小编bru*_*uha的帖子

我正在为带有VAPID和有效负载加密的WebPush开发纯java实现(我已经为GCM和FCM实现了).然而,文档仍然是边缘的,代码样本仍然不重要.此刻,我正试图让它在Chrome中运行.尽管我使用VAPID获得了成功的订阅,当我发送Tickle或Payload推送消息时,我得到400 UnauthorizedRegistration.我的猜测是它与授权头或Crypto-Key头有关.这是我到目前为止发送的Tickle(没有有效载荷的推送通知):

URL: https://fcm.googleapis.com/fcm/send/xxxxx:xxxxxxxxxxx...
Action: POST/PUT (Both give same result)
With headers:
    Authorization: Bearer URLBase64(JWT_HEAD).URLBase64(JWT_Payload).SIGN
    Crypto-Key: p265ecdsa=X9.62(PublicKey)
    Content-Type: "text/plain;charset=utf8"
    Content-Length: 0
    TTL: 120

JWT_HEAD="{\"typ\":\"JWT\",\"alg\":\"ES256\"}"
JWT_Payload={
    aud: "https://fcm.googleapis.com",
    exp: (System.currentTimeMillis() / 1000) + (60 * 60 * 12)),
    sub: "mailto:webpush@mydomain.com"
}
SIGN = the "SHA256withECDSA" signature algorithm over: "URLBase64(JWT_HEAD).URLBase64(JWT_Payload)"

我已经从JWT中的两个JSON中删除了空白,因为规范并不十分清楚空白使用,这似乎是最安全的事情.签名在再次将x9.62解码为ECPoint后验证,因此publicKey似乎是有效编码的.但是我一直得到回应:

<HTML><HEAD><TITLE>UnauthorizedRegistration</TITLE></HEAD><BODY BGCOLOR="#FFFFFF" TEXT="#000000"><H1>UnauthorizedRegistration</H1><H2>Error 400</H2></BODY></HTML>

根据FCM文档,这仅在发生JSON错误时发生,但我觉得规范根本不包括WebPush.现在我已经尝试了Java加密提供程序中的构建,BC也产生了相同的结果.

一些代码片段用于澄清:

KeyGeneration:

KeyPairGenerator keyGen = KeyPairGenerator.getInstance("EC", "BC");
ECGenParameterSpec spec = new ECGenParameterSpec("secp256r1");
keyGen.initialize(spec, secureRandom);
KeyPair vapidPair = keyGen.generateKeyPair();

ECPublicKey到x9.62:

public byte[] toUncompressedPoint(ECPublicKey publicKey){
    final ECPoint publicPoint …

我有一个服务工作者从服务器获取多个通知.问题是Chrome中的所有通知都会自动关闭,但最后一个通知除外.我究竟做错了什么？

self.addEventListener('push', function(event) {
var subscriptionId;
var sessionId;
var notification = {};

event.waitUntil(
    self.registration.pushManager.getSubscription().then(function(subscription) {
        subscriptionId = subscription.endpoint.split('/');
        subscriptionId = subscriptionId[subscriptionId.length - 1];

        notification.title = 'Yay a message.';
        notification.icon = '/app/img/icon-256x256.png';
        notification.tag = 'notification-tag-' + (new Date)*1;
        notification.messages = [];

        //get context
        fetch(requestUrl,
            {
                method: 'post',
                body: body
            }).then(function(response) {
                response.json().then(function(data) {
                    sessionId = response.headers.get('SessionId');
                    fetch(requestUrl + '?SessionId=' + sessionId, {
                        method: 'post',
                        headers: JSON.stringify({
                            'Content-Type': 'application/json'
                        }),
                        body: JSON.stringify({
                            data: {
                                subscriberId: subscriptionId
                            }
                        })
                    }).then(function(responce) {
                        responce.json().then(function(data) { …