Make lib more performant by allowing to provide local key objects and…

[marcvdm]

This pull request adds the ability to generate the local keys before hand and provide them to the WebPush client. This way it does not generate a new local key object for each notification.

This also opens the possibility to generate the shared secret before hand so that this is also skipped when you send the notification.

Here is an example:

Generate the local public and private key and store them

use Jose\Component\Core\Util\Ecc\NistCurve;
use Minishlink\WebPush\Encryption;
use Minishlink\WebPush\Utils;
use Base64Url\Base64Url;

[$localPublicKeyObject, $localPrivateKeyObject] = Encryption::createLocalKeyObject();

// Store these variables
$localPublicKey = Base64Url::encode(Utils::serializePublicKey($localPublicKeyObject));
$localPrivateKey = Base64Url::encode(Utils::serializePrivateKey($localPrivateKeyObject));

When a user subscribes we generate the shared secret and store it with all the other info

use Minishlink\WebPush\Encryption;
use Minishlink\WebPush\Utils;
use Base64Url\Base64Url;

$localPrivateKey = Base64Url::decode('storedLocalPrivateKey');
$userPublicKey = "TheUsersPublicKey";

// Store the shared secret with the subscription
$sharedSecret = Encryption::createSharedSecret($userPublicKey, Utils::unserializePrivateKey($localPrivateKey));

When you want to send a notification

use Minishlink\WebPush\Encryption;
use Minishlink\WebPush\Utils;
use Base64Url\Base64Url;

$localPublicKey = 'storedLocalPublicKey';
$localPrivateKey = 'storedLocalPrivateKey';

$webPush = new WebPush();
$webPush->setLocalKeys($localPublicKey, $localPrivateKey);

$endpoint = 'endpoint'; // From your data store
$publicKey = 'publicKey'; // From your data store
$authToken = 'authToken'; // From your data store
$contentEncoding= 'contentEncoding'; // From your data store
$sharedSecret = 'sharedSecret'; // From your data store, previously created

$subscriptions = new Subscription($endpoint, $publicKey, $authToken, $contentEncoding, $sharedSecret);

$webPush->sendNotification($subscription, '{"test":"payload"}');

[marcvdm]

This is a rebased merge request based on #222

[marcvdm]

Any way we can move this forward?

[ryancco]

Hey @marcvdm, trying to make sense of some of the encryption logic in my working branch right now and I've hit a wall with some of it. For instance, I've noticed we're prefixing a string value of '04' to the generated public key, and I'm not entirely sure as to why. You seem to have a pretty strong grasp on this stuff, I'd love to get your eyes over on https://github.com/ryancco/web-push-php/pull/15 to hopefully get these above changes pulled in to #236.

I would be willing to chat over Gitter (Slack, email, Discord also will work!) should you be interested and have any questions, too!

[marcvdm]

The string '04' means that the key is uncompressed. OpenSSL returns this if the public key is uncompressed. 0x03 or 0x02 means that the publickKey is compressed.

[ryancco]

The string '04' means that the key is uncompressed. OpenSSL returns this if the public key is uncompressed. 0x03 or 0x02 means that the publickKey is compressed.

Ah, thank you! One more question if you wouldn't mind; why do we bother with base64[url] encoding private/public key pairs? I imagine that these are coming from the consuming code's persistence layer, and as far as the library is concerned shouldn't care to encode/decode these values - but I could very well be missing something.