Generate the VAPID public key in Rails and pass it to Javascript

2.7k views Asked by At

In order to use the Push API with VAPID I need an applicationServerKey:

serviceWorkerRegistration.pushManager.subscribe({
  userVisibleOnly: true,
  applicationServerKey: applicationServerKey // we've got it with getApplicationServerKey() defined below
});

I generate it on the server side with Ruby:

ecdsa_private_key = OpenSSL::PKey::EC.new 'prime256v1'
ecdsa_private_key.generate_key
sender.vapid_private_key = ecdsa_private_key.to_pem

ecdsa_public_key = OpenSSL::PKey::EC.new ecdsa_private_key
ecdsa_public_key.private_key = nil
sender.vapid_public_key = ecdsa_public_key.to_pem

Then I have to download it:

getApplicationServerKey: function () {
  return new Promise(function (resolve, reject) {
    var request = new Request('https://example.com/application_server_key');
    fetch(request).then(function (response) {
      response.text().then(function (base64) {
        resolve(_.base64ToArrayBuffer(base64));
      });
    });
  });
},
base64ToArrayBuffer: function (base64) {
  var binary_string = window.atob(base64);
  var len = binary_string.length;
  var bytes = new Uint8Array(len);
  for (var i = 0; i < len; i++) {
      bytes[i] = binary_string.charCodeAt(i);
  }
  return bytes.buffer;
}

The key is returned as a base64 string from the controller:

ecdsa_public_key = OpenSSL::PKey.read @sender.vapid_public_key
base64 = Base64.encode64(ecdsa_public_key.public_key.to_bn.to_s(2))
render text: base64

The problem is that Firefox returns this error when I call pushManager.subscribe:

DOMException [InvalidAccessError: "Invalid raw ECDSA P-256 public key."
code: 15
nsresult: 0x8053000f]

Any help is appreciated.

UPDATE: it's driving me crazy... I've also tried encoding / decoding with hex instead of base64, but I get the same error.

From Ruby:

$ ecdsa_public_key.to_text
=> "Private-Key: (256 bit)\npub: \n
04:28:a9:89:be:8a:a8:f2:f1:bf:ed:04:d2:28:e9:\n
70:e9:b7:f3:8c:3c:f7:20:dc:95:30:1a:72:77:66:\n
09:0d:29:f6:6c:6c:c8:45:6e:da:ac:05:d6:ff:43:\n
9a:66:d0:c3:4c:bc:4a:0f:a3:ad:e8:23:33:22:40:\n
20:9e:de:14:56\n
ASN1 OID: prime256v1\n
NIST CURVE: P-256\n"

$ ecdsa_public_key.public_key.to_bn.to_s 16
=> "0428A989BE8AA8F2F1BFED04D228E970E9B7F38C3CF720DC95301A727766090D29F66C6CC8456EDAAC05D6FF439A66D0C34CBC4A0FA3ADE823332240209EDE1456"

As you can see it is a P-256 key (I don't know why it says Private-Key instead of Public Key, but, as you can see from the code that generates it, it is a public key).

Then I download the hex string with Javascript fetch and this is what I get:

0428A989BE8AA8F2F1BFED04D228E970E9B7F38C3CF720DC95301A727766090D29F66C6CC8456EDAAC05D6FF439A66D0C34CBC4A0FA3ADE823332240209EDE1456

Array [ "04", "28", "A9", "89", "BE", "8A", "A8", "F2", "F1", "BF", 55 more… ]

Uint8Array [ 4, 40, 169, 137, 190, 138, 168, 242, 241, 191, 55 more… ]

ArrayBuffer { byteLength: 65 } // I get it by calling .buffer on the Uint8Array

DOMException [InvalidAccessError: "Invalid raw ECDSA P-256 public key."
code: 15
nsresult: 0x8053000f]

As you can see from the intermediate steps that I print in the console, the key is processed correctly. However I still get that error...

UPDATE 2: The same code works successfully in Chrome: I managed to send a notification using VAPID. It's probably a Firefox bug.

1

There are 1 answers

0
collimarco On

I solved by removing .buffer.

Now I pass the Uint8Array directly to subscribe (instead of array.buffer) and it works both on Chrome and Firefox.