search

buckaroo-it / BuckarooSdk_DotNet

Software Development Kit which can be used for easy access to the Buckaroo API.
MIT License
6 stars 18 forks source link

Checking Signature not working #61

Open dirkstraathof opened 1 year ago

dirkstraathof commented 1 year ago

I'm using sample code from the Test project to calculate the signature and check if the push message is valid. But I can't get it to work.

This is my test code 

// JSON push as it is received by the client system.
try
{
    SdkClient BuckarooClient = new SdkClient();
    PushHandler pushHandler = BuckarooClient.GetPushHandler("xkduEg374bs63nsiGFs");

    var bodyAsBytes = Encoding.UTF8.GetBytes(requestBody);           // DEZE IS BELANGRIJK: BERICHT AS BYTE[]

    // calculate UNIX time
    var epochStart = new DateTime(1970, 01, 01, 0, 0, 0, 0, DateTimeKind.Utc);
    var timeSpan = DateTime.UtcNow - epochStart;
    var requestTimeStamp = Convert.ToUInt64(timeSpan.TotalSeconds).ToString();
    // create random nonce for each request

    var pushSignature = BuckarooClient.GetSignatureCalculationService().CalculateSignature(bodyAsBytes, HttpMethod.Post.ToString(),
        requestTimeStamp, Guid.NewGuid().ToString("N"),
        "https://5rmj616c-7142.euw.devtunnels.ms/api/BuckarooPush?code=rP_gjf0lzLaP8a1vn99A0-mLd-eM9V3enM1JgjAxFFVBAzFuB3uxAQ==", "ahpfM7jwcb", "xkduEg374bs63nsiGFs");

    var authorizationheader = $"hmac {pushSignature}";              // DEZE IS BELANGRIJK: SIGNATURE

    // Function that returns a structured push, based on the JSON pushed that is received.
    var push = pushHandler.DeserializePush(bodyAsBytes, "https://5rmj616c-7142.euw.devtunnels.ms/api/BuckarooPush?code=rP_gjf0lzLaP8a1vn99A0-mLd-eM9V3enM1JgjAxFFVBAzFuB3uxAQ==", authorizationheader);

    var service = push.GetServices();

    var responseData = push.GetActionResponse<IdealPayPush>();
}
catch (Exception ex)
{
    string s = ex.ToString();
}

And this is the error I'm receiving: System.Security.Authentication.AuthenticationException: System error. at BuckarooSdk.Base.PushHandler.DeserializePush(Byte[] body, String requestUri, String authorizationHeader)

Can anybody point me in the right directory on how to handle this?

Michael-Buckaroo commented 1 year ago

I haven't tested it, but my first guess would be that the requestUri is manipulated inside DeserializePush, while i did not spot the same in the CalculateSignature code path. I'm not familiar with the code base of this project though and was just quickly scanning through it, so i might have missed it somewhere (or it might have no effect at all). Just thinking out loud in the hope it helps! :)

Will create a ticket internally for this too.

gerardva commented 1 year ago

As @Michael-Buckaroo mentioned the issue seems to be with the requestUri. The issue for me was that the requestUri input parameter for the CalculateSignature function needed to be url encoded and made lowercase first. So i fixed it like this: CalculateSignature(.., ..., ..., ..., WebUtility.UrlEncode(requestUri).ToLowerInvariant(), ..., ...)

dirkstraathof commented 1 year ago

As @Michael-Buckaroo mentioned the issue seems to be with the requestUri. The issue for me was that the requestUri input parameter for the CalculateSignature function needed to be url encoded and made lowercase first. So i fixed it like this: CalculateSignature(.., ..., ..., ..., WebUtility.UrlEncode(requestUri).ToLowerInvariant(), ..., ...)

Thanks, I will test this at the next service moment for the App. Maybe the documentation for the Buckaroo package can be clarified @Michael-Buckaroo? Looks like something you miss easily when trying to make this work.