refactored and simplified the encrypt method. still getting Mozilla decrypt error.

1 year ago · 608b826d4e
4 changed files with 23 additions and 15 deletions
--- a/keys.md
+++ b/keys.md
@ -65,3 +65,10 @@ fine with PEM.

 ```

+fcm.google.com push server:
+
+```
+authorization header had invalid format. authorization header should have the following format: t=jwtToken; k=base64(publicApplicationServerKey)
+
+403
+```
--- a/package-lock.json
+++ b/package-lock.json
@ -9,6 +9,7 @@
            "version": "0.0.0",
            "license": "Apache-2.0",
            "dependencies": {
+                "base64url": "^3.0.1",
                "body-parser": "^1.20.2",
                "eckey-utils": "^0.7.13",
                "elliptic": "^6.5.4",
@ -2472,14 +2473,6 @@
                "node": ">=8"
            }
        },
-        "node_modules/asn1-ts": {
-            "version": "8.0.2",
-            "resolved": "https://registry.npmjs.org/asn1-ts/-/asn1-ts-8.0.2.tgz",
-            "integrity": "sha512-M9btvRJRhMhPsUFzAfuqkmQPaLLw1KZNl8xtIBpC5fvbAmlpgJcsLKMP/hxKMAUcH52UUTViEQ/cm6/whkYb+Q==",
-            "dependencies": {
-                "tslib": "^2.4.1"
-            }
-        },
        "node_modules/babel-jest": {
            "version": "29.6.2",
            "resolved": "https://registry.npmjs.org/babel-jest/-/babel-jest-29.6.2.tgz",
@ -2595,6 +2588,14 @@
                }
            ]
        },
+        "node_modules/base64url": {
+            "version": "3.0.1",
+            "resolved": "https://registry.npmjs.org/base64url/-/base64url-3.0.1.tgz",
+            "integrity": "sha512-ir1UPr3dkwexU7FdV8qBBbNDRUhMmIekYMFZfi+C/sLNnRESKPl23nB9b2pltqfOQNnGzsDdId90AEtG5tCx4A==",
+            "engines": {
+                "node": ">=6.0.0"
+            }
+        },
        "node_modules/bn.js": {
            "version": "4.12.0",
            "resolved": "https://registry.npmjs.org/bn.js/-/bn.js-4.12.0.tgz",
--- a/src/notificationService.ts
+++ b/src/notificationService.ts
@ -50,7 +50,7 @@ export class NotificationService {
        const vapidKeys: VapidKeys[] = await this.vapidService.getVapidKeys();
 	const vapidkey: VapidKeys = vapidKeys[0];

-        const encrypted = await this.encrypt(vapidkey, subscription.keys.p256dh, subscription.keys.auth, payloadBuffer);
+        const encrypted = await this.encrypt(subscription.keys.p256dh, subscription.keys.auth, payloadBuffer);
        const endpoint = subscription.endpoint;

        const vapidHeaders = await this.vapidService.createVapidAuthHeader(endpoint, 12 * 60 * 60, 'mailto:example@example.com', vapidkey);
@ -94,16 +94,15 @@ export class NotificationService {
    }


-    private async encrypt(appKeys: VapidKeys, p256dh: string, auth: string, payload: Buffer): Promise<Buffer> {
+    private async encrypt( p256dh: string, auth: string, payload: Buffer): Promise<Buffer> {
      try {
-	const vapidPrivateKeyBase64: string = appKeys['privateKey'];
-        const vapidPrivateKeyBuffer: Buffer = Buffer.from(vapidPrivateKeyBase64, 'base64');
        const ecdh = crypto.createECDH('prime256v1');
-        ecdh.setPrivateKey(vapidPrivateKeyBuffer);
+	ecdh.generateKeys();
 	const publicKeyBuffer: Buffer = Buffer.from(p256dh, 'base64');
 	
        return http_ece.encrypt(payload, {
-            'privateKey': ecdh,
+            'version': 'aes128gcm',
+	    'privateKey': ecdh,
            'dh': publicKeyBuffer,
            'authSecret': Buffer.from(auth)
        });
@ -112,5 +111,5 @@ export class NotificationService {
        console.error('Error encrypting payload:', error);
        throw error;
      }
-    }    
+    }
 }
--- a/src/vapidService.ts
+++ b/src/vapidService.ts
@ -81,6 +81,7 @@ class VapidService {
      exp: Math.floor((Date.now() / 1000) + expiration),
      sub: subject
    };
+    console.log(jwtInfo);
    const curveName = 'prime256v1';
    const ecdh = crypto.createECDH(curveName);
    const privateKeyBuffer = Buffer.from(privateKey, 'base64');