Fixing SMS Signing for Hash and adding HMAC SMS signing

Vonage · Oct 9, 2019 · 929c3bc · 929c3bc
1 parent 79b5551
commit 929c3bc
Show file tree

Hide file tree

Showing 2 changed files with 68 additions and 7 deletions.
diff --git a/Nexmo.Api/Request/ApiRequest.cs b/Nexmo.Api/Request/ApiRequest.cs
@@ -26,6 +26,19 @@ private static StringBuilder BuildQueryString(IDictionary<string, string> parame
             var apiKey = (creds?.ApiKey ?? Configuration.Instance.Settings["appSettings:Nexmo.api_key"]).ToLower();
             var apiSecret = creds?.ApiSecret ?? Configuration.Instance.Settings["appSettings:Nexmo.api_secret"];
             var securitySecret = creds?.SecuritySecret ?? Configuration.Instance.Settings["appSettings:Nexmo.security_secret"];
+            Credentials.SigningMethod method;
+            if (creds?.Method != null)
+            {
+                method = creds.Method;
+            }
+            else if(Enum.TryParse(Configuration.Instance.Settings["appSettings:Nexmo.signing_method"], out method))
+            {
+                //left blank intentionally
+            }
+            else
+            {
+                method = Credentials.SigningMethod.md5hash;
+            }
 
             var sb = new StringBuilder();
             Action<IDictionary<string, string>, StringBuilder> buildStringFromParams = (param, strings) =>
@@ -43,15 +56,11 @@ private static StringBuilder BuildQueryString(IDictionary<string, string> parame
                 buildStringFromParams(parameters, sb);
                 return sb;
             }
-            // security secret provided, sort and sign request
             parameters.Add("timestamp", ((int)(DateTime.UtcNow - new DateTime(1970, 1, 1, 0, 0, 0, DateTimeKind.Utc)).TotalSeconds).ToString(CultureInfo.InvariantCulture));
             var sortedParams = new SortedDictionary<string, string>(parameters);
             buildStringFromParams(sortedParams, sb);
-            var queryToSign = "&" + sb;
-            queryToSign = queryToSign.Remove(queryToSign.Length - 1) + securitySecret.ToUpper();
-            var hashgen = MD5.Create();
-            var hash = hashgen.ComputeHash(Encoding.UTF8.GetBytes(queryToSign));
-            sb.AppendFormat("sig={0}", ByteArrayToHexHelper.ByteArrayToHex(hash).ToLower());
+            var signature = Credentials.GenerateSignature(sb.ToString(), securitySecret, method);
+            sb.AppendFormat("sig={0}", signature);
             return sb;
         }
 

diff --git a/Nexmo.Api/Request/Credentials.cs b/Nexmo.Api/Request/Credentials.cs
@@ -1,7 +1,21 @@
-namespace Nexmo.Api.Request
+using System.Security.Cryptography;
+using System.Text;
+
+namespace Nexmo.Api.Request
 {
     public class Credentials
     {
+
+        public enum SigningMethod
+        {
+            md5hash,
+            md5,
+            sha1,
+            sha256,
+            sha512
+        }
+
+        public SigningMethod Method { get; set; }
         /// <summary>
         /// Nexmo API Key (from your account dashboard)
         /// </summary>
@@ -29,6 +43,44 @@ public class Credentials
         /// </summary>
         public string AppUserAgent { get; set; }
 
+        public static string GenerateSignature(string query, string securitySecret, Credentials.SigningMethod method)
+        {
+            var queryToSign = "&" + query;
+            queryToSign = queryToSign.Remove(queryToSign.Length - 1);
+            // security secret provided, sort and sign request
+            if (method == Credentials.SigningMethod.md5hash)
+            {
+                queryToSign += securitySecret;
+                var hashgen = MD5.Create();
+                var hash = hashgen.ComputeHash(Encoding.UTF8.GetBytes(queryToSign));
+                return ByteArrayToHexHelper.ByteArrayToHex(hash).ToLower();
+            }
+            else
+            {
+                var securityBytes = Encoding.UTF8.GetBytes(securitySecret);
+                var input = Encoding.UTF8.GetBytes(queryToSign);
+                HMAC hmacGen = new HMACMD5(securityBytes);
+                switch (method)
+                {
+                    case Credentials.SigningMethod.md5:
+                        hmacGen = new HMACMD5(securityBytes);
+                        break;
+                    case Credentials.SigningMethod.sha1:
+                        hmacGen = new HMACSHA1(securityBytes);
+                        break;
+                    case Credentials.SigningMethod.sha256:
+                        hmacGen = new HMACSHA256(securityBytes);
+                        break;
+                    case Credentials.SigningMethod.sha512:
+                        hmacGen = new HMACSHA512(securityBytes);
+                        break;
+                }
+                var hmac = hmacGen.ComputeHash(input);
+                var sig = ByteArrayToHexHelper.ByteArrayToHex(hmac).ToUpper();
+                return sig;
+            }
+        }
+
         public Credentials()
         {