Merge pull request #98 from web-push-libs/feat/97

feat: Move to RFC 8188 "aes128gcm" content encoding default

Author: jrconlin

README.md

@@ -65,8 +65,8 @@ in the `subscription_info` block.
 *data* - can be any serial content (string, bit array, serialized JSON, etc), but be sure that your receiving
 application is able to parse and understand it. (e.g. `data = "Mary had a little lamb."`)
 
-*content_type* - specifies the form of Encryption to use, either `'aesgcm'` or the newer `'aes128gcm'`. NOTE that
-not all User Agents can decrypt `'aes128gcm'`, so the library defaults to the older form.
+*content_type* - specifies the form of Encryption to use, either `'aes128gcm'` or the deprecated `'aesgcm'`. NOTE that
+not all User Agents can decrypt `'aesgcm'`, so the library defaults to the RFC 8188 standard form.
 
 *vapid_claims* - a `dict` containing the VAPID claims required for authorization (See
 [py_vapid](https://github.com/web-push-libs/vapid/tree/master/python) for more details). If `aud` is not specified,
@@ -120,7 +120,7 @@ can pass just `wp = WebPusher(subscription_info)`. This will return a `WebPusher
 
 The following methods are available:
 
-#### `.send(data, headers={}, ttl=0, gcm_key="", reg_id="", content_encoding="aesgcm", curl=False, timeout=None)`
+#### `.send(data, headers={}, ttl=0, gcm_key="", reg_id="", content_encoding="aes128gcm", curl=False, timeout=None)`
 
 Send the data using additional parameters. On error, returns a `WebPushException`
 
@@ -137,7 +137,7 @@ Developer Console.
 
 *reg_id* Google Cloud Messaging registration ID (will be extracted from endpoint if not specified)
 
-*content_encoding* ECE content encoding type (defaults to "aesgcm")
+*content_encoding* ECE content encoding type (defaults to "aes128gcm")
 
 *curl* Do not execute the POST, but return as a `curl` command. This will write the encrypted content to a local file
 named `encrpypted.data`. This command is meant to be used for debugging purposes.
@@ -153,15 +153,15 @@ to send from Chrome using the old GCM mode:
 WebPusher(subscription_info).send(data, headers, ttl, gcm_key)
 ```
 
-#### `.encode(data, content_encoding="aesgcm")`
+#### `.encode(data, content_encoding="aes128gcm")`
 
 Encode the `data` for future use. On error, returns a `WebPushException`
 
 **Parameters**
 
 *data* Binary string of data to send
 
-*content_encoding* ECE content encoding type (defaults to "aesgcm")
+*content_encoding* ECE content encoding type (defaults to "aes128gcm")
 
 **Example**
 

README.rst

@@ -66,8 +66,9 @@ etc), but be sure that your receiving application is able to parse and
 understand it. (e.g. ``data = "Mary had a little lamb."``)
 
 *content\_type* - specifies the form of Encryption to use, either
-``'aesgcm'`` or the newer ``'aes128gcm'``. NOTE that not all User Agents
-can decrypt ``'aes128gcm'``, so the library defaults to the older form.
+``'aes128gcm'`` or the deprecated ``'aesgcm'``. NOTE that not all User
+Agents can decrypt ``'aesgcm'``, so the library defaults to the RFC 8188
+standard form.
 
 *vapid\_claims* - a ``dict`` containing the VAPID claims required for
 authorization (See
@@ -129,8 +130,8 @@ object.
 
 The following methods are available:
 
-``.send(data, headers={}, ttl=0, gcm_key="", reg_id="", content_encoding="aesgcm", curl=False, timeout=None)``
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+``.send(data, headers={}, ttl=0, gcm_key="", reg_id="", content_encoding="aes128gcm", curl=False, timeout=None)``
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 
 Send the data using additional parameters. On error, returns a
 ``WebPushException``
@@ -150,7 +151,7 @@ system) This is the API key obtained from the Google Developer Console.
 *reg\_id* Google Cloud Messaging registration ID (will be extracted from
 endpoint if not specified)
 
-*content\_encoding* ECE content encoding type (defaults to "aesgcm")
+*content\_encoding* ECE content encoding type (defaults to "aes128gcm")
 
 *curl* Do not execute the POST, but return as a ``curl`` command. This
 will write the encrypted content to a local file named
@@ -168,8 +169,8 @@ to send from Chrome using the old GCM mode:
 
     WebPusher(subscription_info).send(data, headers, ttl, gcm_key)
 
-``.encode(data, content_encoding="aesgcm")``
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+``.encode(data, content_encoding="aes128gcm")``
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 
 Encode the ``data`` for future use. On error, returns a
 ``WebPushException``
@@ -178,7 +179,7 @@ Encode the ``data`` for future use. On error, returns a
 
 *data* Binary string of data to send
 
-*content\_encoding* ECE content encoding type (defaults to "aesgcm")
+*content\_encoding* ECE content encoding type (defaults to "aes128gcm")
 
 **Example**
 

pywebpush/__init__.py

@@ -113,7 +113,7 @@ class WebPusher:
     valid_encodings = [
         # "aesgcm128",  # this is draft-0, but DO NOT USE.
         "aesgcm",  # draft-httpbis-encryption-encoding-01
-        "aes128gcm"  # draft-httpbis-encryption-encoding-04
+        "aes128gcm"  # RFC8188 Standard encoding
     ]
 
     def __init__(self, subscription_info, requests_session=None):
@@ -158,17 +158,16 @@ def _repad(self, data):
         """Add base64 padding to the end of a string, if required"""
         return data + b"===="[:len(data) % 4]
 
-    def encode(self, data, content_encoding="aesgcm"):
+    def encode(self, data, content_encoding="aes128gcm"):
         """Encrypt the data.
 
         :param data: A serialized block of byte data (String, JSON, bit array,
             etc.) Make sure that whatever you send, your client knows how
             to understand it.
         :type data: str
         :param content_encoding: The content_encoding type to use to encrypt
-            the data. Defaults to draft-01 "aesgcm". Latest draft-04 is
-            "aes128gcm", however not all clients may be able to use this
-            format.
+            the data. Defaults to RFC8188 "aes128gcm". The previous draft-01 is
+            "aesgcm", however this format is now deprecated.
         :type content_encoding: enum("aesgcm", "aes128gcm")
 
         """
@@ -242,7 +241,7 @@ def as_curl(self, endpoint, encoded_data, headers):
             url=endpoint, headers="".join(header_list), data=data))
 
     def send(self, data=None, headers=None, ttl=0, gcm_key=None, reg_id=None,
-             content_encoding="aesgcm", curl=False, timeout=None):
+             content_encoding="aes128gcm", curl=False, timeout=None):
         """Encode and send the data to the Push Service.
 
         :param data: A serialized block of data (see encode() ).
@@ -259,7 +258,7 @@ def send(self, data=None, headers=None, ttl=0, gcm_key=None, reg_id=None,
         :param reg_id: registration id of the recipient. If not provided,
             it will be extracted from the endpoint.
         :type reg_id: str
-        :param content_encoding: ECE content encoding (defaults to "aesgcm")
+        :param content_encoding: ECE content encoding (defaults to "aes128gcm")
         :type content_encoding: str
         :param curl: Display output as `curl` command instead of sending
         :type curl: bool
@@ -285,8 +284,11 @@ def send(self, data=None, headers=None, ttl=0, gcm_key=None, reg_id=None,
             headers.update({
                 'crypto-key': crypto_key,
                 'content-encoding': content_encoding,
-                'encryption': "salt=" + encoded['salt'].decode('utf8'),
             })
+            if encoded.get('salt'):
+                headers.update({
+                    'encryption': "salt=" + encoded['salt'].decode('utf8')
+                })
         if gcm_key:
             endpoint = 'https://android.googleapis.com/gcm/send'
             reg_ids = []
@@ -325,7 +327,7 @@ def webpush(subscription_info,
             data=None,
             vapid_private_key=None,
             vapid_claims=None,
-            content_encoding="aesgcm",
+            content_encoding="aes128gcm",
             curl=False,
             timeout=None,
             ttl=0):

pywebpush/tests/test_webpush.py

@@ -134,11 +134,10 @@ def test_send(self, mock_post):
         eq_(subscription_info.get('endpoint'), mock_post.call_args[0][0])
         pheaders = mock_post.call_args[1].get('headers')
         eq_(pheaders.get('ttl'), '0')
-        ok_('encryption' in pheaders)
         eq_(pheaders.get('AUTHENTICATION'), headers.get('Authentication'))
         ckey = pheaders.get('crypto-key')
         ok_('pre-existing' in ckey)
-        eq_(pheaders.get('content-encoding'), 'aesgcm')
+        eq_(pheaders.get('content-encoding'), 'aes128gcm')
 
     @patch("requests.post")
     def test_send_vapid(self, mock_post):
@@ -164,12 +163,11 @@ def repad(str):
             ).decode('utf8')
         )
         ok_(subscription_info.get('endpoint').startswith(auth['aud']))
-        ok_('encryption' in pheaders)
         ok_('WebPush' in pheaders.get('authorization'))
         ckey = pheaders.get('crypto-key')
         ok_('p256ecdsa=' in ckey)
         ok_('dh=' in ckey)
-        eq_(pheaders.get('content-encoding'), 'aesgcm')
+        eq_(pheaders.get('content-encoding'), 'aes128gcm')
 
     @patch.object(WebPusher, "send")
     @patch.object(py_vapid.Vapid, "sign")
@@ -262,8 +260,7 @@ def test_send_no_headers(self, mock_post):
         eq_(subscription_info.get('endpoint'), mock_post.call_args[0][0])
         pheaders = mock_post.call_args[1].get('headers')
         eq_(pheaders.get('ttl'), '0')
-        ok_('encryption' in pheaders)
-        eq_(pheaders.get('content-encoding'), 'aesgcm')
+        eq_(pheaders.get('content-encoding'), 'aes128gcm')
 
     @patch("pywebpush.open")
     def test_as_curl(self, opener):
@@ -281,9 +278,8 @@ def test_as_curl(self, opener):
         for s in [
             "curl -vX POST https://example.com",
             "-H \"crypto-key: p256ecdsa=",
-            "-H \"content-encoding: aesgcm\"",
+            "-H \"content-encoding: aes128gcm\"",
             "-H \"authorization: WebPush ",
-            "-H \"encryption: salt=",
             "-H \"ttl: 0\"",
             "-H \"content-length:"
         ]:
@@ -334,11 +330,10 @@ def test_send_using_requests_session(self, mock_session):
             mock_session.post.call_args[0][0])
         pheaders = mock_session.post.call_args[1].get('headers')
         eq_(pheaders.get('ttl'), '0')
-        ok_('encryption' in pheaders)
         eq_(pheaders.get('AUTHENTICATION'), headers.get('Authentication'))
         ckey = pheaders.get('crypto-key')
         ok_('pre-existing' in ckey)
-        eq_(pheaders.get('content-encoding'), 'aesgcm')
+        eq_(pheaders.get('content-encoding'), 'aes128gcm')
 
 
 class WebpushExceptionTestCase(unittest.TestCase):

setup.py

@@ -3,20 +3,21 @@
 
 from setuptools import find_packages, setup
 
-__version__ = "1.7.0"
+
+__version__ = "1.8.0"
 
 
 def read_from(file):
     reply = []
     with io.open(os.path.join(here, file), encoding='utf8') as f:
-        for l in f:
-            l = l.strip()
-            if not l:
+        for line in f:
+            line = line.strip()
+            if not line:
                 break
-            if l[:2] == '-r':
-                reply += read_from(l.split(' ')[1])
+            if line[:2] == '-r':
+                reply += read_from(line.split(' ')[1])
                 continue
-            if l[0] != '#' or l[:2] != '//':
+            if line[0] != '#' or line[:2] != '//':
                 reply.append(l)
     return reply