Allow Vapid header to include expiration.

coryjthompson · coryjthompson · commit 05c1dbb88033 · 2019-03-16T16:56:06.000+11:00
diff --git a/WebPush.Test/VapidHelperTest.cs b/WebPush.Test/VapidHelperTest.cs
@@ -41,8 +41,8 @@ public void TestGenerateVapidKeysNoCache()
         public void TestGetVapidHeaders()
         {
             var publicKey = TestPublicKey;
-            var privatekey = TestPrivateKey;
-            var headers = VapidHelper.GetVapidHeaders(ValidAudience, ValidSubject, publicKey, privatekey);
+            var privateKey = TestPrivateKey;
+            var headers = VapidHelper.GetVapidHeaders(ValidAudience, ValidSubject, publicKey, privateKey);
 
             Assert.IsTrue(headers.ContainsKey(@"Authorization"));
             Assert.IsTrue(headers.ContainsKey(@"Crypto-Key"));
@@ -52,54 +52,68 @@ public void TestGetVapidHeaders()
         public void TestGetVapidHeadersAudienceNotAUrl()
         {
             var publicKey = TestPublicKey;
-            var privatekey = TestPrivateKey;
+            var privateKey = TestPrivateKey;
             Assert.ThrowsException<ArgumentException>(
                 delegate
                 {
-                    VapidHelper.GetVapidHeaders("invalid audience", ValidSubjectMailto, publicKey, privatekey);
+                    VapidHelper.GetVapidHeaders("invalid audience", ValidSubjectMailto, publicKey, privateKey);
                 });
         }
 
         [TestMethod]
         public void TestGetVapidHeadersInvalidPrivateKey()
         {
             var publicKey = UrlBase64.Encode(new byte[65]);
-            var privatekey = UrlBase64.Encode(new byte[1]);
+            var privateKey = UrlBase64.Encode(new byte[1]);
 
             Assert.ThrowsException<ArgumentException>(
-                delegate { VapidHelper.GetVapidHeaders(ValidAudience, ValidSubject, publicKey, privatekey); });
+                delegate { VapidHelper.GetVapidHeaders(ValidAudience, ValidSubject, publicKey, privateKey); });
         }
 
         [TestMethod]
         public void TestGetVapidHeadersInvalidPublicKey()
         {
             var publicKey = UrlBase64.Encode(new byte[1]);
-            var privatekey = UrlBase64.Encode(new byte[32]);
+            var privateKey = UrlBase64.Encode(new byte[32]);
 
             Assert.ThrowsException<ArgumentException>(
-                delegate { VapidHelper.GetVapidHeaders(ValidAudience, ValidSubject, publicKey, privatekey); });
+                delegate { VapidHelper.GetVapidHeaders(ValidAudience, ValidSubject, publicKey, privateKey); });
         }
 
         [TestMethod]
         public void TestGetVapidHeadersSubjectNotAUrlOrMailTo()
         {
             var publicKey = TestPublicKey;
-            var privatekey = TestPrivateKey;
+            var privateKey = TestPrivateKey;
 
             Assert.ThrowsException<ArgumentException>(
-                delegate { VapidHelper.GetVapidHeaders(ValidAudience, @"invalid subject", publicKey, privatekey); });
+                delegate { VapidHelper.GetVapidHeaders(ValidAudience, @"invalid subject", publicKey, privateKey); });
         }
 
         [TestMethod]
         public void TestGetVapidHeadersWithMailToSubject()
         {
             var publicKey = TestPublicKey;
-            var privatekey = TestPrivateKey;
+            var privateKey = TestPrivateKey;
             var headers = VapidHelper.GetVapidHeaders(ValidAudience, ValidSubjectMailto, publicKey,
-                privatekey);
+                privateKey);
 
             Assert.IsTrue(headers.ContainsKey(@"Authorization"));
             Assert.IsTrue(headers.ContainsKey(@"Crypto-Key"));
         }
+
+        [TestMethod]
+        public void TestExpirationInPastExceptions()
+        {
+            var publicKey = TestPublicKey;
+            var privateKey = TestPrivateKey;
+
+            Assert.ThrowsException<ArgumentException>(
+                delegate
+                {
+                    VapidHelper.GetVapidHeaders(ValidAudience, ValidSubjectMailto, publicKey,
+                        privateKey, 1552715607);
+                });
+        }
     }
 }
diff --git a/WebPush/Model/VapidDetails.cs b/WebPush/Model/VapidDetails.cs
@@ -19,5 +19,7 @@ public VapidDetails(string subject, string publicKey, string privateKey)
         public string Subject { get; set; }
         public string PublicKey { get; set; }
         public string PrivateKey { get; set; }
+
+        public long Expiration { get; set; } = -1;
     }
 }
diff --git a/WebPush/VapidHelper.cs b/WebPush/VapidHelper.cs
@@ -48,6 +48,11 @@ public static Dictionary<string, string> GetVapidHeaders(string audience, string
             {
                 expiration = UnixTimeNow() + 43200;
             }
+            else
+            {
+                ValidateExpiration(expiration);                
+            }
+
 
             var header = new Dictionary<string, object> {{"typ", "JWT"}, {"alg", "ES256"}};
 
@@ -136,6 +141,14 @@ public static void ValidatePrivateKey(string privateKey)
             }
         }
 
+        private static void ValidateExpiration(long expiration)
+        {
+            if (expiration <= UnixTimeNow())
+            {
+                throw new ArgumentException(@"Vapid expiration must be a unix timestamp in the future");
+            }
+        }
+
         private static long UnixTimeNow()
         {
             var timeSpan = DateTime.UtcNow - new DateTime(1970, 1, 1, 0, 0, 0);
diff --git a/WebPush/WebPushClient.cs b/WebPush/WebPushClient.cs
@@ -230,7 +230,7 @@ public HttpRequestMessage GenerateRequestDetails(PushSubscription subscription,
                 var audience = uri.Scheme + @"://" + uri.Host;
 
                 var vapidHeaders = VapidHelper.GetVapidHeaders(audience, currentVapidDetails.Subject,
-                    currentVapidDetails.PublicKey, currentVapidDetails.PrivateKey);
+                    currentVapidDetails.PublicKey, currentVapidDetails.PrivateKey, currentVapidDetails.Expiration);
                 request.Headers.Add(@"Authorization", vapidHeaders["Authorization"]);
                 if (string.IsNullOrEmpty(cryptoKeyHeader))
                 {

Original file line number	Diff line number	Diff line change
`@@ -19,5 +19,7 @@ public VapidDetails(string subject, string publicKey, string privateKey)`
`19`	`19`	`public string Subject { get; set; }`
`20`	`20`	`public string PublicKey { get; set; }`
`21`	`21`	`public string PrivateKey { get; set; }`
	`22`	`+`
	`23`	`+ public long Expiration { get; set; } = -1;`
`22`	`24`	`}`
`23`	`25`	`}`
Original file line number	Diff line number	Diff line change
`@@ -48,6 +48,11 @@ public static Dictionary<string, string> GetVapidHeaders(string audience, string`
`48`	`48`	`{`
`49`	`49`	`expiration = UnixTimeNow() + 43200;`
`50`	`50`	`}`
	`51`	`+ else`
	`52`	`+ {`
	`53`	`+ ValidateExpiration(expiration);`
	`54`	`+ }`
	`55`	`+`
`51`	`56`
`52`	`57`	`var header = new Dictionary<string, object> {{"typ", "JWT"}, {"alg", "ES256"}};`
`53`	`58`
`@@ -136,6 +141,14 @@ public static void ValidatePrivateKey(string privateKey)`
`136`	`141`	`}`
`137`	`142`	`}`
`138`	`143`
	`144`	`+ private static void ValidateExpiration(long expiration)`
	`145`	`+ {`
	`146`	`+ if (expiration <= UnixTimeNow())`
	`147`	`+ {`
	`148`	`+ throw new ArgumentException(@"Vapid expiration must be a unix timestamp in the future");`
	`149`	`+ }`
	`150`	`+ }`
	`151`	`+`
`139`	`152`	`private static long UnixTimeNow()`
`140`	`153`	`{`
`141`	`154`	`var timeSpan = DateTime.UtcNow - new DateTime(1970, 1, 1, 0, 0, 0);`
Original file line number	Diff line number	Diff line change
`@@ -230,7 +230,7 @@ public HttpRequestMessage GenerateRequestDetails(PushSubscription subscription,`
`230`	`230`	`var audience = uri.Scheme + @"://" + uri.Host;`
`231`	`231`
`232`	`232`	`var vapidHeaders = VapidHelper.GetVapidHeaders(audience, currentVapidDetails.Subject,`
`233`		`- currentVapidDetails.PublicKey, currentVapidDetails.PrivateKey);`
	`233`	`+ currentVapidDetails.PublicKey, currentVapidDetails.PrivateKey, currentVapidDetails.Expiration);`
`234`	`234`	`request.Headers.Add(@"Authorization", vapidHeaders["Authorization"]);`
`235`	`235`	`if (string.IsNullOrEmpty(cryptoKeyHeader))`
`236`	`236`	`{`