Merge pull request #141 from marco-c/remove_intermediate_standard

Remove intermediate standard

Author: marco-c

index.js

@@ -80,31 +80,7 @@ function encryptOld(userPublicKey, payload) {
   };
 }
 
-// Intermediate standard, Firefox 46.
-function encryptIntermediate(userPublicKey, userAuth, payload) {
-  var localCurve = crypto.createECDH('prime256v1');
-  var localPublicKey = localCurve.generateKeys();
-
-  var salt = urlBase64.encode(crypto.randomBytes(16));
-
-  ece.saveKey('webpushKey', localCurve, 'P-256');
-
-  var cipherText = ece.encrypt(payload, {
-    keyid: 'webpushKey',
-    dh: userPublicKey,
-    salt: salt,
-    authSecret: userAuth,
-    padSize: 1,
-  });
-
-  return {
-    localPublicKey: localPublicKey,
-    salt: salt,
-    cipherText: cipherText,
-  };
-}
-
-// New standard, Firefox 47+ and Chrome 50+.
+// New standard, Firefox 46+ and Chrome 50+.
 function encrypt(userPublicKey, userAuth, payload) {
   var localCurve = crypto.createECDH('prime256v1');
   var localPublicKey = localCurve.generateKeys();
@@ -159,8 +135,8 @@ function sendNotification(endpoint, params) {
       if (userAuth) {
         if (typeof userAuth !== 'string') {
           throw new Error('userAuth should be a base64-encoded string.');
-        } else if (urlBase64.decode(userAuth).length < 12) {
-          throw new Error('userAuth should be at least 12 bytes long');
+        } else if (urlBase64.decode(userAuth).length < 16) {
+          throw new Error('userAuth should be at least 16 bytes long');
         }
       }
 
@@ -177,47 +153,34 @@ function sendNotification(endpoint, params) {
         }
       };
 
-      var encrypted;
-      var useCryptoKey = false;
+      var requestPayload;
       if (typeof payload !== 'undefined') {
+        var encrypted;
         var encodingHeader;
-
+        var cryptoHeaderName;
         if (userAuth) {
-          useCryptoKey = true;
-
-          var userAuthBuf = urlBase64.decode(userAuth);
-          if (userAuthBuf.length === 16) {
-            // Use the new standard if userAuth is defined and is 16 bytes long (Firefox 47+ and Chrome 50+).
-            encrypted = encrypt(userPublicKey, userAuth, new Buffer(payload));
-            encodingHeader = 'aesgcm';
-          } else {
-            // Use the intermediate standard if userAuth is defined and is 12 bytes long (Firefox 46).
-            encrypted = encryptIntermediate(userPublicKey, userAuth, new Buffer(payload));
-            encodingHeader = 'aesgcm128';
-          }
+          // Use the new standard if userAuth is defined (Firefox 46+ and Chrome 50+).
+          encrypted = encrypt(userPublicKey, userAuth, new Buffer(payload));
+          encodingHeader = 'aesgcm';
+          cryptoHeaderName = 'Crypto-Key';
         } else {
-          // Use the old standard if userAuth isn't defined (Firefox 45).
+          // Use the old standard if userAuth isn't defined (up to Firefox 45).
           encrypted = encryptOld(userPublicKey, new Buffer(payload));
           encodingHeader = 'aesgcm128';
+          cryptoHeaderName = 'Encryption-Key';
         }
 
         options.headers = {
-          'Content-Length': encrypted.cipherText.length,
           'Content-Type': 'application/octet-stream',
+          'Content-Encoding': encodingHeader,
           'Encryption': 'keyid=p256dh;salt=' + encrypted.salt,
         };
 
-        var cryptoHeader = 'keyid=p256dh;dh=' + urlBase64.encode(encrypted.localPublicKey);
+        options.headers[cryptoHeaderName] = 'keyid=p256dh;dh=' + urlBase64.encode(encrypted.localPublicKey);
 
-        if (useCryptoKey) {
-          options.headers['Crypto-Key'] = cryptoHeader;
-        } else {
-          options.headers['Encryption-Key'] = cryptoHeader;
-        }
-        options.headers['Content-Encoding'] = encodingHeader;
+        requestPayload = encrypted.cipherText;
       }
 
-      var gcmPayload;
       if (isGCM) {
         if (!gcmAPIKey) {
           console.warn('Attempt to send push notification to GCM endpoint, but no GCM key is defined'.bold.red);
@@ -229,19 +192,18 @@ function sendNotification(endpoint, params) {
         var gcmObj = {
           registration_ids: [ subscriptionId ],
         };
-        if (encrypted) {
-          gcmObj['raw_data'] = encrypted.cipherText.toString('base64');
+        if (requestPayload) {
+          gcmObj['raw_data'] = requestPayload.toString('base64');
         }
-        gcmPayload = JSON.stringify(gcmObj);
+        requestPayload = JSON.stringify(gcmObj);
 
         options.path = options.path.substring(0, options.path.length - subscriptionId.length - 1);
 
         options.headers['Authorization'] = 'key=' + gcmAPIKey;
         options.headers['Content-Type'] = 'application/json';
-        options.headers['Content-Length'] = gcmPayload.length;
       }
 
-      if (vapid && !isGCM && (!encrypted || useCryptoKey)) {
+      if (vapid && !isGCM && (typeof payload === 'undefined' || 'Crypto-Key' in options.headers)) {
         // VAPID isn't supported by GCM.
         // We also can't use it when there's a payload on Firefox 45, because
         // Firefox 45 uses the old standard with Encryption-Key.
@@ -278,6 +240,10 @@ function sendNotification(endpoint, params) {
         options.headers['TTL'] = 2419200; // Default TTL is four weeks.
       }
 
+      if (requestPayload) {
+        options.headers['Content-Length'] = requestPayload.length;
+      }
+
       var expectedStatusCode = isGCM ? 200 : 201;
       var pushRequest = https.request(options, function(pushResponse) {
         var body = "";
@@ -295,10 +261,8 @@ function sendNotification(endpoint, params) {
         });
       });
 
-      if (isGCM) {
-        pushRequest.write(gcmPayload);
-      } else if (typeof payload !== 'undefined') {
-        pushRequest.write(encrypted.cipherText);
+      if (requestPayload) {
+        pushRequest.write(requestPayload);
       }
 
       pushRequest.end();

test/testSendNotification.js

@@ -84,17 +84,9 @@ suite('sendNotification', function() {
                 salt: salt,
                 padSize: 1,
               });
-            } else if (req.headers['content-encoding'] === 'aesgcm128') {
-              ece.saveKey('webpushKey', userCurve, 'P-256');
+            } else if (cryptoHeader === 'crypto-key') {
+              assert.equal(req.headers['content-encoding'], 'aesgcm', 'Content-Encoding header correct');
 
-              var decrypted = ece.decrypt(body, {
-                keyid: 'webpushKey',
-                dh: appServerPublicKey,
-                salt: salt,
-                authSecret: urlBase64.encode(intermediateUserAuth),
-                padSize: 1,
-              });
-            } else if (req.headers['content-encoding'] === 'aesgcm') {
               ece.saveKey('webpushKey', userCurve, 'P-256');
 
               var decrypted = ece.decrypt(body, {
@@ -105,7 +97,7 @@ suite('sendNotification', function() {
                 padSize: 2,
               });
             } else {
-              assert(false, 'Invalid crypto header or content-encoding header value');
+              assert(false, 'Invalid crypto header value');
             }
           } else {
             assert.equal(req.headers[cryptoHeader].indexOf('keyid=p256dh;dh='), 0, 'Encryption-Key header correct');
@@ -202,23 +194,6 @@ suite('sendNotification', function() {
     });
   });
 
-  test('send/receive string (intermediate standard)', function() {
-    return startServer('hello')
-    .then(function() {
-      return webPush.sendNotification('https://127.0.0.1:' + serverPort, {
-        userPublicKey: urlBase64.encode(userPublicKey),
-        userAuth: urlBase64.encode(intermediateUserAuth),
-        payload: 'hello',
-      });
-    })
-    .then(function(body) {
-      assert(true, 'sendNotification promise resolved');
-      assert.equal(body, 'ok');
-    }, function(e) {
-      assert(false, 'sendNotification promise rejected with: ' + e);
-    });
-  });
-
   test('send/receive string (new standard)', function() {
     return startServer('hello')
     .then(function() {
@@ -550,29 +525,6 @@ suite('sendNotification', function() {
     });
   });
 
-  test('send notification with message (intermediate standard) with vapid', function() {
-    return startServer('hello', undefined, undefined, undefined, true)
-    .then(function() {
-      return webPush.sendNotification('https://127.0.0.1:' + serverPort, {
-        userPublicKey: urlBase64.encode(userPublicKey),
-        userAuth: urlBase64.encode(intermediateUserAuth),
-        payload: 'hello',
-        vapid: {
-          audience: 'https://www.mozilla.org/',
-          subject: 'mailto:[email protected]',
-          privateKey: vapidKeys.privateKey,
-          publicKey: vapidKeys.publicKey,
-        },
-      });
-    })
-    .then(function(body) {
-      assert(true, 'sendNotification promise resolved');
-      assert.equal(body, 'ok');
-    }, function(e) {
-      assert(false, 'sendNotification promise rejected with ' + e);
-    });
-  });
-
   test('send notification with message (new standard) with vapid', function() {
     return startServer('hello', undefined, undefined, undefined, true)
     .then(function() {