From 608b826d4ec7c6514565681f51fd0b917738ef8d Mon Sep 17 00:00:00 2001 From: Matthew Raymer Date: Sat, 23 Sep 2023 06:36:58 -0400 Subject: [PATCH] refactored and simplified the encrypt method. still getting Mozilla decrypt error. --- keys.md | 7 +++++++ package-lock.json | 17 +++++++++-------- src/notificationService.ts | 13 ++++++------- src/vapidService.ts | 1 + 4 files changed, 23 insertions(+), 15 deletions(-) diff --git a/keys.md b/keys.md index 6b5b186..94eca98 100644 --- a/keys.md +++ b/keys.md @@ -65,3 +65,10 @@ fine with PEM. ``` +fcm.google.com push server: + +``` +authorization header had invalid format. authorization header should have the following format: t=jwtToken; k=base64(publicApplicationServerKey) + +403 +``` \ No newline at end of file diff --git a/package-lock.json b/package-lock.json index 15336c7..954e2fe 100644 --- a/package-lock.json +++ b/package-lock.json @@ -9,6 +9,7 @@ "version": "0.0.0", "license": "Apache-2.0", "dependencies": { + "base64url": "^3.0.1", "body-parser": "^1.20.2", "eckey-utils": "^0.7.13", "elliptic": "^6.5.4", @@ -2472,14 +2473,6 @@ "node": ">=8" } }, - "node_modules/asn1-ts": { - "version": "8.0.2", - "resolved": "https://registry.npmjs.org/asn1-ts/-/asn1-ts-8.0.2.tgz", - "integrity": "sha512-M9btvRJRhMhPsUFzAfuqkmQPaLLw1KZNl8xtIBpC5fvbAmlpgJcsLKMP/hxKMAUcH52UUTViEQ/cm6/whkYb+Q==", - "dependencies": { - "tslib": "^2.4.1" - } - }, "node_modules/babel-jest": { "version": "29.6.2", "resolved": "https://registry.npmjs.org/babel-jest/-/babel-jest-29.6.2.tgz", @@ -2595,6 +2588,14 @@ } ] }, + "node_modules/base64url": { + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/base64url/-/base64url-3.0.1.tgz", + "integrity": "sha512-ir1UPr3dkwexU7FdV8qBBbNDRUhMmIekYMFZfi+C/sLNnRESKPl23nB9b2pltqfOQNnGzsDdId90AEtG5tCx4A==", + "engines": { + "node": ">=6.0.0" + } + }, "node_modules/bn.js": { "version": "4.12.0", "resolved": "https://registry.npmjs.org/bn.js/-/bn.js-4.12.0.tgz", diff --git a/src/notificationService.ts b/src/notificationService.ts index e07f25f..8847a84 100644 --- a/src/notificationService.ts +++ b/src/notificationService.ts @@ -50,7 +50,7 @@ export class NotificationService { const vapidKeys: VapidKeys[] = await this.vapidService.getVapidKeys(); const vapidkey: VapidKeys = vapidKeys[0]; - const encrypted = await this.encrypt(vapidkey, subscription.keys.p256dh, subscription.keys.auth, payloadBuffer); + const encrypted = await this.encrypt(subscription.keys.p256dh, subscription.keys.auth, payloadBuffer); const endpoint = subscription.endpoint; const vapidHeaders = await this.vapidService.createVapidAuthHeader(endpoint, 12 * 60 * 60, 'mailto:example@example.com', vapidkey); @@ -94,16 +94,15 @@ export class NotificationService { } - private async encrypt(appKeys: VapidKeys, p256dh: string, auth: string, payload: Buffer): Promise { + private async encrypt( p256dh: string, auth: string, payload: Buffer): Promise { try { - const vapidPrivateKeyBase64: string = appKeys['privateKey']; - const vapidPrivateKeyBuffer: Buffer = Buffer.from(vapidPrivateKeyBase64, 'base64'); const ecdh = crypto.createECDH('prime256v1'); - ecdh.setPrivateKey(vapidPrivateKeyBuffer); + ecdh.generateKeys(); const publicKeyBuffer: Buffer = Buffer.from(p256dh, 'base64'); return http_ece.encrypt(payload, { - 'privateKey': ecdh, + 'version': 'aes128gcm', + 'privateKey': ecdh, 'dh': publicKeyBuffer, 'authSecret': Buffer.from(auth) }); @@ -112,5 +111,5 @@ export class NotificationService { console.error('Error encrypting payload:', error); throw error; } - } + } } diff --git a/src/vapidService.ts b/src/vapidService.ts index ebcccfb..b162f01 100644 --- a/src/vapidService.ts +++ b/src/vapidService.ts @@ -81,6 +81,7 @@ class VapidService { exp: Math.floor((Date.now() / 1000) + expiration), sub: subject }; + console.log(jwtInfo); const curveName = 'prime256v1'; const ecdh = crypto.createECDH(curveName); const privateKeyBuffer = Buffer.from(privateKey, 'base64');