Merge pull request #175 from web-push-libs/remove_old_standard

marco-c · web-flow · commit eef0b61a234d · 2016-06-20T20:46:27.000+01:00
Remove support for the old encryption standard (retired in Firefox 45) and remove the old deprecated interface of the sendNotification function.
diff --git a/index.js b/index.js
@@ -55,35 +55,6 @@ function setGCMAPIKey(apiKey) {
   gcmAPIKey = apiKey;
 }
 
-// Old standard, Firefox 44+.
-function encryptOld(userPublicKey, payload) {
-  if (typeof payload === 'string' || payload instanceof String) {
-    payload = new Buffer(payload);
-  }
-  var localCurve = crypto.createECDH('prime256v1');
-
-  var localPublicKey = localCurve.generateKeys();
-  var localPrivateKey = localCurve.getPrivateKey();
-
-  var sharedSecret = localCurve.computeSecret(urlBase64.decode(userPublicKey));
-
-  var salt = urlBase64.encode(crypto.randomBytes(16));
-
-  ece.saveKey('webpushKey', sharedSecret);
-
-  var cipherText = ece.encrypt(payload, {
-    keyid: 'webpushKey',
-    salt: salt,
-    padSize: 1, // use the aesgcm128 encoding until aesgcm is well supported
-  });
-
-  return {
-    localPublicKey: localPublicKey,
-    salt: salt,
-    cipherText: cipherText,
-  };
-}
-
 // New standard, Firefox 46+ and Chrome 50+.
 function encrypt(userPublicKey, userAuth, payload) {
   if (typeof payload === 'string' || payload instanceof String) {
@@ -117,18 +88,15 @@ function sendNotification(endpoint, params) {
   return new Promise(function(resolve, reject) {
     try {
       if (args.length === 0) {
-        throw new Error('sendNotification requires at least one argument, the endpoint URL');
+        throw new Error('sendNotification requires at least one argument, the endpoint URL.');
       } else if (params && typeof params === 'object') {
         var TTL = params.TTL;
         var userPublicKey = params.userPublicKey;
         var userAuth = params.userAuth;
         var payload = params.payload;
         var vapid = params.vapid;
       } else if (args.length !== 1) {
-        var TTL = args[1];
-        var userPublicKey = args[2];
-        var payload = args[3];
-        console.warn('You are using the old, deprecated, interface of the `sendNotification` function.'.bold.red);
+        throw new Error('You are using the old, deprecated, interface of the `sendNotification` function.');
       }
 
       if (userPublicKey) {
@@ -162,28 +130,15 @@ function sendNotification(endpoint, params) {
 
       var requestPayload;
       if (typeof payload !== 'undefined') {
-        var encrypted;
-        var encodingHeader;
-        var cryptoHeaderName;
-        if (userAuth) {
-          // Use the new standard if userAuth is defined (Firefox 46+ and Chrome 50+).
-          encrypted = encrypt(userPublicKey, userAuth, payload);
-          encodingHeader = 'aesgcm';
-          cryptoHeaderName = 'Crypto-Key';
-        } else {
-          // Use the old standard if userAuth isn't defined (up to Firefox 45).
-          encrypted = encryptOld(userPublicKey, payload);
-          encodingHeader = 'aesgcm128';
-          cryptoHeaderName = 'Encryption-Key';
-        }
+        var encrypted = encrypt(userPublicKey, userAuth, payload);
 
         options.headers = {
           'Content-Type': 'application/octet-stream',
-          'Content-Encoding': encodingHeader,
+          'Content-Encoding': 'aesgcm',
           'Encryption': 'keyid=p256dh;salt=' + encrypted.salt,
         };
 
-        options.headers[cryptoHeaderName] = 'keyid=p256dh;dh=' + urlBase64.encode(encrypted.localPublicKey);
+        options.headers['Crypto-Key'] = 'keyid=p256dh;dh=' + urlBase64.encode(encrypted.localPublicKey);
 
         requestPayload = encrypted.cipherText;
       }
@@ -210,10 +165,8 @@ function sendNotification(endpoint, params) {
         options.headers['Content-Type'] = 'application/json';
       }
 
-      if (vapid && !isGCM && (typeof payload === 'undefined' || 'Crypto-Key' in options.headers)) {
+      if (vapid && !isGCM) {
         // VAPID isn't supported by GCM.
-        // We also can't use it when there's a payload on Firefox 45, because
-        // Firefox 45 uses the old standard with Encryption-Key.
 
         var header = {
           typ: 'JWT',
@@ -285,7 +238,6 @@ function sendNotification(endpoint, params) {
 }
 
 module.exports = {
-  encryptOld: encryptOld,
   encrypt: encrypt,
   sendNotification: sendNotification,
   setGCMAPIKey: setGCMAPIKey,
diff --git a/test/testEncryptOld.js b/test/testEncryptOld.js
diff --git a/test/testSendNotification.js b/test/testSendNotification.js
@@ -29,8 +29,6 @@ suite('sendNotification', function() {
 
   var userPublicKey = userCurve.generateKeys();
   var userPrivateKey = userCurve.getPrivateKey();
-
-  var intermediateUserAuth = crypto.randomBytes(12);
   var userAuth = crypto.randomBytes(16);
 
   var vapidKeys = webPush.generateVAPIDKeys();
@@ -57,8 +55,6 @@ suite('sendNotification', function() {
           assert.equal(req.headers['ttl'], TTL, 'TTL header correct');
         }
 
-        var cryptoHeader = !!req.headers['encryption-key'] ? 'encryption-key' : 'crypto-key';
-
         if (typeof message !== 'undefined') {
           assert(body.length > 0);
 
@@ -68,39 +64,24 @@ suite('sendNotification', function() {
           if (!isGCM) {
             assert.equal(req.headers['content-type'], 'application/octet-stream', 'Content-Type header correct');
 
-            var keys = req.headers[cryptoHeader].split(',');
+            var keys = req.headers['crypto-key'].split(',');
             var appServerPublicKey = keys.find(function(key) {
               return key.indexOf('keyid=p256dh;dh=') === 0;
             }).substring('keyid=p256dh;dh='.length);
 
-            if (cryptoHeader === 'encryption-key') {
-              assert.equal(req.headers['content-encoding'], 'aesgcm128', 'Content-Encoding header correct');
-
-              var sharedSecret = userCurve.computeSecret(urlBase64.decode(appServerPublicKey));
-              ece.saveKey('webpushKey', sharedSecret);
-
-              var decrypted = ece.decrypt(body, {
-                keyid: 'webpushKey',
-                salt: salt,
-                padSize: 1,
-              });
-            } else if (cryptoHeader === 'crypto-key') {
-              assert.equal(req.headers['content-encoding'], 'aesgcm', 'Content-Encoding header correct');
-
-              ece.saveKey('webpushKey', userCurve, 'P-256');
-
-              var decrypted = ece.decrypt(body, {
-                keyid: 'webpushKey',
-                dh: appServerPublicKey,
-                salt: salt,
-                authSecret: urlBase64.encode(userAuth),
-                padSize: 2,
-              });
-            } else {
-              assert(false, 'Invalid crypto header value');
-            }
+            assert.equal(req.headers['content-encoding'], 'aesgcm', 'Content-Encoding header correct');
+
+            ece.saveKey('webpushKey', userCurve, 'P-256');
+
+            var decrypted = ece.decrypt(body, {
+              keyid: 'webpushKey',
+              dh: appServerPublicKey,
+              salt: salt,
+              authSecret: urlBase64.encode(userAuth),
+              padSize: 2,
+            });
           } else {
-            assert.equal(req.headers[cryptoHeader].indexOf('keyid=p256dh;dh='), 0, 'Encryption-Key header correct');
+            assert.equal(req.headers['crypto-key'].indexOf('keyid=p256dh;dh='), 0, 'Crypto-Key header correct');
             assert.equal(req.headers['content-encoding'], 'aesgcm', 'Content-Encoding header correct');
             var appServerPublicKey = req.headers['crypto-key'].substring('keyid=p256dh;dh='.length);
 
@@ -121,8 +102,7 @@ suite('sendNotification', function() {
         }
 
         if (vapid) {
-          assert.equal(cryptoHeader, 'crypto-key');
-          var keys = req.headers[cryptoHeader].split(',');
+          var keys = req.headers['crypto-key'].split(',');
           var vapidKey = keys.find(function(key) {
             return key.indexOf('p256ecdsa=') === 0;
           });
@@ -178,23 +158,7 @@ suite('sendNotification', function() {
     });
   }
 
-  test('send/receive string (old standard)', function() {
-    return startServer('hello')
-    .then(function() {
-      return webPush.sendNotification('https://127.0.0.1:' + serverPort, {
-        userPublicKey: urlBase64.encode(userPublicKey),
-        payload: 'hello',
-      });
-    })
-    .then(function(body) {
-      assert(true, 'sendNotification promise resolved');
-      assert.equal(body, 'ok');
-    }, function(e) {
-      assert(false, 'sendNotification promise rejected with: ' + e);
-    });
-  });
-
-  test('send/receive string (new standard)', function() {
+  test('send/receive string', function() {
     return startServer('hello')
     .then(function() {
       return webPush.sendNotification('https://127.0.0.1:' + serverPort, {
@@ -233,6 +197,7 @@ suite('sendNotification', function() {
     .then(function() {
       return webPush.sendNotification('https://127.0.0.1:' + serverPort, {
         userPublicKey: urlBase64.encode(userPublicKey),
+        userAuth: urlBase64.encode(userAuth),
         payload: new Buffer('hello'),
       });
     })
@@ -248,6 +213,7 @@ suite('sendNotification', function() {
     .then(function() {
       return webPush.sendNotification('https://127.0.0.1:' + serverPort, {
         userPublicKey: urlBase64.encode(userPublicKey),
+        userAuth: urlBase64.encode(userAuth),
         payload: '😁',
       });
     })
@@ -265,6 +231,7 @@ suite('sendNotification', function() {
       .then(function() {
         return webPush.sendNotification('https://127.0.0.1:' + serverPort, {
           userPublicKey: urlBase64.encode(userPublicKey),
+          userAuth: urlBase64.encode(userAuth),
           payload: '',
         });
       })
@@ -320,6 +287,7 @@ suite('sendNotification', function() {
       return webPush.sendNotification('https://127.0.0.1:' + serverPort, {
         TTL: 5,
         userPublicKey: urlBase64.encode(userPublicKey),
+        userAuth: urlBase64.encode(userAuth),
         payload: 'hello',
       });
     })
@@ -479,53 +447,24 @@ suite('sendNotification', function() {
   });
 
   test('TTL with old interface', function() {
-    return startServer(undefined, 5)
-    .then(function() {
-      return webPush.sendNotification('https://127.0.0.1:' + serverPort, 5);
-    })
+    return webPush.sendNotification('https://127.0.0.1:' + serverPort, 5)
     .then(function(body) {
-      assert(true, 'sendNotification promise resolved');
+      assert(false, 'sendNotification promise resolved');
     }, function() {
-      assert(false, 'sendNotification promise rejected');
+      assert(true, 'sendNotification promise rejected');
     });
   });
 
   test('payload with old interface', function() {
-    return startServer('hello', 0)
-    .then(function() {
-      return webPush.sendNotification('https://127.0.0.1:' + serverPort, 0, urlBase64.encode(userPublicKey), 'hello');
-    })
+    return webPush.sendNotification('https://127.0.0.1:' + serverPort, 0, urlBase64.encode(userPublicKey), 'hello')
     .then(function(body) {
-      assert(true, 'sendNotification promise resolved');
-      assert.equal(body, 'ok');
+      assert(false, 'sendNotification promise resolved');
     }, function() {
-      assert(false, 'sendNotification promise rejected');
-    });
-  });
-
-  test('send notification with message (old standard) with vapid', function() {
-    return startServer('hello', undefined, undefined, undefined, false)
-    .then(function() {
-      return webPush.sendNotification('https://127.0.0.1:' + serverPort, {
-        userPublicKey: urlBase64.encode(userPublicKey),
-        payload: 'hello',
-        vapid: {
-          audience: 'https://www.mozilla.org/',
-          subject: 'mailto:mozilla@example.org',
-          privateKey: vapidKeys.privateKey,
-          publicKey: vapidKeys.publicKey,
-        },
-      });
-    })
-    .then(function(body) {
-      assert(true, 'sendNotification promise resolved');
-      assert.equal(body, 'ok');
-    }, function(e) {
-      assert(false, 'sendNotification promise rejected with ' + e);
+      assert(true, 'sendNotification promise rejected');
     });
   });
 
-  test('send notification with message (new standard) with vapid', function() {
+  test('send notification with message with vapid', function() {
     return startServer('hello', undefined, undefined, undefined, true)
     .then(function() {
       return webPush.sendNotification('https://127.0.0.1:' + serverPort, {
@@ -561,11 +500,13 @@ suite('sendNotification', function() {
 
     return startServer(undefined, undefined, 200, true)
     .then(function() {
-      return webPush.sendNotification('https://android.googleapis.com/gcm/send/someSubscriptionID', 5, undefined, undefined, {
+      return webPush.sendNotification('https://android.googleapis.com/gcm/send/someSubscriptionID', {
+        vapid: {
           audience: 'https://www.mozilla.org/',
           subject: 'mailto:mozilla@example.org',
           privateKey: vapidKeys.privateKey,
           publicKey: vapidKeys.publicKey,
+        }
       });
     })
     .then(function(body) {
