortedString(HttpResponseMessage re
         {
             return GenerateHeadersSortedString(
                 responseMessage.Headers.Where(x =>
-                    x.Key.StartsWith(HEADER_NAME_PREFIX_X_BUNQ) &&
-                    !x.Key.Equals(HEADER_SERVER_SIGNATURE)
+                    GetHeaderNameCorrectlyCased(x.Key).StartsWith(HEADER_NAME_PREFIX_X_BUNQ) &&
+                    !GetHeaderNameCorrectlyCased(x.Key).Equals(HEADER_SERVER_SIGNATURE)
                 )
             );
         }
