Added method to ensure that reponse headers are correclty cased befor…

.gitignore

@@ -72,3 +72,4 @@ context-save-restore-test.conf
 /tmp
 config.properties
 bunq-test.conf
+.idea/codeStyles/

src/main/java/com/bunq/sdk/http/ApiClient.java

@@ -44,6 +44,7 @@
 import org.apache.http.impl.client.CloseableHttpClient;
 import org.apache.http.impl.client.HttpClientBuilder;
 import org.apache.http.impl.client.HttpClients;
+import org.apache.http.message.BasicHeader;
 import org.apache.http.ssl.SSLContextBuilder;
 import org.apache.http.util.EntityUtils;
 
@@ -225,19 +226,13 @@ private String getVersion() {
 
   private BunqResponseRaw createBunqResponseRaw(CloseableHttpResponse response)
       throws IOException {
-    byte[] responseBodyBytes = getBodyBytes(response);
-
-    return new BunqResponseRaw(responseBodyBytes, getHeadersMap(response));
-  }
-
-  private byte[] getBodyBytes(CloseableHttpResponse response) throws IOException {
     Integer responseCode = response.getStatusLine().getStatusCode();
     byte[] responseBodyBytes = EntityUtils.toByteArray(response.getEntity());
 
     assertResponseSuccess(responseCode, responseBodyBytes);
     validateResponseSignature(responseCode, responseBodyBytes, response);
 
-    return responseBodyBytes;
+    return new BunqResponseRaw(responseBodyBytes, getHeadersMap(response));
   }
 
   private static void assertResponseSuccess(int responseCode, byte[] responseBodyBytes) {

src/main/java/com/bunq/sdk/security/SecurityUtils.java

@@ -4,6 +4,25 @@
 import com.bunq.sdk.exception.BunqException;
 import com.bunq.sdk.exception.UncaughtExceptionError;
 import com.bunq.sdk.http.ApiClient;
+import okio.BufferedSink;
+import okio.Okio;
+import org.apache.commons.codec.binary.Base64;
+import org.apache.http.Header;
+import org.apache.http.HttpEntityEnclosingRequest;
+import org.apache.http.HttpResponse;
+import org.apache.http.client.methods.HttpDelete;
+import org.apache.http.client.methods.HttpGet;
+import org.apache.http.client.methods.HttpPost;
+import org.apache.http.client.methods.HttpPut;
+import org.apache.http.client.methods.HttpUriRequest;
+import org.apache.http.message.BasicHeader;
+import org.apache.http.util.EntityUtils;
+
+import javax.crypto.Cipher;
+import javax.crypto.KeyGenerator;
+import javax.crypto.Mac;
+import javax.crypto.SecretKey;
+import javax.crypto.spec.IvParameterSpec;
 import java.io.ByteArrayOutputStream;
 import java.io.IOException;
 import java.security.GeneralSecurityException;
@@ -22,24 +41,9 @@
 import java.security.spec.X509EncodedKeySpec;
 import java.util.Arrays;
 import java.util.Map;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
 import java.util.stream.Collectors;
-import javax.crypto.Cipher;
-import javax.crypto.KeyGenerator;
-import javax.crypto.Mac;
-import javax.crypto.SecretKey;
-import javax.crypto.spec.IvParameterSpec;
-import okio.BufferedSink;
-import okio.Okio;
-import org.apache.commons.codec.binary.Base64;
-import org.apache.http.Header;
-import org.apache.http.HttpEntityEnclosingRequest;
-import org.apache.http.HttpResponse;
-import org.apache.http.client.methods.HttpDelete;
-import org.apache.http.client.methods.HttpGet;
-import org.apache.http.client.methods.HttpPost;
-import org.apache.http.client.methods.HttpPut;
-import org.apache.http.client.methods.HttpUriRequest;
-import org.apache.http.util.EntityUtils;
 
 /**
  * Static lib containing methods for handling encryption.
@@ -62,6 +66,7 @@ public final class SecurityUtils {
   private static final String ERROR_COULD_NOT_VERIFY_DATA = "Could not verify signed data.";
   private static final String ERROR_CAN_NOT_GET_ENTITY_BODY_BYTES =
       "Can't get body bytes of the entity.";
+  private static final String ERROR_RESPONSE_VERIFICATION_FAILED = "Response verification failed";
 
   /**
    * Constants to generate encryption keys.
@@ -141,6 +146,22 @@ public final class SecurityUtils {
   private static final String DELIMITER_METHOD_PATH = " ";
   private static final String DELIMITER_HEADER_NAME_AND_VALUE = ": ";
 
+  /**
+   * Regex constants.
+   */
+  private static final String REGEX_FOR_LOWERCASE_HEADERS = "(-[a-z])";
+
+  /**
+   * The index of the first item in an array.
+   */
+  private static final int INDEX_FIRST = 0;
+
+  /**
+   * Substring constants.
+   */
+  private static final int SUBSTRING_BEGIN_INDEX = 0;
+  private static final int SUBSTRING_END_INDEX = 1;
+
   /**
    */
   private SecurityUtils() {
@@ -455,7 +476,10 @@ private static void verifyDataSigned(Signature signature, PublicKey publicKey, b
     try {
       signature.initVerify(publicKey);
       signature.update(dataBytes);
-      signature.verify(dataBytesSigned);
+
+      if (!signature.verify(dataBytesSigned)) {
+        throw new BunqException(ERROR_RESPONSE_VERIFICATION_FAILED);
+      }
     } catch (GeneralSecurityException exception) {
       throw new BunqException(ERROR_COULD_NOT_VERIFY_DATA, exception);
     }
@@ -476,6 +500,17 @@ private static byte[] getResponseBytes(int responseCode, byte[] responseBodyByte
       Header[] responseHeaders) {
     ByteArrayOutputStream outputStream = new ByteArrayOutputStream();
 
+    for (int i = INDEX_FIRST; i < responseHeaders.length; i++) {
+      if (responseHeaders[i].getName().equals(HEADER_SERVER_SIGNATURE)) {
+        continue;
+      }
+
+      responseHeaders[i] = new BasicHeader(
+          ensureHeaderCorrectlyCased(responseHeaders[i].getName()),
+          responseHeaders[i].getValue()
+      );
+    }
+
     try {
       outputStream.write(getResponseHeadBytes(responseCode, responseHeaders));
       outputStream.write(responseBodyBytes);
@@ -486,6 +521,21 @@ private static byte[] getResponseBytes(int responseCode, byte[] responseBodyByte
     return outputStream.toByteArray();
   }
 
+  private static String ensureHeaderCorrectlyCased(String headerName) {
+    headerName = headerName.toLowerCase();
+    headerName = headerName.substring(SUBSTRING_BEGIN_INDEX, SUBSTRING_END_INDEX).toUpperCase()
+        + headerName.substring(SUBSTRING_END_INDEX);
+    Pattern pattern = Pattern.compile(REGEX_FOR_LOWERCASE_HEADERS);
+    Matcher matcher = pattern.matcher(headerName);
+
+    while (matcher.find()) {
+     String result = matcher.group();
+     headerName = headerName.replace(result, result.toUpperCase());
+    }
+
+    return headerName;
+  }
+
   private static byte[] getResponseHeadBytes(int responseCode, Header[] responseHeaders) {
     String requestHeadString = responseCode + NEWLINE +
         generateResponseHeadersSortedString(responseHeaders) + NEWLINE + NEWLINE;