jose optional

Author: Minishlink

README.md

@@ -7,6 +7,11 @@
 ## Installation
 `composer require minishlink/web-push`
 
+If you have a PHP version smaller than 5.5.9, you will not be able to send any payload.
+
+If you have a PHP version smaller than 7.1, you will have to `composer require spomky-labs/jose:2.0.x-dev`,
+and if you want to speed things up, install the [PHP Crypto](https://github.com/bukka/php-crypto) extension.
+
 ## Usage
 WebPush can be used to send notifications to endpoints which server delivers web push notifications as described in 
 the [Web Push API specification](http://www.w3.org/TR/push-api/).
@@ -140,7 +145,8 @@ Not until the [Push API spec](http://www.w3.org/TR/push-api/) is finished.
 ### What about security?
 Internally, WebPush uses the [phpecc](https://github.com/phpecc/phpecc) Elliptic Curve Cryptography library to create 
 local public and private keys and compute the shared secret. 
-Then, WebPush uses `openssl` in order to encrypt the payload with the encryption key.
+Then, if you have a PHP >= 7.1, WebPush uses `openssl` in order to encrypt the payload with the encryption key.
+It uses [jose](https://github.com/Spomky-Labs/jose) if you have PHP < 7.1, which is slower.
 
 ### How to solve "SSL certificate problem: unable to get local issuer certificate" ?
 Your installation lacks some certificates.

composer.json

@@ -16,11 +16,14 @@
     "php": ">=5.4",
     "kriswallsmith/buzz": ">=0.6",
     "mdanter/ecc": "^0.3.0",
-    "lib-openssl": "*",
-    "spomky-labs/jose": "2.0.x-dev"
+    "lib-openssl": "*"
   },
   "require-dev": {
-    "phpunit/phpunit": "4.8.*"
+    "phpunit/phpunit": "4.8.*",
+    "spomky-labs/jose": "2.0.x-dev"
+  },
+  "suggest": {
+    "spomky-labs/jose:2.0.x-dev": "Payload support if you have 5.5.9 <= PHP version < 7.1"
   },
   "autoload": {
     "psr-4" : {

src/WebPush.php

@@ -40,6 +40,12 @@ class WebPush
     /** @var int Time To Live of notifications */
     private $TTL;
 
+    /** @var boolean */
+    private $payloadEncryptionSupport;
+
+    /** @var boolean */
+    private $nativePayloadEncryptionSupport;
+
     /**
      * WebPush constructor.
      *
@@ -56,6 +62,9 @@ public function __construct(array $apiKeys = array(), $TTL = 2419200, $timeout =
         $client = isset($client) ? $client : new MultiCurl();
         $client->setTimeout($timeout);
         $this->browser = new Browser($client);
+
+        $this->payloadEncryptionSupport = version_compare(phpversion(), '5.5.9', '>=');
+        $this->nativePayloadEncryptionSupport = version_compare(phpversion(), '7.1', '>=');
     }
 
     /**
@@ -186,11 +195,11 @@ private function encrypt($userPublicKey, $payload)
         $salt = openssl_random_pseudo_bytes(16);
 
         // get encryption key
-        $encryptionKey = hash_hmac('sha256', $salt, $sharedSecret);
+        $encryptionKey = hash_hmac('sha256', $salt, $sharedSecret, true);
 
         // encrypt
         $iv = openssl_random_pseudo_bytes(openssl_cipher_iv_length('aes-128-gcm'));
-        if (phpversion() < 7.1) {
+        if (!$this->nativePayloadEncryptionSupport) {
             list($encryptedText, $tag) = GCM::encrypt($encryptionKey, $iv, $payload, "");
             $cipherText = $encryptedText.$tag;
         } else {
@@ -200,7 +209,7 @@ private function encrypt($userPublicKey, $payload)
         return array(
             'localPublicKey' => $localPublicKey,
             'salt' => base64_encode($salt),
-            'cipherText' => $cipherText,
+            'cipherText' => base64_encode($cipherText),
         );
     }
 
@@ -212,15 +221,15 @@ private function sendToStandardEndpoints(array $notifications)
             $payload = $notification->getPayload();
             $userPublicKey = $notification->getUserPublicKey();
 
-            if (isset($payload) && isset($userPublicKey)) {
+            if (isset($payload) && isset($userPublicKey) && $this->payloadEncryptionSupport) {
                 $encrypted = $this->encrypt($userPublicKey, $payload);
 
                 $headers = array(
                     'Content-Length' => strlen($encrypted['cipherText']),
                     'Content-Type' => 'application/octet-stream',
-                    'Encryption-Key' => 'keyid=p256dh;dh='.$encrypted['localPublicKey'],
-                    'Encryption' => 'keyid=p256dh;salt='.$encrypted['salt'],
-                    'Content-Encoding' => 'aesgcm128',
+                    'Content-Encoding' => 'aesgcm-128',
+                    'Encryption' => 'keyid="p256dh";salt="'.$encrypted['salt'].'"',
+                    'Encryption-Key' => 'keyid="p256dh";dh="'.$encrypted['localPublicKey'].'"',
                     'TTL' => $this->TTL,
                 );