[aerogear-dev] Push message encryption to support PushMessageData of Push API

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

[aerogear-dev] Push message encryption to support PushMessageData of Push API

Idel Pivnitskiy
Hi all,

As we discussed previously, Firefox already supports sending push message data to browser if it will be encrypted. Since version 50, Google Chrome also support it [1]. But it requires for UPS to store "public key" and "auth secret" for each Installation [2]. See current example of sending push notifications with a payload[3].

Storing of two additional fields is not a big deal. But we also have to refactor PushNotificationSender [4], because it consumes a collection of device tokens as a param instead of a collection of installations.

Any thoughts about how we can implement it with minimal changes?


Best regards,
Idel Pivnitskiy
--

_______________________________________________
aerogear-dev mailing list
[hidden email]
https://lists.jboss.org/mailman/listinfo/aerogear-dev
Reply | Threaded
Open this post in threaded view
|

Re: [aerogear-dev] Push message encryption to support PushMessageData of Push API

mischa

Hi,

 

don't insist on minimal changes :-)

 

you are modelling the message to send as one object and the recipients as two other (variant and tokens) parameters. it would be a natural enhancement to model the receivers in one object or - more similar to other apis like javax.mail - to integrate the receivers specification in the message object.

 

 

Regards,

Mischa

 

Von: [hidden email] [mailto:[hidden email]] Im Auftrag von Idel Pivnitskiy
Gesendet: Montag, 25. Juli 2016 03:19
An: AeroGear Developer Mailing List <[hidden email]>
Betreff: [aerogear-dev] Push message encryption to support PushMessageData of Push API

 

Hi all,

 

As we discussed previously, Firefox already supports sending push message data to browser if it will be encrypted. Since version 50, Google Chrome also support it [1]. But it requires for UPS to store "public key" and "auth secret" for each Installation [2]. See current example of sending push notifications with a payload[3].

 

Storing of two additional fields is not a big deal. But we also have to refactor PushNotificationSender [4], because it consumes a collection of device tokens as a param instead of a collection of installations.

 

Any thoughts about how we can implement it with minimal changes?

 


Best regards,

Idel Pivnitskiy

--

GitHub: @idelpivnitskiy


_______________________________________________
aerogear-dev mailing list
[hidden email]
https://lists.jboss.org/mailman/listinfo/aerogear-dev
Reply | Threaded
Open this post in threaded view
|

Re: [aerogear-dev] Push message encryption to support PushMessageData of Push API

Matthias Wessendorf
In reply to this post by Idel Pivnitskiy
hrm, not sure I am that happy about these requirements :)

I guess we also need to change our data access layer to not just return tokens, but a more complex object, containing token, key and secret  - hrm :)

On Mon, Jul 25, 2016 at 3:19 AM, Idel Pivnitskiy <[hidden email]> wrote:
Hi all,

As we discussed previously, Firefox already supports sending push message data to browser if it will be encrypted. Since version 50, Google Chrome also support it [1]. But it requires for UPS to store "public key" and "auth secret" for each Installation [2]. See current example of sending push notifications with a payload[3].

Storing of two additional fields is not a big deal. But we also have to refactor PushNotificationSender [4], because it consumes a collection of device tokens as a param instead of a collection of installations.

Any thoughts about how we can implement it with minimal changes?


Best regards,
Idel Pivnitskiy
--

_______________________________________________
aerogear-dev mailing list
[hidden email]
https://lists.jboss.org/mailman/listinfo/aerogear-dev



--

_______________________________________________
aerogear-dev mailing list
[hidden email]
https://lists.jboss.org/mailman/listinfo/aerogear-dev
Reply | Threaded
Open this post in threaded view
|

Re: [aerogear-dev] Push message encryption to support PushMessageData of Push API

Matthias Wessendorf
perhaps break it down, on the server into two different sending processes ? 
native send (curernt)
wrbpush send ? 

where we would have a WebPushSender API ?  

On Tue, Jul 26, 2016 at 12:10 PM, Matthias Wessendorf <[hidden email]> wrote:
hrm, not sure I am that happy about these requirements :)

I guess we also need to change our data access layer to not just return tokens, but a more complex object, containing token, key and secret  - hrm :)

On Mon, Jul 25, 2016 at 3:19 AM, Idel Pivnitskiy <[hidden email]> wrote:
Hi all,

As we discussed previously, Firefox already supports sending push message data to browser if it will be encrypted. Since version 50, Google Chrome also support it [1]. But it requires for UPS to store "public key" and "auth secret" for each Installation [2]. See current example of sending push notifications with a payload[3].

Storing of two additional fields is not a big deal. But we also have to refactor PushNotificationSender [4], because it consumes a collection of device tokens as a param instead of a collection of installations.

Any thoughts about how we can implement it with minimal changes?


Best regards,
Idel Pivnitskiy
--

_______________________________________________
aerogear-dev mailing list
[hidden email]
https://lists.jboss.org/mailman/listinfo/aerogear-dev



--



--

_______________________________________________
aerogear-dev mailing list
[hidden email]
https://lists.jboss.org/mailman/listinfo/aerogear-dev
Reply | Threaded
Open this post in threaded view
|

Re: [aerogear-dev] Push message encryption to support PushMessageData of Push API

Idel Pivnitskiy
perhaps break it down, on the server into two different sending processes ? 
native send (curernt)
wrbpush send ? 

where we would have a WebPushSender API ?  

Hard to talk about separate unique API for WebPush right now, when here is just two implementations (FCM and MPS) and both of them have not implemented WebPush protocol yet. Think that temporal experimental solution may be enough now. Let's see what can I do today-tomorrow to allow sending push notifications to both (FCM and MPS) providers for WebPush variant [1].


Best regards,
Idel Pivnitskiy
--

On Tue, Jul 26, 2016 at 1:17 PM, Matthias Wessendorf <[hidden email]> wrote:
perhaps break it down, on the server into two different sending processes ? 
native send (curernt)
wrbpush send ? 

where we would have a WebPushSender API ?  

On Tue, Jul 26, 2016 at 12:10 PM, Matthias Wessendorf <[hidden email]> wrote:
hrm, not sure I am that happy about these requirements :)

I guess we also need to change our data access layer to not just return tokens, but a more complex object, containing token, key and secret  - hrm :)

On Mon, Jul 25, 2016 at 3:19 AM, Idel Pivnitskiy <[hidden email]> wrote:
Hi all,

As we discussed previously, Firefox already supports sending push message data to browser if it will be encrypted. Since version 50, Google Chrome also support it [1]. But it requires for UPS to store "public key" and "auth secret" for each Installation [2]. See current example of sending push notifications with a payload[3].

Storing of two additional fields is not a big deal. But we also have to refactor PushNotificationSender [4], because it consumes a collection of device tokens as a param instead of a collection of installations.

Any thoughts about how we can implement it with minimal changes?


Best regards,
Idel Pivnitskiy
--

_______________________________________________
aerogear-dev mailing list
[hidden email]
https://lists.jboss.org/mailman/listinfo/aerogear-dev



--



--

_______________________________________________
aerogear-dev mailing list
[hidden email]
https://lists.jboss.org/mailman/listinfo/aerogear-dev


_______________________________________________
aerogear-dev mailing list
[hidden email]
https://lists.jboss.org/mailman/listinfo/aerogear-dev
Reply | Threaded
Open this post in threaded view
|

Re: [aerogear-dev] Push message encryption to support PushMessageData of Push API

Idel Pivnitskiy
I've implemented encryption of push message payload for WebPush variant. Here are two different solutions for the same problem, which use different libs:
I also updated my previous example for js cookbook. Now it supports push notifications with payloads too: https://github.com/aerogear/aerogear-js-cookbook/pull/16

But I have a problem with java.security and Bouncy Castle provider. When you send a push message, a server gets an exception java.security.InvalidAlgorithmParameterException: parameter object not a ECParameterSpec. For more information and to look at the full stack trace, go to the PRs.

Could anyone look at this and help me to resolve this problem?

Thanks,
Idel Pivnitskiy
--

On Tue, Jul 26, 2016 at 2:01 PM, Idel Pivnitskiy <[hidden email]> wrote:
perhaps break it down, on the server into two different sending processes ? 
native send (curernt)
wrbpush send ? 

where we would have a WebPushSender API ?  

Hard to talk about separate unique API for WebPush right now, when here is just two implementations (FCM and MPS) and both of them have not implemented WebPush protocol yet. Think that temporal experimental solution may be enough now. Let's see what can I do today-tomorrow to allow sending push notifications to both (FCM and MPS) providers for WebPush variant [1].


Best regards,
Idel Pivnitskiy
--

On Tue, Jul 26, 2016 at 1:17 PM, Matthias Wessendorf <[hidden email]> wrote:
perhaps break it down, on the server into two different sending processes ? 
native send (curernt)
wrbpush send ? 

where we would have a WebPushSender API ?  

On Tue, Jul 26, 2016 at 12:10 PM, Matthias Wessendorf <[hidden email]> wrote:
hrm, not sure I am that happy about these requirements :)

I guess we also need to change our data access layer to not just return tokens, but a more complex object, containing token, key and secret  - hrm :)

On Mon, Jul 25, 2016 at 3:19 AM, Idel Pivnitskiy <[hidden email]> wrote:
Hi all,

As we discussed previously, Firefox already supports sending push message data to browser if it will be encrypted. Since version 50, Google Chrome also support it [1]. But it requires for UPS to store "public key" and "auth secret" for each Installation [2]. See current example of sending push notifications with a payload[3].

Storing of two additional fields is not a big deal. But we also have to refactor PushNotificationSender [4], because it consumes a collection of device tokens as a param instead of a collection of installations.

Any thoughts about how we can implement it with minimal changes?


Best regards,
Idel Pivnitskiy
--

_______________________________________________
aerogear-dev mailing list
[hidden email]
https://lists.jboss.org/mailman/listinfo/aerogear-dev



--



--

_______________________________________________
aerogear-dev mailing list
[hidden email]
https://lists.jboss.org/mailman/listinfo/aerogear-dev



_______________________________________________
aerogear-dev mailing list
[hidden email]
https://lists.jboss.org/mailman/listinfo/aerogear-dev