bugzilla.mozilla.org has resumed normal operation. Attachments prior to 2014 will be unavailable for a few days. This is tracked in Bug 1475801.
Please report any other irregularities here.

Make autopush tunnel whitelisted encryption headers to GCM router

RESOLVED FIXED

Status

Cloud Services
SimplePush
RESOLVED FIXED
3 years ago
3 years ago

People

(Reporter: nalexander, Assigned: jrconlin)

Tracking

(Blocks: 1 bug)

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment)

(Reporter)

Description

3 years ago
This is part of the autopush GCM endpoint described at https://docs.google.com/document/d/1VNFJ46TZb3q_oqpV0hOGRJAZJI_RM4sd-GcXA5k9xGU/edit.

The desired behaviour is:
* if notification body is empty, no headers are tunneled (and all headers are ignored).
* if notification body is not empty, Content-Encoding, Encryption, and Encryption-Key are required.  Each is tunneled through GCM, re-mapped to reduce payload size as follows:

Content-Encoding => con
Encryption => enc
Encryption-Key => enckey
(Reporter)

Comment 1

3 years ago
In addition: let's standardize on "chid" and "ver" for the channel ID and version, respectively.

And: if a required header is not present, return a 400 Bad Request.
(Reporter)

Comment 2

3 years ago
Created attachment 8689224 [details] [review]
Link to Github pull-request: https://github.com/mozilla-services/autopush/pull/251
Attachment #8689224 - Flags: review?(jrconlin)
(Assignee)

Updated

3 years ago
Attachment #8689224 - Flags: review?(jrconlin)
(Reporter)

Comment 4

3 years ago
This appears to be in place.  We now tunnel enc, enckey, and the message body in the message bundle.

However, we do need to encode (Base64, pending further discussion?) message bodies; this is being tracked in https://github.com/mozilla-services/autopush/pull/290.  We'll close this out when that lands.
(Reporter)

Comment 5

3 years ago
(In reply to Nick Alexander :nalexander from comment #4)
> This appears to be in place.  We now tunnel enc, enckey, and the message
> body in the message bundle.
> 
> However, we do need to encode (Base64, pending further discussion?) message
> bodies; this is being tracked in
> https://github.com/mozilla-services/autopush/pull/290.  We'll close this out
> when that lands.

Sadly, this landed but is not functional.

nalexander@chocho ~/D/complete> echo -ne "\x93\x31\xd6\xb0\x02\xfa\x7e\x07\x0c\x3e\x14\x99\x74\xae\xb1\x52\x28\xd1\x2d\xde\xd9\xbf\x41\x98\x30\x30\x74\xf4\xc4\x3b\x4d\x38\x15\x33\xee\x54" > encrypted.data;curl -v -X POST https://updates-autopush-dev.stage.mozaws.net/push/gAAAAABWnVKcJu8bzubrL26scC6Fi2che7fhLswFJgJdzMgw28CHn_p8PLVbKNRwphXkiI7HHECXVmwN3EF0BpnVae_QL11DkbYT33uj5vuLQStFY1wf5MbB9c-HsdxW9d_bcTd37Cb17_BAjX5t9k-VprwDaOC0J4-e0OgCeNaUBUj6DVsxEbE=  -H "encryption-key: keyid=p256dh;dh=BLzZdZRf1Ai1Furdi224O27WqjUYOx84Gf8U5CdmMch0cBRCipdm4UVIm_wnLDgagcN8uHQvCDMBNImS2nBh0Vw" -H "encryption: keyid=p256dh;salt=WBYoezG8koSYw6ziAQldQA" -H "content-encoding: aesgcm128" --data-binary @encrypted.data
*   Trying 54.88.201.251...
* Connected to updates-autopush-dev.stage.mozaws.net (54.88.201.251) port 443 (#0)
* TLS 1.2 connection using TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
* Server certificate: *.stage.mozaws.net
* Server certificate: DigiCert SHA2 Secure Server CA
* Server certificate: DigiCert Global Root CA
> POST /push/gAAAAABWnVKcJu8bzubrL26scC6Fi2che7fhLswFJgJdzMgw28CHn_p8PLVbKNRwphXkiI7HHECXVmwN3EF0BpnVae_QL11DkbYT33uj5vuLQStFY1wf5MbB9c-HsdxW9d_bcTd37Cb17_BAjX5t9k-VprwDaOC0J4-e0OgCeNaUBUj6DVsxEbE= HTTP/1.1
> Host: updates-autopush-dev.stage.mozaws.net
> User-Agent: curl/7.43.0
> Accept: */*
> encryption-key: keyid=p256dh;dh=BLzZdZRf1Ai1Furdi224O27WqjUYOx84Gf8U5CdmMch0cBRCipdm4UVIm_wnLDgagcN8uHQvCDMBNImS2nBh0Vw
> encryption: keyid=p256dh;salt=WBYoezG8koSYw6ziAQldQA
> content-encoding: aesgcm128
> Content-Length: 36
> Content-Type: application/x-www-form-urlencoded
>
* upload completely sent off: 36 out of 36 bytes
< HTTP/1.1 500 Internal Server Error
< Access-Control-Allow-Headers: content-encoding,encryption,crypto-key,encryption-key,content-type
< Access-Control-Allow-Methods: POST,PUT
< Access-Control-Allow-Origin: *
< Access-Control-Expose-Headers: location
< Content-Type: application/json
< Date: Mon, 18 Jan 2016 21:03:02 GMT
< Server: cyclone/1.1
< Content-Length: 199
< Connection: keep-alive
<
* Connection #0 to host updates-autopush-dev.stage.mozaws.net left intact
{"errno": 999, "message": "Unhandled exception in GCM Routing: Field \"data\" must be a JSON array: kzHWsAL6fgcMPhSZdK6xUijRLd7Zv0GYMDB09MQ7TTgVM-5U\n", "code": 500, "error": "Internal Server Error"}⏎

jrconlin: over to you.
Assignee: nobody → jrconlin
Status: NEW → ASSIGNED
Flags: needinfo?(jrconlin)
(Assignee)

Comment 6

3 years ago
Fixed as part of https://github.com/mozilla-services/autopush/pull/298
Flags: needinfo?(jrconlin)
(Reporter)

Comment 7

3 years ago
This appears to be fixed \o/
Status: ASSIGNED → RESOLVED
Last Resolved: 3 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.