Skip to content

Commit

Permalink
fix test on header signing (bunq#93)
Browse files Browse the repository at this point in the history
  • Loading branch information
tubbynl committed Jun 17, 2018
1 parent 6486716 commit ffb56ad
Show file tree
Hide file tree
Showing 3 changed files with 42 additions and 48 deletions.
24 changes: 21 additions & 3 deletions src/main/java/com/bunq/sdk/http/BunqBasicHeader.java
Original file line number Diff line number Diff line change
Expand Up @@ -2,16 +2,23 @@

import okhttp3.Response;

import java.util.Optional;
import java.util.stream.Collectors;
import java.util.stream.Stream;

public class BunqBasicHeader {
private static final String DELIMITER_HEADER_NAME_AND_VALUE = ": ";
private static final String NEWLINE = "\n";

private final BunqHeader name;
private final String value;

public static BunqBasicHeader get(BunqHeader header,Response response) {
return new BunqBasicHeader(header,response.header(header.getHeader()));
}

public BunqBasicHeader(String name, String value) {
this(BunqHeader.parse(name).get(),value);
public static Optional<BunqBasicHeader> get(String header, String value) {
return BunqHeader.parse(header).map(h->new BunqBasicHeader(h,value));
}

public BunqBasicHeader(BunqHeader name, String value) {
Expand All @@ -26,4 +33,15 @@ public BunqHeader getName() {
public String getValue() {
return value;
}
}

private String forSigning() {
return getName().getHeader()+DELIMITER_HEADER_NAME_AND_VALUE+getValue();
}

public static String collectForSigning(Stream<BunqBasicHeader> headers) {
return headers
.map(BunqBasicHeader::forSigning)
.sorted()
.collect(Collectors.joining(NEWLINE));
}
}
14 changes: 3 additions & 11 deletions src/main/java/com/bunq/sdk/http/BunqRequestBuilder.java
Original file line number Diff line number Diff line change
Expand Up @@ -80,8 +80,7 @@ public BunqRequestBuilder url(URL url) {
*/
@Override
public BunqRequestBuilder header(String name, String value) {
this.allHeader.add(new BunqBasicHeader(name, value));

BunqBasicHeader.get(name,value).ifPresent(this.allHeader::add);
return (BunqRequestBuilder) super.header(name, value);
}

Expand All @@ -90,8 +89,7 @@ public BunqRequestBuilder header(String name, String value) {
*/
@Override
public BunqRequestBuilder addHeader(String name, String value) {
this.allHeader.add(new BunqBasicHeader(name, value));

BunqBasicHeader.get(name,value).ifPresent(this.allHeader::add);
return (BunqRequestBuilder) super.addHeader(name, value);
}

Expand Down Expand Up @@ -205,13 +203,7 @@ public BunqRequestBody getBody() {

/**
*/
public List<BunqBasicHeader> getAllHeaderAsList() {
public List<BunqBasicHeader> getAllHeader() {
return this.allHeader;
}

/**
*/
public BunqBasicHeader[] getAllHeaderAsArray() {
return this.allHeader.toArray(new BunqBasicHeader[this.allHeader.size()]);
}
}
52 changes: 18 additions & 34 deletions src/main/java/com/bunq/sdk/security/SecurityUtils.java
Original file line number Diff line number Diff line change
Expand Up @@ -30,12 +30,7 @@
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Base64;
import java.util.List;
import java.util.Map;
import java.util.stream.Collectors;
import java.util.*;

/**
* Static lib containing methods for handling encryption.
Expand Down Expand Up @@ -127,7 +122,6 @@ public final class SecurityUtils {
* Delimiter constants for building the data to sign.
*/
private static final String DELIMITER_METHOD_PATH = " ";
private static final String DELIMITER_HEADER_NAME_AND_VALUE = ": ";

/**
* The index of the first item in an array.
Expand Down Expand Up @@ -386,16 +380,14 @@ private static byte[] getEntityBodyBytes(BunqRequestBuilder requestBuilder) thro
}

private static String generateRequestHeadersSortedString(BunqRequestBuilder bunqRequestBuilder) {
return Arrays.stream(bunqRequestBuilder.getAllHeaderAsArray())
.filter(
return BunqBasicHeader.collectForSigning(bunqRequestBuilder.getAllHeader()
.stream()
.filter(
header ->
header.getName().isBunq() ||
header.getName().equals(BunqHeader.cacheControl) ||
header.getName().equals(BunqHeader.userAgent)
)
.map(header -> header.getName() + DELIMITER_HEADER_NAME_AND_VALUE + header.getValue())
.sorted()
.collect(Collectors.joining(NEWLINE));
));
}

/**
Expand Down Expand Up @@ -486,19 +478,14 @@ private static byte[] getResponseBytes(
List<BunqBasicHeader> allResponseHeader = new ArrayList<>();

for (int i = INDEX_FIRST; i < allHeader.names().size(); i++) {
if (BunqHeader.serverSignature.getHeader().equals(allHeader.name(i))) {
continue;
Optional<BunqBasicHeader> header = BunqBasicHeader.get(allHeader.name(i),allHeader.get(allHeader.name(i)));
if(header.isPresent() && !BunqHeader.serverSignature.equals(header.get().getName())) {
allResponseHeader.add(header.get());
}
allResponseHeader.add(new BunqBasicHeader(allHeader.name(i),allHeader.get(allHeader.name(i))));
}

try {
outputStream.write(
getResponseHeadBytes(
responseCode,
allResponseHeader.toArray(new BunqBasicHeader[allResponseHeader.size()])
)
);
outputStream.write(getResponseHeadBytes(responseCode,allResponseHeader));
outputStream.write(responseBodyBytes);
} catch (IOException exception) {
throw new UncaughtExceptionError(exception);
Expand All @@ -507,23 +494,20 @@ private static byte[] getResponseBytes(
return outputStream.toByteArray();
}

private static byte[] getResponseHeadBytes(int responseCode, BunqBasicHeader[] responseHeaders) {
private static byte[] getResponseHeadBytes(int responseCode, List<BunqBasicHeader> responseHeaders) {
String requestHeadString = responseCode + NEWLINE +
generateResponseHeadersSortedString(responseHeaders) + NEWLINE + NEWLINE;

return requestHeadString.getBytes();
}

private static String generateResponseHeadersSortedString(BunqBasicHeader[] responseHeaders) {
return Arrays.stream(responseHeaders)
.filter(
header ->
header.getName().isBunq() &&
!header.getName().equals(BunqHeader.serverSignature)
)
.map(header -> header.getName() + DELIMITER_HEADER_NAME_AND_VALUE + header.getValue())
.sorted()
.collect(Collectors.joining(NEWLINE));
private static String generateResponseHeadersSortedString(List<BunqBasicHeader> headers) {
return BunqBasicHeader.collectForSigning(headers
.stream()
.filter(
header ->
header.getName().isBunq() &&
!header.getName().equals(BunqHeader.serverSignature)
));
}

}

0 comments on commit ffb56ad

Please sign in to comment.