refactored and simplified the encrypt method. still getting Mozilla decrypt error.

keys.md

@@ -65,3 +65,10 @@ fine with PEM.
 
 ```
 
+fcm.google.com push server:
+
+```
+authorization header had invalid format. authorization header should have the following format: t=jwtToken; k=base64(publicApplicationServerKey)
+
+403
+```

package-lock.json

@@ -9,6 +9,7 @@
             "version": "0.0.0",
             "license": "Apache-2.0",
             "dependencies": {
+                "base64url": "^3.0.1",
                 "body-parser": "^1.20.2",
                 "eckey-utils": "^0.7.13",
                 "elliptic": "^6.5.4",
@@ -2472,14 +2473,6 @@
                 "node": ">=8"
             }
         },
-        "node_modules/asn1-ts": {
-            "version": "8.0.2",
-            "resolved": "https://registry.npmjs.org/asn1-ts/-/asn1-ts-8.0.2.tgz",
-            "integrity": "sha512-M9btvRJRhMhPsUFzAfuqkmQPaLLw1KZNl8xtIBpC5fvbAmlpgJcsLKMP/hxKMAUcH52UUTViEQ/cm6/whkYb+Q==",
-            "dependencies": {
-                "tslib": "^2.4.1"
-            }
-        },
         "node_modules/babel-jest": {
             "version": "29.6.2",
             "resolved": "https://registry.npmjs.org/babel-jest/-/babel-jest-29.6.2.tgz",
@@ -2595,6 +2588,14 @@
                 }
             ]
         },
+        "node_modules/base64url": {
+            "version": "3.0.1",
+            "resolved": "https://registry.npmjs.org/base64url/-/base64url-3.0.1.tgz",
+            "integrity": "sha512-ir1UPr3dkwexU7FdV8qBBbNDRUhMmIekYMFZfi+C/sLNnRESKPl23nB9b2pltqfOQNnGzsDdId90AEtG5tCx4A==",
+            "engines": {
+                "node": ">=6.0.0"
+            }
+        },
         "node_modules/bn.js": {
             "version": "4.12.0",
             "resolved": "https://registry.npmjs.org/bn.js/-/bn.js-4.12.0.tgz",

src/notificationService.ts

@@ -50,7 +50,7 @@ export class NotificationService {
         const vapidKeys: VapidKeys[] = await this.vapidService.getVapidKeys();
 	const vapidkey: VapidKeys = vapidKeys[0];
 
-        const encrypted = await this.encrypt(vapidkey, subscription.keys.p256dh, subscription.keys.auth, payloadBuffer);
+        const encrypted = await this.encrypt(subscription.keys.p256dh, subscription.keys.auth, payloadBuffer);
         const endpoint = subscription.endpoint;
 
         const vapidHeaders = await this.vapidService.createVapidAuthHeader(endpoint, 12 * 60 * 60, 'mailto:example@example.com', vapidkey);
@@ -94,16 +94,15 @@ export class NotificationService {
     }
 
 
-    private async encrypt(appKeys: VapidKeys, p256dh: string, auth: string, payload: Buffer): Promise<Buffer> {
+    private async encrypt( p256dh: string, auth: string, payload: Buffer): Promise<Buffer> {
       try {
-	const vapidPrivateKeyBase64: string = appKeys['privateKey'];
-        const vapidPrivateKeyBuffer: Buffer = Buffer.from(vapidPrivateKeyBase64, 'base64');
         const ecdh = crypto.createECDH('prime256v1');
-        ecdh.setPrivateKey(vapidPrivateKeyBuffer);
+	ecdh.generateKeys();
 	const publicKeyBuffer: Buffer = Buffer.from(p256dh, 'base64');
 	
         return http_ece.encrypt(payload, {
-            'privateKey': ecdh,
+            'version': 'aes128gcm',
+	    'privateKey': ecdh,
             'dh': publicKeyBuffer,
             'authSecret': Buffer.from(auth)
         });

src/vapidService.ts

@@ -81,6 +81,7 @@ class VapidService {
       exp: Math.floor((Date.now() / 1000) + expiration),
       sub: subject
     };
+    console.log(jwtInfo);
     const curveName = 'prime256v1';
     const ecdh = crypto.createECDH(curveName);
     const privateKeyBuffer = Buffer.from(privateKey, 'base64');