Insure that headers are correclty cased before signature verification. (#49)

Kevin Hellemun · Kevin Hellemun · commit 6c97a238f684 · 2017-12-21T15:26:22.000+01:00
diff --git a/BunqSdk/Security/SecurityUtils.cs b/BunqSdk/Security/SecurityUtils.cs
@@ -6,6 +6,7 @@
 using System.Security;
 using System.Security.Cryptography;
 using System.Text;
+using System.Text.RegularExpressions;
 using Bunq.Sdk.Context;
 using Bunq.Sdk.Exception;
 using Bunq.Sdk.Http;
@@ -77,6 +78,11 @@ public class SecurityUtils
         /// Number of the very first index in an array or a string.
         /// </summary>
         private const int INDEX_FIRST = 0;
+        
+        /// <summary>
+        /// Regex constants.
+        /// </summary>
+        private const string REGEX_FOR_LOWERCASE_HEADERS = "(-[a-z])";
 
         /// <summary>
         /// Generates a base64-representation of RSA/SHA256/PKCS1 signature for a given RequestMessage.
@@ -127,6 +133,20 @@ private static string GenerateRequestHeadersSortedString(HttpRequestMessage requ
             );
         }
 
+        private static string GetHeaderNameCorrectyCased(string headerName)
+        {
+            headerName = headerName.ToLower();
+            headerName = headerName.First().ToString().ToUpper() + headerName.Substring(1);
+            var matches = Regex.Matches(headerName, REGEX_FOR_LOWERCASE_HEADERS);
+
+            return matches.Cast<Match>().Aggregate(
+                headerName,
+                (current, match) => current.Replace(
+                        match.Groups[INDEX_FIRST].Value, match.Groups[INDEX_FIRST].Value.ToUpper()
+                    )
+                );
+        }
+
         private static string GenerateHeadersSortedString(
             IEnumerable<KeyValuePair<string, IEnumerable<string>>> headers)
         {
@@ -307,8 +327,8 @@ private static string GenerateResponseHeadersSortedString(HttpResponseMessage re
         {
             return GenerateHeadersSortedString(
                 responseMessage.Headers.Where(x =>
-                    x.Key.StartsWith(HEADER_NAME_PREFIX_X_BUNQ) &&
-                    !x.Key.Equals(HEADER_SERVER_SIGNATURE)
+                    GetHeaderNameCorrectyCased(x.Key).StartsWith(HEADER_NAME_PREFIX_X_BUNQ) &&
+                    !GetHeaderNameCorrectyCased(x.Key).Equals(HEADER_SERVER_SIGNATURE)
                 )
             );
         }
