[aerogear-dev] Push message encryption to support PushMessageData of Push API

Idel Pivnitskiy idel.pivnitskiy at gmail.com
Sun Aug 21 23:38:02 EDT 2016 

I've implemented encryption of push message payload for WebPush variant.
Here are two different solutions for the same problem, which use different
libs:

   1. https://github.com/aerogear/aerogear-unifiedpush-server/pull/747
   2. https://github.com/aerogear/aerogear-unifiedpush-server/pull/742

I also updated my previous example for js cookbook. Now it supports push
notifications with payloads too:
https://github.com/aerogear/aerogear-js-cookbook/pull/16

But I have a problem with java.security and Bouncy Castle provider. When
you send a push message, a server gets an exception
*java.security.InvalidAlgorithmParameterException:
parameter object not a ECParameterSpec*. For more information and to look
at the full stack trace, go to the PRs.

Could anyone look at this and help me to resolve this problem?

Thanks,
Idel Pivnitskiy
--
Twitter: @idelpivnitskiy <https://twitter.com/idelpivnitskiy>
GitHub: @idelpivnitskiy <https://github.com/idelpivnitskiy>

On Tue, Jul 26, 2016 at 2:01 PM, Idel Pivnitskiy <idel.pivnitskiy at gmail.com>
wrote:

> perhaps break it down, on the server into two different sending processes
>> ?
>> native send (curernt)
>> wrbpush send ?
>>
>> where we would have a WebPushSender API ?
>>
>
> Hard to talk about separate unique API for WebPush right now, when here is
> just two implementations (FCM and MPS) and both of them have not
> implemented WebPush protocol yet. Think that temporal experimental solution
> may be enough now. Let's see what can I do today-tomorrow to allow sending
> push notifications to both (FCM and MPS) providers for WebPush variant [1].
>
> [1] https://github.com/aerogear/aerogear-unifiedpush-
> server/pull/745#discussion_r72153644
>
> Best regards,
> Idel Pivnitskiy
> --
> Twitter: @idelpivnitskiy <https://twitter.com/idelpivnitskiy>
> GitHub: @idelpivnitskiy <https://github.com/idelpivnitskiy>
>
> On Tue, Jul 26, 2016 at 1:17 PM, Matthias Wessendorf <matzew at apache.org>
> wrote:
>
>> perhaps break it down, on the server into two different sending processes
>> ?
>> native send (curernt)
>> wrbpush send ?
>>
>> where we would have a WebPushSender API ?
>>
>> On Tue, Jul 26, 2016 at 12:10 PM, Matthias Wessendorf <matzew at apache.org>
>> wrote:
>>
>>> hrm, not sure I am that happy about these requirements :)
>>>
>>> I guess we also need to change our data access layer to not just return
>>> tokens, but a more complex object, containing token, key and secret  - hrm
>>> :)
>>>
>>> On Mon, Jul 25, 2016 at 3:19 AM, Idel Pivnitskiy <
>>> idel.pivnitskiy at gmail.com> wrote:
>>>
>>>> Hi all,
>>>>
>>>> As we discussed previously, Firefox already supports sending push
>>>> message data to browser if it will be encrypted. Since version 50, Google
>>>> Chrome also support it [1]. But it requires for UPS to store "public key"
>>>> and "auth secret" for each Installation [2]. See current example of sending
>>>> push notifications with a payload[3].
>>>>
>>>> Storing of two additional fields is not a big deal. But we also have to
>>>> refactor PushNotificationSender [4], because it consumes a collection
>>>> of device tokens as a param instead of a collection of installations.
>>>>
>>>> Any thoughts about how we can implement it with minimal changes?
>>>>
>>>> [1] https://developer.mozilla.org/en-US/docs/Web/API/PushMessageData
>>>> [2] https://github.com/aerogear/aerogear-unifiedpush-
>>>> server/blob/master/model/api/src/main/java/org/jboss/
>>>> aerogear/unifiedpush/api/Installation.java
>>>> [3] https://serviceworke.rs/push-payload_index_doc.html
>>>> [4] https://github.com/aerogear/aerogear-unifiedpush-
>>>> server/blob/master/push/sender/src/main/java/org/
>>>> jboss/aerogear/unifiedpush/message/sender/PushNotificationSender.java
>>>>
>>>> Best regards,
>>>> Idel Pivnitskiy
>>>> --
>>>> Twitter: @idelpivnitskiy <https://twitter.com/idelpivnitskiy>
>>>> GitHub: @idelpivnitskiy <https://github.com/idelpivnitskiy>
>>>>
>>>> _______________________________________________
>>>> aerogear-dev mailing list
>>>> aerogear-dev at lists.jboss.org
>>>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>>>>
>>>
>>>
>>>
>>> --
>>> Matthias Wessendorf
>>>
>>> blog: http://matthiaswessendorf.wordpress.com/
>>> twitter: http://twitter.com/mwessendorf
>>>
>>
>>
>>
>> --
>> Matthias Wessendorf
>>
>> blog: http://matthiaswessendorf.wordpress.com/
>> twitter: http://twitter.com/mwessendorf
>>
>> _______________________________________________
>> aerogear-dev mailing list
>> aerogear-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/aerogear-dev/attachments/20160822/0bee60c8/attachment-0001.html

More information about the aerogear-dev mailing list