first commit

Author: zaru

.gitignore

@@ -0,0 +1,9 @@
+/.bundle/
+/.yardoc
+/Gemfile.lock
+/_yardoc/
+/coverage/
+/doc/
+/pkg/
+/spec/reports/
+/tmp/

.idea/.name

@@ -0,0 +1,2 @@
+--format documentation
+--color

.idea/.rakeTasks

@@ -0,0 +1,4 @@
+language: ruby
+rvm:
+  - 2.3.0
+before_install: gem install bundler -v 1.11.2

.idea/misc.xml

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in webpush.gemspec
+gemspec

.idea/modules.xml

@@ -0,0 +1,39 @@
+# WebPush
+
+This Gem will send the Web Push API. It supports the encryption necessary to payload.
+
+Payload is supported by Chrome50+.
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'webpush'
+```
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install webpush
+
+## Usage
+
+```
+message = {
+  hoge: "piyo"
+}
+
+Webpush.payload_send(message: JSON.generate(message),
+                     endpoint: "https://android.googleapis.com/gcm/send/eah7hak....",
+                     p256dh: "BO/aG9nYXNkZmFkc2ZmZHNmYWRzZmFl...",
+                     auth: "aW1hcmthcmFpa3V6ZQ==",
+                     api_key: "[GoogleDeveloper APIKEY]")
+```
+
+## Contributing
+
+Bug reports and pull requests are welcome on GitHub at https://github.com/[USERNAME]/webpush.

.idea/vcs.xml

@@ -0,0 +1,6 @@
+require "bundler/gem_tasks"
+require "rspec/core/rake_task"
+
+RSpec::Core::RakeTask.new(:spec)
+
+task :default => :spec

.idea/webpush.iml

@@ -0,0 +1,14 @@
+#!/usr/bin/env ruby
+
+require "bundler/setup"
+require "webpush"
+
+# You can add fixtures and/or initialization code here to make experimenting
+# with your gem easier. You can also use a different console, if you like.
+
+# (If you use this, don't forget to add pry to your Gemfile!)
+# require "pry"
+# Pry.start
+
+require "irb"
+IRB.start

.idea/workspace.xml

@@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+set -euo pipefail
+IFS=$'\n\t'
+set -vx
+
+bundle install
+
+# Do any other automated setup that you need to do here

.rspec

@@ -0,0 +1,125 @@
+require 'webpush/version'
+require 'openssl'
+require 'base64'
+require 'hkdf'
+require 'net/http'
+require 'json'
+
+module Webpush
+
+  # It is temporary URL until supported by the GCM server.
+  GCM_URL = 'https://android.googleapis.com/gcm/send'
+  TEMP_GCM_URL = 'https://gcm-http.googleapis.com/gcm'
+
+  class << self
+    def payload_send(message:, endpoint:, p256dh:, auth:, api_key:)
+      endpoint = endpoint.gsub(GCM_URL, TEMP_GCM_URL)
+      p256dh = unescape_base64(p256dh)
+      auth = unescape_base64(auth)
+
+      payload = encrypt(message, p256dh, auth)
+      gcm_post(endpoint, payload, api_key)
+    end
+
+    private
+
+    def gcm_post(endpoint, payload, api_key)
+      begin
+        uri = URI.parse(endpoint)
+        http = Net::HTTP.new(uri.host, uri.port)
+        http.use_ssl = true
+        http.verify_mode = OpenSSL::SSL::VERIFY_NONE
+        header = {
+          "Encryption" => "salt=#{Base64.urlsafe_encode64(payload[:salt]).delete('=')}",
+          "Crypto-Key" => "dh=#{Base64.urlsafe_encode64(payload[:server_public_key_bn]).delete('=')}",
+          "Authorization" => "key=#{api_key}"
+        }
+        req = Net::HTTP::Post.new(uri.request_uri, header)
+        req.body = payload[:ciphertext]
+        res = http.request(req)
+        return ("201" == res.code) ? true : false
+      rescue
+        return false
+      end
+    end
+
+    def encrypt(message, p256dh, auth)
+      group_name = "prime256v1"
+      salt = Random.new.bytes(16)
+
+      server = OpenSSL::PKey::EC.new(group_name)
+      server.generate_key
+      server_public_key_bn = server.public_key.to_bn
+
+      group = OpenSSL::PKey::EC::Group.new(group_name)
+      client_public_key_hex = Base64.decode64(p256dh).unpack("H*").first
+      client_public_key_bn = OpenSSL::BN.new(client_public_key_hex, 16)
+      client_public_key = OpenSSL::PKey::EC::Point.new(group, client_public_key_bn)
+
+      shared_secret = server.dh_compute_key(client_public_key)
+
+      clientAuthToken = Base64.decode64(auth)
+
+      prk = HKDF.new(shared_secret, :salt => clientAuthToken, :algorithm => 'SHA256', :info => "Content-Encoding: auth\0").next_bytes(32)
+
+      context = create_context(client_public_key_bn, server_public_key_bn)
+
+      content_encryption_key_info = create_info('aesgcm', context)
+      content_encryption_key = HKDF.new(prk, :salt => salt, :info => content_encryption_key_info).next_bytes(16)
+
+      nonce_info = create_info('nonce', context)
+      nonce = HKDF.new(prk, :salt => salt, :info => nonce_info).next_bytes(12)
+
+      ciphertext = encrypt_payload(message, content_encryption_key, nonce)
+
+      {
+        ciphertext: ciphertext,
+        salt: salt,
+        server_public_key_bn: convert16bit(server_public_key_bn)
+      }
+    end
+
+    def create_context(clientPublicKey, serverPublicKey)
+      c = convert16bit(clientPublicKey)
+      s = convert16bit(serverPublicKey)
+      context = "\0"
+      context += [c.bytesize].pack("n*")
+      context += c
+      context += [s.bytesize].pack("n*")
+      context += s
+      context
+    end
+
+    def encrypt_payload(plaintext, content_encryption_key, nonce)
+      cipher = OpenSSL::Cipher.new('aes-128-gcm')
+      cipher.encrypt
+      cipher.key = content_encryption_key
+      cipher.iv = nonce
+      padding = cipher.update("\0\0")
+      text = cipher.update(plaintext)
+
+      e_text = padding + text + cipher.final
+      e_tag = cipher.auth_tag
+
+      e_text + e_tag
+    end
+
+    def create_info(type, context)
+      info = "Content-Encoding: "
+      info += type
+      info += "\0"
+      info += "P-256"
+      info += context
+      info
+    end
+
+    def convert16bit(key)
+      [key.to_s(16)].pack("H*")
+    end
+
+    def unescape_base64(base64)
+      base64.gsub(/_|\-/, "_" => "/", "-" => "+")
+    end
+  end
+
+end

.travis.yml

@@ -0,0 +1,3 @@
+module Webpush
+  VERSION = "0.1.1"
+end

Gemfile

@@ -0,0 +1,2 @@
+$LOAD_PATH.unshift File.expand_path('../../lib', __FILE__)
+require 'webpush'

README.md

@@ -0,0 +1,11 @@
+require 'spec_helper'
+
+describe Webpush do
+  it 'has a version number' do
+    expect(Webpush::VERSION).not_to be nil
+  end
+
+  it 'does something useful' do
+    expect(false).to eq(true)
+  end
+end

Rakefile

@@ -0,0 +1,24 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'webpush/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = "webpush"
+  spec.version       = Webpush::VERSION
+  spec.authors       = ["zaru@sakuraba"]
+  spec.email         = ["[email protected]"]
+
+  spec.summary       = %q{Encryption Utilities for Web Push payload. }
+  spec.homepage      = "https://github.com/zaru/webpush"
+
+  spec.files         = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
+  spec.bindir        = "exe"
+  spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
+  spec.require_paths = ["lib"]
+
+  spec.add_development_dependency "bundler", "~> 1.11"
+  spec.add_development_dependency "rake", "~> 10.0"
+  spec.add_development_dependency "rspec", "~> 3.0"
+  spec.add_development_dependency "hkdf", "~> 0.2"
+end