public void TestGenerateSignatureMD5()
{
var signingKey = "2zzXDyLUAEdT8rTcKqJuOwgPmRYBDAu4jXDi0GmoARevPdOZ1R";
var expectedSig = "666c2c1a3fe7d621ad10456c4531e702";
var request = @"{
""msisdn"": ""447700900001"",
""to"": ""447700900000"",
""messageId"": ""0A0000000123ABCD1"",
""text"": ""Hello world"",
""type"": ""text"",
""keyword"": ""HELLO"",
""message-timestamp"": ""2020-01-01T12:00:00.000+00:00"",
""timestamp"": ""1578787200"",
""nonce"": ""aaaaaaaa-bbbb-cccc-dddd-0123456789ab"",
""concat"": ""true"",
""concat-ref"": ""1"",
""concat-total"": ""3"",
""concat-part"": ""2"",
""data"": ""abc123"",
""udh"": ""abc123"",
""sig"":""12345""
}";
var message = JsonConvert.DeserializeObject <SMS.SMSInbound>(request);
var dict = JsonConvert.DeserializeObject <Dictionary <string, string> >(request);
var signatureString = SMS.SMSInbound.ConstructSignatureStringFromDictionary(dict);
var method = SmsSignatureGenerator.Method.md5hash;
var testSig = SmsSignatureGenerator.GenerateSignature(signatureString, signingKey, method);
Assert.Equal(testSig, expectedSig);
}
public void TestGenerateSignatureSHA512HMAC()
{
var signingKey = "2zzXDyLUAEdT8rTcKqJuOwgPmRYBDAu4jXDi0GmoARevPdOZ1R";
var expectedSig = "AB1630493820A5DE881333F3320E2755212D3CF96B5E20158229B19928B380205043230F00F2E5FAE8FD4CEE8F7FD2CEF364C03086A00FF2F3644B05561CC232";
var request = @"{
""msisdn"": ""447700900001"",
""to"": ""447700900000"",
""messageId"": ""0A0000000123ABCD1"",
""text"": ""Hello world"",
""type"": ""text"",
""keyword"": ""HELLO"",
""message-timestamp"": ""2020-01-01T12:00:00.000+00:00"",
""timestamp"": ""1578787200"",
""nonce"": ""aaaaaaaa-bbbb-cccc-dddd-0123456789ab"",
""concat"": ""true"",
""concat-ref"": ""1"",
""concat-total"": ""3"",
""concat-part"": ""2"",
""data"": ""abc123"",
""udh"": ""abc123"",
""sig"":""12345""
}";
var message = JsonConvert.DeserializeObject <SMS.SMSInbound>(request);
var dict = JsonConvert.DeserializeObject <Dictionary <string, string> >(request);
var signatureString = SMS.SMSInbound.ConstructSignatureStringFromDictionary(dict);
var method = SmsSignatureGenerator.Method.sha512;
var testSig = SmsSignatureGenerator.GenerateSignature(signatureString, signingKey, method);
Assert.Equal(testSig, expectedSig);
}
public void TestGenerateSignatureSHA256HMAC()
{
var signingKey = "2zzXDyLUAEdT8rTcKqJuOwgPmRYBDAu4jXDi0GmoARevPdOZ1R";
var expectedSig = "B5FE66C4FE808C191B27D0AFC56918B5CC1FDC4784B82528C1D0537BA8A57192";
var request = @"{
""msisdn"": ""447700900001"",
""to"": ""447700900000"",
""messageId"": ""0A0000000123ABCD1"",
""text"": ""Hello world"",
""type"": ""text"",
""keyword"": ""HELLO"",
""message-timestamp"": ""2020-01-01T12:00:00.000+00:00"",
""timestamp"": ""1578787200"",
""nonce"": ""aaaaaaaa-bbbb-cccc-dddd-0123456789ab"",
""concat"": ""true"",
""concat-ref"": ""1"",
""concat-total"": ""3"",
""concat-part"": ""2"",
""data"": ""abc123"",
""udh"": ""abc123"",
""sig"":""12345""
}";
var message = JsonConvert.DeserializeObject <SMS.SMSInbound>(request);
var dict = JsonConvert.DeserializeObject <Dictionary <string, string> >(request);
var signatureString = SMS.SMSInbound.ConstructSignatureStringFromDictionary(dict);
var method = SmsSignatureGenerator.Method.sha256;
var testSig = SmsSignatureGenerator.GenerateSignature(signatureString, signingKey, method);
Assert.Equal(testSig, expectedSig);
}
private static StringBuilder BuildQueryString(IDictionary <string, string> parameters, Credentials creds = null)
{
var apiKey = (creds?.ApiKey ?? Configuration.Instance.Settings["appSettings:Nexmo.api_key"])?.ToLower();
var apiSecret = creds?.ApiSecret ?? Configuration.Instance.Settings["appSettings:Nexmo.api_secret"];
var securitySecret = creds?.SecuritySecret ?? Configuration.Instance.Settings["appSettings:Nexmo.security_secret"];
SmsSignatureGenerator.Method method;
if (creds?.Method != null)
{
method = creds.Method;
}
else if (Enum.TryParse(Configuration.Instance.Settings["appSettings:Nexmo.signing_method"], out method))
{
//left blank intentionally
}
else
{
method = SmsSignatureGenerator.Method.md5hash;
}
var sb = new StringBuilder();
var signature_sb = new StringBuilder();
Action <IDictionary <string, string>, StringBuilder> buildStringFromParams = (param, strings) =>
{
foreach (var kvp in param)
{
strings.AppendFormat("{0}={1}&", WebUtility.UrlEncode(kvp.Key), WebUtility.UrlEncode(kvp.Value));
}
};
Action <IDictionary <string, string>, StringBuilder> buildSignatureStringFromParams = (param, strings) =>
{
foreach (var kvp in param)
{
strings.AppendFormat("{0}={1}&", kvp.Key.Replace('=', '_').Replace('&', '_'), kvp.Value.Replace('=', '_').Replace('&', '_'));
}
};
parameters.Add("api_key", apiKey);
if (string.IsNullOrEmpty(securitySecret))
{
// security secret not provided, do not sign
parameters.Add("api_secret", apiSecret);
buildStringFromParams(parameters, sb);
return(sb);
}
parameters.Add("timestamp", ((int)(DateTime.UtcNow - new DateTime(1970, 1, 1, 0, 0, 0, DateTimeKind.Utc)).TotalSeconds).ToString(CultureInfo.InvariantCulture));
var sortedParams = new SortedDictionary <string, string>(parameters);
buildStringFromParams(sortedParams, sb);
buildSignatureStringFromParams(sortedParams, signature_sb);
var queryToSign = "&" + signature_sb.ToString();
queryToSign = queryToSign.Remove(queryToSign.Length - 1);
var signature = SmsSignatureGenerator.GenerateSignature(queryToSign, securitySecret, method);
sb.AppendFormat("sig={0}", signature);
return(sb);
}
public bool ValidateSignature(string signatureSecret, SmsSignatureGenerator.Method method)
{
//use json representation to create a useable dictionary
var json = JsonConvert.SerializeObject(this, Formatting.None, new JsonSerializerSettings {
DefaultValueHandling = DefaultValueHandling.Ignore
});
var dict = JsonConvert.DeserializeObject <Dictionary <string, string> >(json);
var signatureString = ConstructSignatureStringFromDictionary(dict);
var testSig = SmsSignatureGenerator.GenerateSignature(signatureString, signatureSecret, method).ToString();
System.Diagnostics.Debug.WriteLine(testSig);
Console.WriteLine(testSig);
return(testSig == Sig);
}
public ActionResult Validate([FromQuery] SMS.SMSInbound response)
{
var queryDictionary = HttpContext.Request.Query.ToDictionary(x => x.Key, x => x.Value.ToString());
var signatureString = SMS.SMSInbound.ConstructSignatureStringFromDictionary(queryDictionary);
var NEXMO_SECRET_SIGNATURE_KEY = "NEXMO_SECRET_SIGNATURE_KEY";
var method = SmsSignatureGenerator.Method.md5hash;
var testSig = SmsSignatureGenerator.GenerateSignature(signatureString, NEXMO_SECRET_SIGNATURE_KEY, method);
var match = response.sig == testSig;
if (match)
{
Debug.WriteLine("Valid Signature");
}
else
{
Debug.WriteLine("Invalid Signature");
}
return(StatusCode(StatusCodes.Status200OK));
}
