Project-Pro/idpan.poznan.pl
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

first commit

Browse Source
This commit is contained in:
Jacek Pyziak
2026-02-08 21:16:11 +01:00
commit e17b7026fd
8881 changed files with 1160453 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

260
administrator/components/com_akeebabackup/webpush/ECC/BigInteger.php Normal file
View File

@@ -0,0 +1,260 @@
<?php
/**
* Akeeba WebPush
*
* An abstraction layer for easier implementation of WebPush in Joomla components.
*
* @copyright (c) 2022 Akeeba Ltd
* @license GNU GPL v3 or later; see LICENSE.txt
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*/
declare(strict_types=1);
namespace Akeeba\WebPush\ECC;
use Brick\Math\BigInteger as BrickBigInteger;
use InvalidArgumentException;
use function chr;
/**
* This class is copied verbatim from the JWT Framework by Spomky Labs.
*
* You can find the original code at https://github.com/web-token/jwt-framework
*
* The original file has the following copyright notice:
*
* =====================================================================================================================
*
* The MIT License (MIT)
*
* Copyright (c) 2014-2020 Spomky-Labs
*
* This software may be modified and distributed under the terms
* of the MIT license. See the LICENSE-SPOMKY.txt file for details.
*
* =====================================================================================================================
*
* @internal
*/
class BigInteger
{
/**
* Holds the BigInteger's value.
*
* @var BrickBigInteger
*/
private $value;
private function __construct(BrickBigInteger $value)
{
$this->value = $value;
}
/**
* @return BigInteger
*/
public static function createFromBinaryString(string $value): self
{
$res = unpack('H*', $value);
if (false === $res) {
throw new InvalidArgumentException('Unable to convert the value');
}
$data = current($res);
return new self(BrickBigInteger::fromBase($data, 16));
}
/**
* @return BigInteger
*/
public static function createFromDecimal(int $value): self
{
return new self(BrickBigInteger::of($value));
}
/**
* @return BigInteger
*/
public static function createFromBigInteger(BrickBigInteger $value): self
{
return new self($value);
}
/**
* Converts a BigInteger to a binary string.
*/
public function toBytes(): string
{
if ($this->value->isEqualTo(BrickBigInteger::zero())) {
return '';
}
$temp = $this->value->toBase(16);
$temp = 0 !== (mb_strlen($temp, '8bit') & 1) ? '0'.$temp : $temp;
$temp = hex2bin($temp);
if (false === $temp) {
throw new InvalidArgumentException('Unable to convert the value into bytes');
}
return ltrim($temp, chr(0));
}
/**
* Adds two BigIntegers.
*
* @param BigInteger $y
*
* @return BigInteger
*/
public function add(self $y): self
{
$value = $this->value->plus($y->value);
return new self($value);
}
/**
* Subtracts two BigIntegers.
*
* @param BigInteger $y
*
* @return BigInteger
*/
public function subtract(self $y): self
{
$value = $this->value->minus($y->value);
return new self($value);
}
/**
* Multiplies two BigIntegers.
*
* @param BigInteger $x
*
* @return BigInteger
*/
public function multiply(self $x): self
{
$value = $this->value->multipliedBy($x->value);
return new self($value);
}
/**
* Divides two BigIntegers.
*
* @param BigInteger $x
*
* @return BigInteger
*/
public function divide(self $x): self
{
$value = $this->value->dividedBy($x->value);
return new self($value);
}
/**
* Performs modular exponentiation.
*
* @param BigInteger $e
* @param BigInteger $n
*
* @return BigInteger
*/
public function modPow(self $e, self $n): self
{
$value = $this->value->modPow($e->value, $n->value);
return new self($value);
}
/**
* Performs modular exponentiation.
*
* @param BigInteger $d
*
* @return BigInteger
*/
public function mod(self $d): self
{
$value = $this->value->mod($d->value);
return new self($value);
}
public function modInverse(BigInteger $m): BigInteger
{
return new self($this->value->modInverse($m->value));
}
/**
* Compares two numbers.
*
* @param BigInteger $y
*/
public function compare(self $y): int
{
return $this->value->compareTo($y->value);
}
/**
* @param BigInteger $y
*/
public function equals(self $y): bool
{
return $this->value->isEqualTo($y->value);
}
/**
* @param BigInteger $y
*
* @return BigInteger
*/
public static function random(self $y): self
{
return new self(BrickBigInteger::randomRange(0, $y->value));
}
/**
* @param BigInteger $y
*
* @return BigInteger
*/
public function gcd(self $y): self
{
return new self($this->value->gcd($y->value));
}
/**
* @param BigInteger $y
*/
public function lowerThan(self $y): bool
{
return $this->value->isLessThan($y->value);
}
public function isEven(): bool
{
return $this->value->isEven();
}
public function get(): BrickBigInteger
{
return $this->value;
}
}

353
administrator/components/com_akeebabackup/webpush/ECC/Curve.php Normal file
View File

@@ -0,0 +1,353 @@
<?php
/**
* Akeeba WebPush
*
* An abstraction layer for easier implementation of WebPush in Joomla components.
*
* @copyright (c) 2022 Akeeba Ltd
* @license GNU GPL v3 or later; see LICENSE.txt
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*/
declare(strict_types=1);
namespace Akeeba\WebPush\ECC;
use Brick\Math\BigInteger;
use RuntimeException;
use function is_null;
/**
* This class is copied verbatim from the JWT Framework by Spomky Labs.
*
* You can find the original code at https://github.com/web-token/jwt-framework
*
* The original file has the following copyright notice:
*
* =====================================================================================================================
*
* The MIT License (MIT)
*
* Copyright (c) 2014-2020 Spomky-Labs
*
* This software may be modified and distributed under the terms
* of the MIT license. See the LICENSE-SPOMKY.txt file for details.
*
* =====================================================================================================================
*
* @internal
*/
class Curve
{
/**
* Elliptic curve over the field of integers modulo a prime.
*
* @var BigInteger
*/
private $a;
/**
* @var BigInteger
*/
private $b;
/**
* @var BigInteger
*/
private $prime;
/**
* Binary length of keys associated with these curve parameters.
*
* @var int
*/
private $size;
/**
* @var Point
*/
private $generator;
public function __construct(int $size, BigInteger $prime, BigInteger $a, BigInteger $b, Point $generator)
{
$this->size = $size;
$this->prime = $prime;
$this->a = $a;
$this->b = $b;
$this->generator = $generator;
}
public function __toString(): string
{
return 'curve('.Math::toString($this->getA()).', '.Math::toString($this->getB()).', '.Math::toString($this->getPrime()).')';
}
public function getA(): BigInteger
{
return $this->a;
}
public function getB(): BigInteger
{
return $this->b;
}
public function getPrime(): BigInteger
{
return $this->prime;
}
public function getSize(): int
{
return $this->size;
}
/**
* @throws RuntimeException if the curve does not contain the point
*/
public function getPoint(BigInteger $x, BigInteger $y, ?BigInteger $order = null): Point
{
if (!$this->contains($x, $y)) {
throw new RuntimeException('Curve '.$this->__toString().' does not contain point ('.Math::toString($x).', '.Math::toString($y).')');
}
$point = Point::create($x, $y, $order);
if (!is_null($order)) {
$mul = $this->mul($point, $order);
if (!$mul->isInfinity()) {
throw new RuntimeException('SELF * ORDER MUST EQUAL INFINITY.');
}
}
return $point;
}
/**
* @throws RuntimeException if the coordinates are out of range
*/
public function getPublicKeyFrom(BigInteger $x, BigInteger $y): PublicKey
{
$zero = BigInteger::zero();
if ($x->compareTo($zero) < 0 || $y->compareTo($zero) < 0 || $this->generator->getOrder()->compareTo($x) <= 0 || $this->generator->getOrder()->compareTo($y) <= 0) {
throw new RuntimeException('Generator point has x and y out of range.');
}
$point = $this->getPoint($x, $y);
return new PublicKey($point);
}
public function contains(BigInteger $x, BigInteger $y): bool
{
return Math::equals(
ModularArithmetic::sub(
$y->power(2),
Math::add(
Math::add(
$x->power(3),
$this->getA()->multipliedBy($x)
),
$this->getB()
),
$this->getPrime()
),
BigInteger::zero()
);
}
public function add(Point $one, Point $two): Point
{
if ($two->isInfinity()) {
return clone $one;
}
if ($one->isInfinity()) {
return clone $two;
}
if ($two->getX()->isEqualTo($one->getX())) {
if ($two->getY()->isEqualTo($one->getY())) {
return $this->getDouble($one);
}
return Point::infinity();
}
$slope = ModularArithmetic::div(
$two->getY()->minus($one->getY()),
$two->getX()->minus($one->getX()),
$this->getPrime()
);
$xR = ModularArithmetic::sub(
$slope->power(2)->minus($one->getX()),
$two->getX(),
$this->getPrime()
);
$yR = ModularArithmetic::sub(
$slope->multipliedBy($one->getX()->minus($xR)),
$one->getY(),
$this->getPrime()
);
return $this->getPoint($xR, $yR, $one->getOrder());
}
public function mul(Point $one, BigInteger $n): Point
{
if ($one->isInfinity()) {
return Point::infinity();
}
/** @var BigInteger $zero */
$zero = BigInteger::zero();
if ($one->getOrder()->compareTo($zero) > 0) {
$n = $n->mod($one->getOrder());
}
if ($n->isEqualTo($zero)) {
return Point::infinity();
}
/** @var Point[] $r */
$r = [
Point::infinity(),
clone $one,
];
$k = $this->getSize();
$n1 = str_pad(Math::baseConvert(Math::toString($n), 10, 2), $k, '0', STR_PAD_LEFT);
for ($i = 0; $i < $k; ++$i) {
$j = $n1[$i];
Point::cswap($r[0], $r[1], $j ^ 1);
$r[0] = $this->add($r[0], $r[1]);
$r[1] = $this->getDouble($r[1]);
Point::cswap($r[0], $r[1], $j ^ 1);
}
$this->validate($r[0]);
return $r[0];
}
/**
* @param Curve $other
*/
public function cmp(self $other): int
{
$equal = $this->getA()->isEqualTo($other->getA())
&& $this->getB()->isEqualTo($other->getB())
&& $this->getPrime()->isEqualTo($other->getPrime());
return $equal ? 0 : 1;
}
/**
* @param Curve $other
*/
public function equals(self $other): bool
{
return 0 === $this->cmp($other);
}
public function getDouble(Point $point): Point
{
if ($point->isInfinity()) {
return Point::infinity();
}
$a = $this->getA();
$threeX2 = BigInteger::of(3)->multipliedBy($point->getX()->power(2));
$tangent = ModularArithmetic::div(
$threeX2->plus($a),
BigInteger::of(2)->multipliedBy($point->getY()),
$this->getPrime()
);
$x3 = ModularArithmetic::sub(
$tangent->power(2),
BigInteger::of(2)->multipliedBy($point->getX()),
$this->getPrime()
);
$y3 = ModularArithmetic::sub(
$tangent->multipliedBy($point->getX()->minus($x3)),
$point->getY(),
$this->getPrime()
);
return $this->getPoint($x3, $y3, $point->getOrder());
}
public function createPrivateKey(): PrivateKey
{
return PrivateKey::create($this->generate());
}
public function createPublicKey(PrivateKey $privateKey): PublicKey
{
$point = $this->mul($this->generator, $privateKey->getSecret());
return new PublicKey($point);
}
public function getGenerator(): Point
{
return $this->generator;
}
/**
* @throws RuntimeException if the point is invalid
*/
private function validate(Point $point): void
{
if (!$point->isInfinity() && !$this->contains($point->getX(), $point->getY())) {
throw new RuntimeException('Invalid point');
}
}
private function generate(): BigInteger
{
$max = $this->generator->getOrder();
$numBits = $this->bnNumBits($max);
$numBytes = (int) ceil($numBits / 8);
// Generate an integer of size >= $numBits
$bytes = BigInteger::randomBits($numBytes);
$mask = BigInteger::of(2)->power($numBits)->minus(1);
return $bytes->and($mask);
}
/**
* Returns the number of bits used to store this number. Non-significant upper bits are not counted.
*
* @see https://www.openssl.org/docs/crypto/BN_num_bytes.html
*/
private function bnNumBits(BigInteger $x): int
{
$zero = BigInteger::of(0);
if ($x->isEqualTo($zero)) {
return 0;
}
$log2 = 0;
while (!$x->isEqualTo($zero)) {
$x = $x->shiftedRight(1);
++$log2;
}
return $log2;
}
}

77
administrator/components/com_akeebabackup/webpush/ECC/Math.php Normal file
View File

@@ -0,0 +1,77 @@
<?php
/**
* Akeeba WebPush
*
* An abstraction layer for easier implementation of WebPush in Joomla components.
*
* @copyright (c) 2022 Akeeba Ltd
* @license GNU GPL v3 or later; see LICENSE.txt
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*/
declare(strict_types=1);
namespace Akeeba\WebPush\ECC;
use Akeeba\WebPush\ECC\BigInteger as CoreBigInteger;
use Brick\Math\BigInteger;
/**
* This class is copied verbatim from the JWT Framework by Spomky Labs.
*
* You can find the original code at https://github.com/web-token/jwt-framework
*
* The original file has the following copyright notice:
*
* =====================================================================================================================
*
* The MIT License (MIT)
*
* Copyright (c) 2014-2020 Spomky-Labs
*
* This software may be modified and distributed under the terms
* of the MIT license. See the LICENSE-SPOMKY.txt file for details.
*
* =====================================================================================================================
*
* @internal
*/
class Math
{
public static function equals(BigInteger $first, BigInteger $other): bool
{
return $first->isEqualTo($other);
}
public static function add(BigInteger $augend, BigInteger $addend): BigInteger
{
return $augend->plus($addend);
}
public static function toString(BigInteger $value): string
{
return $value->toBase(10);
}
public static function inverseMod(BigInteger $a, BigInteger $m): BigInteger
{
return CoreBigInteger::createFromBigInteger($a)->modInverse(CoreBigInteger::createFromBigInteger($m))->get();
}
public static function baseConvert(string $number, int $from, int $to): string
{
return BigInteger::fromBase($number, $from)->toBase($to);
}
}

66
administrator/components/com_akeebabackup/webpush/ECC/ModularArithmetic.php Normal file
View File

@@ -0,0 +1,66 @@
<?php
/**
* Akeeba WebPush
*
* An abstraction layer for easier implementation of WebPush in Joomla components.
*
* @copyright (c) 2022 Akeeba Ltd
* @license GNU GPL v3 or later; see LICENSE.txt
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*/
declare(strict_types=1);
namespace Akeeba\WebPush\ECC;
use Brick\Math\BigInteger;
/**
* This class is copied verbatim from the JWT Framework by Spomky Labs.
*
* You can find the original code at https://github.com/web-token/jwt-framework
*
* The original file has the following copyright notice:
*
* =====================================================================================================================
*
* The MIT License (MIT)
*
* Copyright (c) 2014-2020 Spomky-Labs
*
* This software may be modified and distributed under the terms
* of the MIT license. See the LICENSE-SPOMKY.txt file for details.
*
* =====================================================================================================================
*
* @internal
*/
class ModularArithmetic
{
public static function sub(BigInteger $minuend, BigInteger $subtrahend, BigInteger $modulus): BigInteger
{
return $minuend->minus($subtrahend)->mod($modulus);
}
public static function mul(BigInteger $multiplier, BigInteger $muliplicand, BigInteger $modulus): BigInteger
{
return $multiplier->multipliedBy($muliplicand)->mod($modulus);
}
public static function div(BigInteger $dividend, BigInteger $divisor, BigInteger $modulus): BigInteger
{
return self::mul($dividend, Math::inverseMod($divisor, $modulus), $modulus);
}
}

165
administrator/components/com_akeebabackup/webpush/ECC/Point.php Normal file
View File

@@ -0,0 +1,165 @@
<?php
/**
* Akeeba WebPush
*
* An abstraction layer for easier implementation of WebPush in Joomla components.
*
* @copyright (c) 2022 Akeeba Ltd
* @license GNU GPL v3 or later; see LICENSE.txt
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*/
declare(strict_types=1);
namespace Akeeba\WebPush\ECC;
use Brick\Math\BigInteger;
/**
* This class is copied verbatim from the JWT Framework by Spomky Labs.
*
* You can find the original code at https://github.com/web-token/jwt-framework
*
* The original file has the following copyright notice:
*
* =====================================================================================================================
*
* The MIT License (MIT)
*
* Copyright (c) 2014-2020 Spomky-Labs
*
* This software may be modified and distributed under the terms
* of the MIT license. See the LICENSE-SPOMKY.txt file for details.
*
* =====================================================================================================================
*
* *********************************************************************
* Copyright (C) 2012 Matyas Danter.
*
* Permission is hereby granted, free of charge, to any person obtaining
* a copy of this software and associated documentation files (the "Software"),
* to deal in the Software without restriction, including without limitation
* the rights to use, copy, modify, merge, publish, distribute, sublicense,
* and/or sell copies of the Software, and to permit persons to whom the
* Software is furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included
* in all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
* OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
* THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES
* OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
* ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
* OTHER DEALINGS IN THE SOFTWARE.
* ***********************************************************************
*
* @internal
*/
class Point
{
/**
* @var BigInteger
*/
private $x;
/**
* @var BigInteger
*/
private $y;
/**
* @var BigInteger
*/
private $order;
/**
* @var bool
*/
private $infinity = false;
private function __construct(BigInteger $x, BigInteger $y, BigInteger $order, bool $infinity = false)
{
$this->x = $x;
$this->y = $y;
$this->order = $order;
$this->infinity = $infinity;
}
public static function create(BigInteger $x, BigInteger $y, ?BigInteger $order = null): self
{
return new self($x, $y, $order ?? BigInteger::zero());
}
public static function infinity(): self
{
$zero = BigInteger::zero();
return new self($zero, $zero, $zero, true);
}
public function isInfinity(): bool
{
return $this->infinity;
}
public function getOrder(): BigInteger
{
return $this->order;
}
public function getX(): BigInteger
{
return $this->x;
}
public function getY(): BigInteger
{
return $this->y;
}
public static function cswap(self $a, self $b, int $cond): void
{
self::cswapBigInteger($a->x, $b->x, $cond);
self::cswapBigInteger($a->y, $b->y, $cond);
self::cswapBigInteger($a->order, $b->order, $cond);
self::cswapBoolean($a->infinity, $b->infinity, $cond);
}
private static function cswapBoolean(bool &$a, bool &$b, int $cond): void
{
$sa = BigInteger::of((int) $a);
$sb = BigInteger::of((int) $b);
self::cswapBigInteger($sa, $sb, $cond);
$a = (bool) $sa->toBase(10);
$b = (bool) $sb->toBase(10);
}
private static function cswapBigInteger(BigInteger &$sa, BigInteger &$sb, int $cond): void
{
$size = max(mb_strlen($sa->toBase(2), '8bit'), mb_strlen($sb->toBase(2), '8bit'));
$mask = (string) (1 - $cond);
$mask = str_pad('', $size, $mask, STR_PAD_LEFT);
$mask = BigInteger::fromBase($mask, 2);
$taA = $sa->and($mask);
$taB = $sb->and($mask);
$sa = $sa->xor($sb)->xor($taB);
$sb = $sa->xor($sb)->xor($taA);
$sa = $sa->xor($sb)->xor($taB);
}
}

93
administrator/components/com_akeebabackup/webpush/ECC/PrivateKey.php Normal file
View File

@@ -0,0 +1,93 @@
<?php
/**
* Akeeba WebPush
*
* An abstraction layer for easier implementation of WebPush in Joomla components.
*
* @copyright (c) 2022 Akeeba Ltd
* @license GNU GPL v3 or later; see LICENSE.txt
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*/
declare(strict_types=1);
namespace Akeeba\WebPush\ECC;
use Brick\Math\BigInteger;
/**
* This class is copied verbatim from the JWT Framework by Spomky Labs.
*
* You can find the original code at https://github.com/web-token/jwt-framework
*
* The original file has the following copyright notice:
*
* =====================================================================================================================
*
* The MIT License (MIT)
*
* Copyright (c) 2014-2020 Spomky-Labs
*
* This software may be modified and distributed under the terms
* of the MIT license. See the LICENSE-SPOMKY.txt file for details.
*
* =====================================================================================================================
*
* *********************************************************************
* Copyright (C) 2012 Matyas Danter.
*
* Permission is hereby granted, free of charge, to any person obtaining
* a copy of this software and associated documentation files (the "Software"),
* to deal in the Software without restriction, including without limitation
* the rights to use, copy, modify, merge, publish, distribute, sublicense,
* and/or sell copies of the Software, and to permit persons to whom the
* Software is furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included
* in all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
* OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
* THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES
* OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
* ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
* OTHER DEALINGS IN THE SOFTWARE.
* ***********************************************************************
*
* @internal
*/
class PrivateKey
{
/**
* @var BigInteger
*/
private $secret;
private function __construct(BigInteger $secret)
{
$this->secret = $secret;
}
public static function create(BigInteger $secret): self
{
return new self($secret);
}
public function getSecret(): BigInteger
{
return $this->secret;
}
}

86
administrator/components/com_akeebabackup/webpush/ECC/PublicKey.php Normal file
View File

@@ -0,0 +1,86 @@
<?php
/**
* Akeeba WebPush
*
* An abstraction layer for easier implementation of WebPush in Joomla components.
*
* @copyright (c) 2022 Akeeba Ltd
* @license GNU GPL v3 or later; see LICENSE.txt
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*/
declare(strict_types=1);
namespace Akeeba\WebPush\ECC;
/**
* This class is copied verbatim from the JWT Framework by Spomky Labs.
*
* You can find the original code at https://github.com/web-token/jwt-framework
*
* The original file has the following copyright notice:
*
* =====================================================================================================================
*
* The MIT License (MIT)
*
* Copyright (c) 2014-2020 Spomky-Labs
*
* This software may be modified and distributed under the terms
* of the MIT license. See the LICENSE-SPOMKY.txt file for details.
*
* =====================================================================================================================
*
* *********************************************************************
* Copyright (C) 2012 Matyas Danter.
*
* Permission is hereby granted, free of charge, to any person obtaining
* a copy of this software and associated documentation files (the "Software"),
* to deal in the Software without restriction, including without limitation
* the rights to use, copy, modify, merge, publish, distribute, sublicense,
* and/or sell copies of the Software, and to permit persons to whom the
* Software is furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included
* in all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
* OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
* THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES
* OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
* ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
* OTHER DEALINGS IN THE SOFTWARE.
* ***********************************************************************
*
* @internal
*/
class PublicKey
{
/**
* @var Point
*/
private $point;
public function __construct(Point $point)
{
$this->point = $point;
}
public function getPoint(): Point
{
return $this->point;
}
}

430
administrator/components/com_akeebabackup/webpush/NotificationOptions.php Normal file
View File

@@ -0,0 +1,430 @@
<?php
/**
* Akeeba WebPush
*
* An abstraction layer for easier implementation of WebPush in Joomla components.
*
* @copyright (c) 2022 Akeeba Ltd
* @license GNU GPL v3 or later; see LICENSE.txt
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*/
namespace Akeeba\WebPush;
use Joomla\Utilities\ArrayHelper;
/**
* Abstraction of the notification options recognised by browsers.
*
* IMPORTANT! Items marked as `experimental` may NOT work correctly, or at all, on some browsers.
*
* @since 1.0.0
* @see https://developer.mozilla.org/en-US/docs/Web/API/ServiceWorkerRegistration/showNotification
* @package Akeeba\WebPush
*
* @property array|null $actions An array of actions to display in the notification.
* @property string|null $badge URL to a badge icon.
* @property string|null $body A string representing an extra content to display within the notification.
* @property mixed $data Arbitrary data that you want to be associated with the notification.
* @property string|null $dir The direction of the notification; it can be auto, ltr or rtl.
* @property string|null $icon URL of an image to be used as an icon by the notification.
* @property string|null $image URL of an image to be displayed in the notification.
* @property string|null $lang Specify the language used within the notification.
* @property bool $renotify Whether to suppress vibrations and audible alerts when reusing a tag value.
* @property bool $requireInteraction Should the notification remain on screen until dismissed?
* @property bool $silent When set indicates that no sounds or vibrations should be made.
* @property string|null $tag A tag to group related notifications.
* @property int|null $timestamp UNIX timestamp IN MILLISECONDS of the date and time applicable to a notification.
* @property array|null $vibrate A vibration pattern to run with the display of the notification.
*/
class NotificationOptions implements \JsonSerializable, \ArrayAccess, \Countable
{
/**
* An array of actions to display in the notification.
*
* Do note that this also needs support to be added to your Web Push service worker JavaScript file for each
* individual action. Actions are more prominent on Android than on desktop; in the latter case you need to click on
* the notification to see the actions and that's only if the browser supports actions.
*
* @since 1.0.0
* @var array|null
* @see https://developer.mozilla.org/en-US/docs/Web/API/ServiceWorkerRegistration/showNotification
* @experimental
*/
private $actions = null;
/**
* URL to a badge icon.
*
* This is a string containing the URL of an image to represent the notification when there is not enough space to
* display the notification itself such as for example, the Android Notification Bar. On Android devices, the badge
* should accommodate devices up to 4x resolution, about 96 by 96 px, and the image will be automatically masked.
*
* @since 1.0.0
* @var string|null
* @experimental
*/
private $badge = null;
/**
* A string representing an extra content to display within the notification.
*
* @since 1.0.0
* @var string|null
*/
private $body = null;
/**
* Arbitrary data that you want to be associated with the notification.
*
* @since 1.0.0
* @var string|int|float|array|\stdClass|\JsonSerializable|null
* @experimental
*/
private $data = null;
/**
* The direction of the notification; it can be auto, ltr or rtl.
*
* @since 1.0.0
* @var string|null
*/
private $dir = null;
/**
* URL of an image to be used as an icon by the notification.
*
* @since 1.0.0
* @var string|null
*/
private $icon = null;
/**
* URL of an image to be displayed in the notification.
*
* @since 1.0.0
* @var string|null
* @experimental
*/
private $image = null;
/**
* Specify the language used within the notification.
*
* This string must be a valid language tag according to RFC 5646: Tags for Identifying Languages (also known as
* BCP 47).
*
* @since 1.0.0
* @var string|null
*/
private $lang = null;
/**
* Whether to suppress vibrations and audible alerts when reusing a tag value.
*
* If options' renotify is true and optionss tag is the empty string a TypeError will be thrown by the JavaScript.
* The default is false.
*
* @since 1.0.0
* @var bool
* @experimental
*/
private $renotify = false;
/**
* Should the notification remain on screen until dismissed?
*
* Indicates that on devices with sufficiently large screens, a notification should remain active until the user
* clicks or dismisses it. If this value is absent or false, the desktop version of Chrome will auto-minimize
* notifications after approximately twenty seconds. The default value is false.
*
* @since 1.0.0
* @var bool
* @experimental
*/
private $requireInteraction = false;
/**
* When set indicates that no sounds or vibrations should be made.
*
* If options' silent is true and options' vibrate is present the JavaScript will throw a TypeError exception. The
* default value is false.
*
* @since 1.0.0
* @var bool
*/
private $silent = false;
/**
* A tag to group related notifications.
*
* An ID for a given notification that allows you to find, replace, or remove the notification using a script if
* necessary.
*
* @since 1.0.0
* @var string|null
*/
private $tag = null;
/**
* UNIX timestamp IN MILLISECONDS of the date and time applicable to a notification.
*
* Represents the time when the notification was created. It can be used to indicate the time at which a
* notification is actual. For example, this could be in the past when a notification is used for a message that
* couldn't immediately be delivered because the device was offline, or in the future for a meeting that is about to
* start.
*
* @since 1.0.0
* @var int|null
*/
private $timestamp = null;
/**
* A vibration pattern to run with the display of the notification.
*
* A vibration pattern can be an array with as few as one member. The values are times in milliseconds where the
* even indices (0, 2, 4, etc.) indicate how long to vibrate and the odd indices indicate how long to pause. For
* example, [300, 100, 400] would vibrate 300ms, pause 100ms, then vibrate 400ms.
*
* @since 1.0.0
* @var array|null
* @experimental
*/
private $vibrate = null;
/**
* Magic getter
*
* @param string $name The property to get
*
* @return mixed The property value
* @since 1.0.0
*/
public function __get($name)
{
return $this->offsetGet($name);
}
/**
* Magic setter
*
* @param string $name The property to set
* @param mixed $value The value to set
*
* @since 1.0.0
*/
public function __set($name, $value)
{
$this->offsetSet($name, $value);
}
/**
* Is a property set?
*
* @param string $name The name of the property to check
*
* @return bool True if it exists
*
* @since 1.0.0
*/
#[\ReturnTypeWillChange]
public function __isset($name)
{
return $this->offsetExists($name);
}
/**
* Converts the object to string
*
* @return string The JSON-serialised form of this object
*
* @since 1.0.0
*/
#[\ReturnTypeWillChange]
public function __toString()
{
return json_encode($this);
}
/**
* Count elements of an object.
*
* This method only returns the number of top-level elements which will end up in the JSON-serialised format of this
* object.
*
* @return int The custom count as an integer.
* @since 1.0.0
*/
#[\ReturnTypeWillChange]
public function count()
{
return count($this->toArray());
}
/**
* Specify data which should be serialized to JSON
*
* @return mixed Data which can be serialized by <b>json_encode</b>.
* @since 1.0.0
*/
#[\ReturnTypeWillChange]
public function jsonSerialize()
{
return $this->toArray();
}
/**
* Whether an offset exists
*
* @param mixed $offset An offset to check for.
*
* @return bool True on success
* @since 1.0.0
*/
#[\ReturnTypeWillChange]
public function offsetExists($offset)
{
return property_exists($this, $offset);
}
/**
* Offset to retrieve
*
* @param mixed $offset The offset to retrieve.
*
* @return mixed
* @since 1.0.0
*/
#[\ReturnTypeWillChange]
public function offsetGet($offset)
{
if (!$this->offsetExists($offset))
{
throw new \InvalidArgumentException(
sprintf(
'Class %s does not support array offset %s',
__CLASS__,
$offset
)
);
}
return $this->{$offset};
}
/**
* Offset to set
*
* @param string $offset The offset to assign the value to.
* @param mixed $value The value to set.
*
* @return void
* @since 1.0.0
*/
#[\ReturnTypeWillChange]
public function offsetSet($offset, $value)
{
switch ($offset)
{
case 'actions':
if ($value !== null && !is_array($value))
{
throw new \InvalidArgumentException(sprintf('%s[\'%s\'] must be an array or null', __CLASS__, $offset));
}
break;
case 'body':
case 'lang':
case 'tag':
if ($value !== null && !is_string($value))
{
throw new \InvalidArgumentException(sprintf('%s[\'%s\'] must be null or string', __CLASS__, $offset));
}
break;
case 'dir':
if (($value !== null && !is_string($value)) || !in_array($value, ['auto', 'ltr', 'rtl']))
{
throw new \InvalidArgumentException(sprintf('%s[\'%s\'] must be one of "auto", "ltr", "rtl" or null', __CLASS__, $offset));
}
break;
case 'badge':
case 'icon':
case 'image':
$var = filter_var($value, FILTER_VALIDATE_URL, FILTER_NULL_ON_FAILURE);
if (($value !== null && !is_string($value)) || ($var !== $value))
{
throw new \InvalidArgumentException(sprintf('%s[\'%s\'] must be null or a URL', __CLASS__, $offset));
}
break;
case 'renotify':
case 'requireInteraction':
case 'silent':
$value = filter_var($value, FILTER_VALIDATE_BOOL);
break;
case 'timestamp':
$value = filter_var($value, FILTER_VALIDATE_INT, FILTER_NULL_ON_FAILURE);
break;
case 'vibrate':
$value = ArrayHelper::toInteger($value);
break;
}
$this->{$offset} = $value;
}
/**
* Unsupported
*
* @param string $offset Ignored.
*
* @throws \BadMethodCallException
* @since 1.0.0
*/
#[\ReturnTypeWillChange]
public function offsetUnset($offset)
{
throw new \BadFunctionCallException(
sprintf(
'Class %s does not allow unsetting virtual array elements (you tried to unset %s)',
__CLASS__,
$offset
)
);
}
/**
* Returns an array with the non-null, non-empty-array arguments.
*
* @return array
* @since 1.0.0
*/
public function toArray(): array
{
return array_filter(
get_object_vars($this),
function ($x) {
return ($x !== null) && ($x !== []);
}
);
}
}

475
administrator/components/com_akeebabackup/webpush/WebPush/Encryption.php Normal file
View File

@@ -0,0 +1,475 @@
<?php
/**
* Akeeba WebPush
*
* An abstraction layer for easier implementation of WebPush in Joomla components.
*
* @copyright (c) 2022 Akeeba Ltd
* @license GNU GPL v3 or later; see LICENSE.txt
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*/
declare(strict_types=1);
namespace Akeeba\WebPush\WebPush;
use Akeeba\WebPush\ECC\Curve;
use Akeeba\WebPush\ECC\Point;
use Akeeba\WebPush\ECC\PrivateKey;
use Base64Url\Base64Url;
use Brick\Math\BigInteger;
use function mb_substr;
use function chr;
use function hex2bin;
use function is_array;
use function openssl_encrypt;
use function pack;
use function str_pad;
use function unpack;
use const false;
use const OPENSSL_RAW_DATA;
use const STR_PAD_LEFT;
/**
* This class is a derivative work based on the WebPush library by Louis Lagrange. It has been modified to only use
* dependencies shipped with Joomla itself and must not be confused with the original work.
*
* You can find the original code at https://github.com/web-push-libs
*
* The original code came with the following copyright notice:
*
* =====================================================================================================================
*
* This file is part of the WebPush library.
*
* (c) Louis Lagrange <lagrange.louis@gmail.com>
*
* For the full copyright and license information, please view the LICENSE-LAGRANGE.txt
* file that was distributed with this source code.
*
* =====================================================================================================================
*/
class Encryption
{
public const MAX_PAYLOAD_LENGTH = 4078;
public const MAX_COMPATIBILITY_PAYLOAD_LENGTH = 3052;
/**
* @param string $payload With padding
* @param string $userPublicKey Base 64 encoded (MIME or URL-safe)
* @param string $userAuthToken Base 64 encoded (MIME or URL-safe)
*
* @throws \ErrorException
*/
public static function encrypt(string $payload, string $userPublicKey, string $userAuthToken, string $contentEncoding): array
{
$localKeyData = self::createLocalKeyObjectUsingOpenSSL();
$salt = random_bytes(16);
$userPublicKey = Base64Url::decode($userPublicKey);
$userAuthToken = Base64Url::decode($userAuthToken);
// get local key pair
$localPublicKey = hex2bin(Utils::serializePublicKeyFromData($localKeyData));
if (!$localPublicKey)
{
throw new \ErrorException('Failed to convert local public key from hexadecimal to binary');
}
// get user public key object
[$userPublicKeyObjectX, $userPublicKeyObjectY] = Utils::unserializePublicKey($userPublicKey);
$userKeyData = [
'x' => $userPublicKeyObjectX,
'y' => $userPublicKeyObjectY,
];
// get shared secret from user public key and local private key
$sharedSecret = Encryption::calculateAgreementKey($localKeyData, $userKeyData);
$sharedSecret = str_pad($sharedSecret, 32, chr(0), STR_PAD_LEFT);
// section 4.3
$ikm = Encryption::getIKM($userAuthToken, $userPublicKey, $localPublicKey, $sharedSecret, $contentEncoding);
// section 4.2
$context = Encryption::createContext($userPublicKey, $localPublicKey, $contentEncoding);
// derive the Content Encryption Key
$contentEncryptionKeyInfo = Encryption::createInfo($contentEncoding, $context, $contentEncoding);
$contentEncryptionKey = Encryption::hkdf($salt, $ikm, $contentEncryptionKeyInfo, 16);
// section 3.3, derive the nonce
$nonceInfo = Encryption::createInfo('nonce', $context, $contentEncoding);
$nonce = Encryption::hkdf($salt, $ikm, $nonceInfo, 12);
// encrypt
// "The additional data passed to each invocation of AEAD_AES_128_GCM is a zero-length octet sequence."
$tag = '';
$encryptedText = openssl_encrypt($payload, 'aes-128-gcm', $contentEncryptionKey, OPENSSL_RAW_DATA, $nonce, $tag);
// return values in url safe base64
return [
'localPublicKey' => $localPublicKey,
'salt' => $salt,
'cipherText' => $encryptedText . $tag,
];
}
public static function getContentCodingHeader(string $salt, string $localPublicKey, string $contentEncoding): string
{
if ($contentEncoding === "aes128gcm")
{
return $salt
. pack('N*', 4096)
. pack('C*', Utils::safeStrlen($localPublicKey))
. $localPublicKey;
}
return "";
}
/**
* @return string padded payload (plaintext)
* @throws \ErrorException
*/
public static function padPayload(string $payload, int $maxLengthToPad, string $contentEncoding): string
{
$payloadLen = Utils::safeStrlen($payload);
$padLen = $maxLengthToPad ? $maxLengthToPad - $payloadLen : 0;
if ($contentEncoding === "aesgcm")
{
return pack('n*', $padLen) . str_pad($payload, $padLen + $payloadLen, chr(0), STR_PAD_LEFT);
}
elseif ($contentEncoding === "aes128gcm")
{
return str_pad($payload . chr(2), $padLen + $payloadLen, chr(0), STR_PAD_RIGHT);
}
else
{
throw new \ErrorException("This content encoding is not supported");
}
}
private static function addNullPadding(string $data): string
{
return str_pad($data, 32, chr(0), STR_PAD_LEFT);
}
private static function calculateAgreementKey(array $private_key, array $public_key): string
{
if (function_exists('openssl_pkey_derive'))
{
try
{
$publicPem = self::convertPublicKeyToPEM($public_key);
$private_key = array_map([Base64Url::class, 'encode'], $private_key);
$privatePem = self::convertPrivateKeyToPEM($private_key);
$result = openssl_pkey_derive($publicPem, $privatePem, 256);
if ($result === false)
{
throw new \Exception('Unable to compute the agreement key');
}
return $result;
}
catch (\Throwable $throwable)
{
//Does nothing. Will fallback to the pure PHP function
}
}
$curve = self::curve256();
$rec_x = self::convertBase64ToBigInteger($public_key['x']);
$rec_y = self::convertBase64ToBigInteger($public_key['y']);
$sen_d = self::convertBase64ToBigInteger($private_key['d']);
$priv_key = PrivateKey::create($sen_d);
$pub_key = $curve->getPublicKeyFrom($rec_x, $rec_y);
return hex2bin(str_pad($curve->mul($pub_key->getPoint(), $priv_key->getSecret())->getX()->toBase(16), 64, '0', STR_PAD_LEFT));
}
/**
* @throws \ErrorException
*/
private static function convertBase64ToBigInteger(string $value): BigInteger
{
try
{
$value = unpack('H*', Base64Url::decode($value));
}
catch (\Exception $e)
{
$value = unpack('H*', $value);
}
if ($value === false)
{
throw new \ErrorException('Unable to unpack hex value from string');
}
return BigInteger::fromBase($value[1], 16);
}
/**
* @throws \ErrorException
*/
private static function convertBase64ToGMP(string $value): \GMP
{
$value = unpack('H*', Base64Url::decode($value));
if ($value === false)
{
throw new \ErrorException('Unable to unpack hex value from string');
}
return gmp_init($value[1], 16);
}
/**
* Creates a context for deriving encryption parameters.
* See section 4.2 of
* {@link https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-00}
* From {@link https://github.com/GoogleChrome/push-encryption-node/blob/master/src/encrypt.js}.
*
* @param string $clientPublicKey The client's public key
* @param string $serverPublicKey Our public key
*
* @throws \ErrorException
*/
private static function createContext(string $clientPublicKey, string $serverPublicKey, string $contentEncoding): ?string
{
if ($contentEncoding === "aes128gcm")
{
return null;
}
if (Utils::safeStrlen($clientPublicKey) !== 65)
{
throw new \ErrorException('Invalid client public key length');
}
// This one should never happen, because it's our code that generates the key
if (Utils::safeStrlen($serverPublicKey) !== 65)
{
throw new \ErrorException('Invalid server public key length');
}
$len = chr(0) . 'A'; // 65 as Uint16BE
return chr(0) . $len . $clientPublicKey . $len . $serverPublicKey;
}
/**
* Returns an info record. See sections 3.2 and 3.3 of
* {@link https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-00}
* From {@link https://github.com/GoogleChrome/push-encryption-node/blob/master/src/encrypt.js}.
*
* @param string $type The type of the info record
* @param string|null $context The context for the record
*
* @throws \ErrorException
*/
private static function createInfo(string $type, ?string $context, string $contentEncoding): string
{
if ($contentEncoding === "aesgcm")
{
if (!$context)
{
throw new \ErrorException('Context must exist');
}
if (Utils::safeStrlen($context) !== 135)
{
throw new \ErrorException('Context argument has invalid size');
}
return 'Content-Encoding: ' . $type . chr(0) . 'P-256' . $context;
}
elseif ($contentEncoding === "aes128gcm")
{
return 'Content-Encoding: ' . $type . chr(0);
}
throw new \ErrorException('This content encoding is not supported.');
}
private static function createLocalKeyObjectUsingOpenSSL(): array
{
$keyResource = openssl_pkey_new([
'curve_name' => 'prime256v1',
'private_key_type' => OPENSSL_KEYTYPE_EC,
]);
if (!$keyResource)
{
throw new \RuntimeException('Unable to create the key');
}
$details = openssl_pkey_get_details($keyResource);
if (PHP_MAJOR_VERSION < 8)
{
openssl_pkey_free($keyResource);
}
if (!$details)
{
throw new \RuntimeException('Unable to get the key details');
}
return [
'x' => self::addNullPadding($details['ec']['x']),
'y' => self::addNullPadding($details['ec']['y']),
'd' => self::addNullPadding($details['ec']['d']),
];
}
/**
* @throws \ErrorException
*/
private static function getIKM(string $userAuthToken, string $userPublicKey, string $localPublicKey, string $sharedSecret, string $contentEncoding): string
{
if (!empty($userAuthToken))
{
if ($contentEncoding === "aesgcm")
{
$info = 'Content-Encoding: auth' . chr(0);
}
elseif ($contentEncoding === "aes128gcm")
{
$info = "WebPush: info" . chr(0) . $userPublicKey . $localPublicKey;
}
else
{
throw new \ErrorException("This content encoding is not supported");
}
return self::hkdf($userAuthToken, $sharedSecret, $info, 32);
}
return $sharedSecret;
}
/**
* HMAC-based Extract-and-Expand Key Derivation Function (HKDF).
*
* This is used to derive a secure encryption key from a mostly-secure shared
* secret.
*
* This is a partial implementation of HKDF tailored to our specific purposes.
* In particular, for us the value of N will always be 1, and thus T always
* equals HMAC-Hash(PRK, info | 0x01).
*
* See {@link https://www.rfc-editor.org/rfc/rfc5869.txt}
* From {@link https://github.com/GoogleChrome/push-encryption-node/blob/master/src/encrypt.js}
*
* @param string $salt A non-secret random value
* @param string $ikm Input keying material
* @param string $info Application-specific context
* @param int $length The length (in bytes) of the required output key
*/
private static function hkdf(string $salt, string $ikm, string $info, int $length): string
{
// extract
$prk = hash_hmac('sha256', $ikm, $salt, true);
// expand
return mb_substr(hash_hmac('sha256', $info . chr(1), $prk, true), 0, $length, '8bit');
}
/**
* @throws \InvalidArgumentException if the curve is not supported
*/
public static function convertPublicKeyToPEM(array $keyData): string
{
$der = pack(
'H*',
'3059' // SEQUENCE, length 89
.'3013' // SEQUENCE, length 19
.'0607' // OID, length 7
.'2a8648ce3d0201' // 1.2.840.10045.2.1 = EC Public Key
.'0608' // OID, length 8
.'2a8648ce3d030107' // 1.2.840.10045.3.1.7 = P-256 Curve
.'0342' // BIT STRING, length 66
.'00' // prepend with NUL - pubkey will follow
);
$der .= "\04"
. str_pad($keyData['x'], 32, "\0", STR_PAD_LEFT)
. str_pad($keyData['y'], 32, "\0", STR_PAD_LEFT);
$pem = '-----BEGIN PUBLIC KEY-----'.PHP_EOL;
$pem .= chunk_split(base64_encode($der), 64, PHP_EOL);
$pem .= '-----END PUBLIC KEY-----'.PHP_EOL;
return $pem;
}
/**
* @throws \InvalidArgumentException if the curve is not supported
*/
public static function convertPrivateKeyToPEM(array $keyData): string
{
$d = unpack('H*', str_pad(Base64Url::decode($keyData['d']), 32, "\0", STR_PAD_LEFT));
if (!is_array($d) || !isset($d[1]))
{
throw new \InvalidArgumentException('Unable to get the private key');
}
$der = pack(
'H*',
'3077' // SEQUENCE, length 87+length($d)=32
. '020101' // INTEGER, 1
. '0420' // OCTET STRING, length($d) = 32
. $d[1]
. 'a00a' // TAGGED OBJECT #0, length 10
. '0608' // OID, length 8
. '2a8648ce3d030107' // 1.3.132.0.34 = P-256 Curve
. 'a144' // TAGGED OBJECT #1, length 68
. '0342' // BIT STRING, length 66
. '00' // prepend with NUL - pubkey will follow
);
$der .= "\04"
. str_pad(Base64Url::decode($keyData['x']), 32, "\0", STR_PAD_LEFT)
. str_pad(Base64Url::decode($keyData['y']), 32, "\0", STR_PAD_LEFT);
$pem = '-----BEGIN EC PRIVATE KEY-----'.PHP_EOL;
$pem .= chunk_split(base64_encode($der), 64, PHP_EOL);
$pem .= '-----END EC PRIVATE KEY-----'.PHP_EOL;
return $pem;
}
/**
* Returns an NIST P-256 curve.
*/
private static function curve256(): Curve
{
$p = BigInteger::fromBase('ffffffff00000001000000000000000000000000ffffffffffffffffffffffff', 16);
$a = BigInteger::fromBase('ffffffff00000001000000000000000000000000fffffffffffffffffffffffc', 16);
$b = BigInteger::fromBase('5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b', 16);
$x = BigInteger::fromBase('6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296', 16);
$y = BigInteger::fromBase('4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5', 16);
$n = BigInteger::fromBase('ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551', 16);
$generator = Point::create($x, $y, $n);
return new Curve(256, $p, $a, $b, $generator);
}
}

174
administrator/components/com_akeebabackup/webpush/WebPush/MessageSentReport.php Normal file
View File

@@ -0,0 +1,174 @@
<?php
/**
* Akeeba WebPush
*
* An abstraction layer for easier implementation of WebPush in Joomla components.
*
* @copyright (c) 2022 Akeeba Ltd
* @license GNU GPL v3 or later; see LICENSE.txt
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*/
namespace Akeeba\WebPush\WebPush;
use Psr\Http\Message\RequestInterface;
use Psr\Http\Message\ResponseInterface;
/**
* This class is a derivative work based on the WebPush library by Louis Lagrange. It has been modified to only use
* dependencies shipped with Joomla itself and must not be confused with the original work.
*
* You can find the original code at https://github.com/web-push-libs
*
* The original code came with the following copyright notice:
*
* =====================================================================================================================
*
* This file is part of the WebPush library.
*
* (c) Louis Lagrange <lagrange.louis@gmail.com>
*
* For the full copyright and license information, please view the LICENSE-LAGRANGE.txt
* file that was distributed with this source code.
*
* =====================================================================================================================
*
* @author Igor Timoshenkov [it@campoint.net]
* @started: 03.09.2018 9:21
*
* Standardized response from sending a message
*/
class MessageSentReport implements \JsonSerializable
{
/**
* @var string
*/
protected $reason;
/**
* @var RequestInterface
*/
protected $request;
/**
* @var ResponseInterface | null
*/
protected $response;
/**
* @var boolean
*/
protected $success;
/**
* @param string $reason
*/
public function __construct(RequestInterface $request, ?ResponseInterface $response = null, bool $success = true, $reason = 'OK')
{
$this->request = $request;
$this->response = $response;
$this->success = $success;
$this->reason = $reason;
}
public function getEndpoint(): string
{
return $this->request->getUri()->__toString();
}
public function getReason(): string
{
return $this->reason;
}
public function setReason(string $reason): MessageSentReport
{
$this->reason = $reason;
return $this;
}
public function getRequest(): RequestInterface
{
return $this->request;
}
public function setRequest(RequestInterface $request): MessageSentReport
{
$this->request = $request;
return $this;
}
public function getRequestPayload(): string
{
return $this->request->getBody()->getContents();
}
public function getResponse(): ?ResponseInterface
{
return $this->response;
}
public function setResponse(ResponseInterface $response): MessageSentReport
{
$this->response = $response;
return $this;
}
public function getResponseContent(): ?string
{
if (!$this->response)
{
return null;
}
return $this->response->getBody()->getContents();
}
public function isSubscriptionExpired(): bool
{
if (!$this->response)
{
return false;
}
return \in_array($this->response->getStatusCode(), [404, 410], true);
}
public function isSuccess(): bool
{
return $this->success;
}
public function setSuccess(bool $success): MessageSentReport
{
$this->success = $success;
return $this;
}
public function jsonSerialize(): array
{
return [
'success' => $this->isSuccess(),
'expired' => $this->isSubscriptionExpired(),
'reason' => $this->reason,
'endpoint' => $this->getEndpoint(),
'payload' => $this->request->getBody()->getContents(),
];
}
}

95
administrator/components/com_akeebabackup/webpush/WebPush/Notification.php Normal file
View File

@@ -0,0 +1,95 @@
<?php
/**
* Akeeba WebPush
*
* An abstraction layer for easier implementation of WebPush in Joomla components.
*
* @copyright (c) 2022 Akeeba Ltd
* @license GNU GPL v3 or later; see LICENSE.txt
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*/
declare(strict_types=1);
namespace Akeeba\WebPush\WebPush;
use function count;
/**
* This class is a derivative work based on the WebPush library by Louis Lagrange. It has been modified to only use
* dependencies shipped with Joomla itself and must not be confused with the original work.
*
* You can find the original code at https://github.com/web-push-libs
*
* The original code came with the following copyright notice:
*
* =====================================================================================================================
*
* This file is part of the WebPush library.
*
* (c) Louis Lagrange <lagrange.louis@gmail.com>
*
* For the full copyright and license information, please view the LICENSE-LAGRANGE.txt
* file that was distributed with this source code.
*
* =====================================================================================================================
*/
class Notification
{
/** @var array Auth details : VAPID */
private $auth;
/** @var array Options : TTL, urgency, topic */
private $options;
/** @var null|string */
private $payload;
/** @var SubscriptionInterface */
private $subscription;
public function __construct(SubscriptionInterface $subscription, ?string $payload, array $options, array $auth)
{
$this->subscription = $subscription;
$this->payload = $payload;
$this->options = $options;
$this->auth = $auth;
}
public function getAuth(array $defaultAuth): array
{
return count($this->auth) > 0 ? $this->auth : $defaultAuth;
}
public function getOptions(array $defaultOptions = []): array
{
$options = $this->options;
$options['TTL'] = array_key_exists('TTL', $options) ? $options['TTL'] : $defaultOptions['TTL'];
$options['urgency'] = array_key_exists('urgency', $options) ? $options['urgency'] : $defaultOptions['urgency'];
$options['topic'] = array_key_exists('topic', $options) ? $options['topic'] : $defaultOptions['topic'];
return $options;
}
public function getPayload(): ?string
{
return $this->payload;
}
public function getSubscription(): SubscriptionInterface
{
return $this->subscription;
}
}

152
administrator/components/com_akeebabackup/webpush/WebPush/Subscription.php Normal file
View File

@@ -0,0 +1,152 @@
<?php
/**
* Akeeba WebPush
*
* An abstraction layer for easier implementation of WebPush in Joomla components.
*
* @copyright (c) 2022 Akeeba Ltd
* @license GNU GPL v3 or later; see LICENSE.txt
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*/
declare(strict_types=1);
namespace Akeeba\WebPush\WebPush;
/**
* This class is a derivative work based on the WebPush library by Louis Lagrange. It has been modified to only use
* dependencies shipped with Joomla itself and must not be confused with the original work.
*
* You can find the original code at https://github.com/web-push-libs
*
* The original code came with the following copyright notice:
*
* =====================================================================================================================
*
* This file is part of the WebPush library.
*
* (c) Louis Lagrange <lagrange.louis@gmail.com>
*
* For the full copyright and license information, please view the LICENSE-LAGRANGE.txt
* file that was distributed with this source code.
*
* =====================================================================================================================
*/
class Subscription implements SubscriptionInterface
{
/** @var null|string */
private $authToken;
/** @var null|string */
private $contentEncoding;
/** @var string */
private $endpoint;
/** @var null|string */
private $publicKey;
/**
* @param string|null $contentEncoding (Optional) Must be "aesgcm"
*
* @throws \ErrorException
*/
public function __construct(
string $endpoint,
?string $publicKey = null,
?string $authToken = null,
?string $contentEncoding = null
)
{
$this->endpoint = $endpoint;
if ($publicKey || $authToken || $contentEncoding)
{
$supportedContentEncodings = ['aesgcm', 'aes128gcm'];
if ($contentEncoding && !in_array($contentEncoding, $supportedContentEncodings))
{
throw new \ErrorException('This content encoding (' . $contentEncoding . ') is not supported.');
}
$this->publicKey = $publicKey;
$this->authToken = $authToken;
$this->contentEncoding = $contentEncoding ?: "aesgcm";
}
}
/**
* @param array $associativeArray (with keys endpoint, publicKey, authToken, contentEncoding)
*
* @throws \ErrorException
*/
public static function create(array $associativeArray): self
{
if (array_key_exists('keys', $associativeArray) && is_array($associativeArray['keys']))
{
return new self(
$associativeArray['endpoint'],
$associativeArray['keys']['p256dh'] ?? null,
$associativeArray['keys']['auth'] ?? null,
$associativeArray['contentEncoding'] ?? "aesgcm"
);
}
if (array_key_exists('publicKey', $associativeArray) || array_key_exists('authToken', $associativeArray) || array_key_exists('contentEncoding', $associativeArray))
{
return new self(
$associativeArray['endpoint'],
$associativeArray['publicKey'] ?? null,
$associativeArray['authToken'] ?? null,
$associativeArray['contentEncoding'] ?? "aesgcm"
);
}
return new self(
$associativeArray['endpoint']
);
}
/**
* {@inheritDoc}
*/
public function getAuthToken(): ?string
{
return $this->authToken;
}
/**
* {@inheritDoc}
*/
public function getContentEncoding(): ?string
{
return $this->contentEncoding;
}
/**
* {@inheritDoc}
*/
public function getEndpoint(): string
{
return $this->endpoint;
}
/**
* {@inheritDoc}
*/
public function getPublicKey(): ?string
{
return $this->publicKey;
}
}

58
administrator/components/com_akeebabackup/webpush/WebPush/SubscriptionInterface.php Normal file
View File

@@ -0,0 +1,58 @@
<?php
/**
* Akeeba WebPush
*
* An abstraction layer for easier implementation of WebPush in Joomla components.
*
* @copyright (c) 2022 Akeeba Ltd
* @license GNU GPL v3 or later; see LICENSE.txt
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*/
declare(strict_types=1);
namespace Akeeba\WebPush\WebPush;
/**
* This class is a derivative work based on the WebPush library by Louis Lagrange. It has been modified to only use
* dependencies shipped with Joomla itself and must not be confused with the original work.
*
* You can find the original code at https://github.com/web-push-libs
*
* The original code came with the following copyright notice:
*
* =====================================================================================================================
*
* This file is part of the WebPush library.
*
* (c) Louis Lagrange <lagrange.louis@gmail.com>
*
* For the full copyright and license information, please view the LICENSE-LAGRANGE.txt
* file that was distributed with this source code.
*
* =====================================================================================================================
*
* @author Sergii Bondarenko <sb@firstvector.org>
*/
interface SubscriptionInterface
{
public function getAuthToken(): ?string;
public function getContentEncoding(): ?string;
public function getEndpoint(): string;
public function getPublicKey(): ?string;
}

83
administrator/components/com_akeebabackup/webpush/WebPush/Utils.php Normal file
View File

@@ -0,0 +1,83 @@
<?php
/**
* Akeeba WebPush
*
* An abstraction layer for easier implementation of WebPush in Joomla components.
*
* @copyright (c) 2022 Akeeba Ltd
* @license GNU GPL v3 or later; see LICENSE.txt
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*/
declare(strict_types=1);
namespace Akeeba\WebPush\WebPush;
use function mb_strlen;
use function mb_substr;
/**
* This class is a derivative work based on the WebPush library by Louis Lagrange. It has been modified to only use
* dependencies shipped with Joomla itself and must not be confused with the original work.
*
* You can find the original code at https://github.com/web-push-libs
*
* The original code came with the following copyright notice:
*
* =====================================================================================================================
*
* This file is part of the WebPush library.
*
* (c) Louis Lagrange <lagrange.louis@gmail.com>
*
* For the full copyright and license information, please view the LICENSE-LAGRANGE.txt
* file that was distributed with this source code.
*
* =====================================================================================================================
*/
class Utils
{
public static function safeStrlen(string $value): int
{
return mb_strlen($value, '8bit');
}
public static function serializePublicKeyFromData(array $data): string
{
$hexString = '04';
$hexString .= str_pad(bin2hex($data['x']), 64, '0', STR_PAD_LEFT);
$hexString .= str_pad(bin2hex($data['y']), 64, '0', STR_PAD_LEFT);
return $hexString;
}
public static function unserializePublicKey(string $data): array
{
$data = bin2hex($data);
if (mb_substr($data, 0, 2, '8bit') !== '04')
{
throw new \InvalidArgumentException('Invalid data: only uncompressed keys are supported.');
}
$data = mb_substr($data, 2, null, '8bit');
$dataLength = self::safeStrlen($data);
return [
hex2bin(mb_substr($data, 0, $dataLength / 2, '8bit')),
hex2bin(mb_substr($data, $dataLength / 2, null, '8bit')),
];
}
}

250
administrator/components/com_akeebabackup/webpush/WebPush/VAPID.php Normal file
View File

@@ -0,0 +1,250 @@
<?php
/**
* Akeeba WebPush
*
* An abstraction layer for easier implementation of WebPush in Joomla components.
*
* @copyright (c) 2022 Akeeba Ltd
* @license GNU GPL v3 or later; see LICENSE.txt
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*/
declare(strict_types=1);
namespace Akeeba\WebPush\WebPush;
use Base64Url\Base64Url;
use DateTimeImmutable;
use Lcobucci\JWT\Configuration;
use Lcobucci\JWT\Signer\Ecdsa\Sha256;
use Lcobucci\JWT\Signer\Key\InMemory;
/**
* This class is a derivative work based on the WebPush library by Louis Lagrange. It has been modified to only use
* dependencies shipped with Joomla itself and must not be confused with the original work.
*
* You can find the original code at https://github.com/web-push-libs
*
* The original code came with the following copyright notice:
*
* =====================================================================================================================
*
* This file is part of the WebPush library.
*
* (c) Louis Lagrange <lagrange.louis@gmail.com>
*
* For the full copyright and license information, please view the LICENSE-LAGRANGE.txt
* file that was distributed with this source code.
*
* =====================================================================================================================
*/
class VAPID
{
private const PUBLIC_KEY_LENGTH = 65;
private const PRIVATE_KEY_LENGTH = 32;
/**
* This method creates VAPID keys in case you would not be able to have a Linux bash.
* DO NOT create keys at each initialization! Save those keys and reuse them.
*
* @throws \ErrorException
*/
public static function createVapidKeys(): array
{
$keyData = self::createECKeyUsingOpenSSL();
$binaryPublicKey = hex2bin(Utils::serializePublicKeyFromData($keyData));
if (!$binaryPublicKey)
{
throw new \ErrorException('Failed to convert VAPID public key from hexadecimal to binary');
}
$binaryPrivateKey = hex2bin(str_pad(bin2hex($keyData['d']), 2 * self::PRIVATE_KEY_LENGTH, '0', STR_PAD_LEFT));
if (!$binaryPrivateKey)
{
throw new \ErrorException('Failed to convert VAPID private key from hexadecimal to binary');
}
return [
'publicKey' => Base64Url::encode($binaryPublicKey),
'privateKey' => Base64Url::encode($binaryPrivateKey),
];
}
/**
* This method takes the required VAPID parameters and returns the required
* header to be added to a Web Push Protocol Request.
*
* @param string $audience This must be the origin of the push service
* @param string $subject This should be a URL or a 'mailto:' email address
* @param string $publicKey The decoded VAPID public key
* @param string $signingKey The decoded VAPID private key
* @param null|int $expiration The expiration of the VAPID JWT. (UNIX timestamp)
*
* @return array Returns an array with the 'Authorization' and 'Crypto-Key' values to be used as headers
* @throws \ErrorException
*/
public static function getVapidHeaders(string $audience, string $subject, string $publicKey, string $signingKey, string $contentEncoding, ?int $expiration = null)
{
if (!class_exists(\Lcobucci\JWT\Signer\OpenSSL::class, false))
{
require_once __DIR__ . '/../Workarounds/OpenSSL.php';
}
// Get the full key data from the public and private key
$keyData = Utils::unserializePublicKey($publicKey);
$keyData[] = $signingKey;
$keyData = array_combine(['x', 'y', 'd'], $keyData);
$keyData = array_map([Base64Url::class, 'encode'], $keyData);
// Get an in-memory key (see https://github.com/lcobucci/jwt/blob/3.4.x/docs/configuration.md)
$privateKeyPem = Encryption::convertPrivateKeyToPEM($keyData);
$publicKeyPem = Encryption::convertPublicKeyToPEM($keyData);
$signingKey = InMemory::plainText($privateKeyPem);
$verificationKey = InMemory::plainText($publicKeyPem);
// Calculate expiration date and time
$expirationLimit = time() + 43200; // equal margin of error between 0 and 24h
if (null === $expiration || $expiration > $expirationLimit)
{
$expiration = $expirationLimit;
}
// Get current data and time
// Get the JWT
$configuration = Configuration::forAsymmetricSigner(new Sha256(), $signingKey, $verificationKey);
$token = $configuration->builder()
->setAudience($audience)
->expiresAt(new DateTimeImmutable('@' . $expiration))
->setSubject($subject)
->issuedAt(new DateTimeImmutable())
->getToken($configuration->signer(), $configuration->signingKey());
$jwt = $token->toString();
// Get the authorisation headers
$encodedPublicKey = Base64Url::encode($publicKey);
if ($contentEncoding === "aesgcm")
{
return [
'Authorization' => 'WebPush ' . $jwt,
'Crypto-Key' => 'p256ecdsa=' . $encodedPublicKey,
];
}
if ($contentEncoding === 'aes128gcm')
{
return [
'Authorization' => 'vapid t=' . $jwt . ', k=' . $encodedPublicKey,
];
}
throw new \ErrorException('This content encoding is not supported');
}
/**
* @throws \ErrorException
*/
public static function validate(array $vapid): array
{
if (!isset($vapid['subject']))
{
throw new \ErrorException('[VAPID] You must provide a subject that is either a mailto: or a URL.');
}
if (!isset($vapid['publicKey']))
{
throw new \ErrorException('[VAPID] You must provide a public key.');
}
$publicKey = Base64Url::decode($vapid['publicKey']);
if (Utils::safeStrlen($publicKey) !== self::PUBLIC_KEY_LENGTH)
{
throw new \ErrorException('[VAPID] Public key should be 65 bytes long when decoded.');
}
if (!isset($vapid['privateKey']))
{
throw new \ErrorException('[VAPID] You must provide a private key.');
}
$privateKey = Base64Url::decode($vapid['privateKey']);
if (Utils::safeStrlen($privateKey) !== self::PRIVATE_KEY_LENGTH)
{
throw new \ErrorException('[VAPID] Private key should be 32 bytes long when decoded.');
}
return [
'subject' => $vapid['subject'],
'publicKey' => $publicKey,
'privateKey' => $privateKey,
];
}
/**
* Create a new elliptic curve key using the P-256 curve and OpenSSL
*
* @throws \RuntimeException if the extension OpenSSL is not available
* @throws \RuntimeException if the key cannot be created
*/
private static function createECKeyUsingOpenSSL(): array
{
if (!extension_loaded('openssl'))
{
throw new \RuntimeException('Please install the OpenSSL extension');
}
$key = openssl_pkey_new([
'curve_name' => 'prime256v1',
'private_key_type' => OPENSSL_KEYTYPE_EC,
]);
if ($key === false)
{
throw new \RuntimeException('Unable to create the key');
}
$result = openssl_pkey_export($key, $out);
if ($result === false)
{
throw new \RuntimeException('Unable to create the key');
}
$res = openssl_pkey_get_private($out);
if ($res === false)
{
throw new \RuntimeException('Unable to create the key');
}
$details = openssl_pkey_get_details($res);
if ($details === false)
{
throw new \InvalidArgumentException('Unable to get the key details');
}
return [
'd' => $details['ec']['d'],
'x' => $details['ec']['x'],
'y' => $details['ec']['y'],
];
}
}

508
administrator/components/com_akeebabackup/webpush/WebPush/WebPush.php Normal file
View File

@@ -0,0 +1,508 @@
<?php
/**
* Akeeba WebPush
*
* An abstraction layer for easier implementation of WebPush in Joomla components.
*
* @copyright (c) 2022 Akeeba Ltd
* @license GNU GPL v3 or later; see LICENSE.txt
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*/
declare(strict_types=1);
namespace Akeeba\WebPush\WebPush;
use Base64Url\Base64Url;
use Joomla\CMS\Http\Http as HttpClient;
use Joomla\CMS\Http\HttpFactory;
use Joomla\CMS\Uri\Uri;
use Laminas\Diactoros\Request;
use Laminas\Diactoros\StreamFactory;
use function count;
/**
* This class is a derivative work based on the WebPush library by Louis Lagrange. It has been modified to only use
* dependencies shipped with Joomla itself and must not be confused with the original work.
*
* You can find the original code at https://github.com/web-push-libs
*
* The original code came with the following copyright notice:
*
* =====================================================================================================================
*
* This file is part of the WebPush library.
*
* (c) Louis Lagrange <lagrange.louis@gmail.com>
*
* For the full copyright and license information, please view the LICENSE-LAGRANGE.txt
* file that was distributed with this source code.
*
* =====================================================================================================================
*/
class WebPush
{
/**
* @var array
*/
protected $auth;
/**
* @var int Automatic padding of payloads, if disabled, trade security for bandwidth
*/
protected $automaticPadding = Encryption::MAX_COMPATIBILITY_PAYLOAD_LENGTH;
/**
* @var HttpClient
*/
protected $client;
/**
* @var array Default options : TTL, urgency, topic, batchSize
*/
protected $defaultOptions;
/**
* @var null|array Array of array of Notifications
*/
protected $notifications;
/**
* @var bool Reuse VAPID headers in the same flush session to improve performance
*/
protected $reuseVAPIDHeaders = false;
/**
* @var array Dictionary for VAPID headers cache
*/
protected $vapidHeaders = [];
/**
* WebPush constructor.
*
* @param array $auth Some servers needs authentication
* @param array $defaultOptions TTL, urgency, topic, batchSize
* @param int|null $timeout Timeout of POST request
*
* @throws \ErrorException
*/
public function __construct(array $auth = [], array $defaultOptions = [], ?int $timeout = 30, array $clientOptions = [])
{
$extensions = [
'curl' => '[WebPush] curl extension is not loaded but is required. You can fix this in your php.ini.',
'mbstring' => '[WebPush] mbstring extension is not loaded but is required for sending push notifications with payload or for VAPID authentication. You can fix this in your php.ini.',
'openssl' => '[WebPush] openssl extension is not loaded but is required for sending push notifications with payload or for VAPID authentication. You can fix this in your php.ini.',
];
$phpVersion = phpversion();
if ($phpVersion && version_compare($phpVersion, '7.3.0', '<'))
{
$extensions['gmp'] = '[WebPush] gmp extension is not loaded but is required for sending push notifications with payload or for VAPID authentication. You can fix this in your php.ini.';
}
foreach ($extensions as $extension => $message)
{
if (!extension_loaded($extension))
{
trigger_error($message, E_USER_WARNING);
}
}
if (ini_get('mbstring.func_overload') >= 2)
{
trigger_error("[WebPush] mbstring.func_overload is enabled for str* functions. You must disable it if you want to send push notifications with payload or use VAPID. You can fix this in your php.ini.", E_USER_NOTICE);
}
if (isset($auth['VAPID']))
{
$auth['VAPID'] = VAPID::validate($auth['VAPID']);
}
$this->auth = $auth;
$this->setDefaultOptions($defaultOptions);
if (!array_key_exists('timeout', $clientOptions) && isset($timeout))
{
$clientOptions['timeout'] = $timeout;
}
$this->client = HttpFactory::getHttp($clientOptions);
}
public function countPendingNotifications(): int
{
return null !== $this->notifications ? count($this->notifications) : 0;
}
/**
* Flush notifications. Triggers the requests.
*
* @param null|int $batchSize Defaults the value defined in defaultOptions during instantiation (which defaults
* to 1000).
*
* @return \Generator|MessageSentReport[]
* @throws \ErrorException
*/
public function flush(?int $batchSize = null): \Generator
{
if (empty($this->notifications))
{
yield from [];
return;
}
if (null === $batchSize)
{
$batchSize = $this->defaultOptions['batchSize'];
}
$batches = array_chunk($this->notifications, $batchSize);
// reset queue
$this->notifications = [];
foreach ($batches as $batch)
{
// for each endpoint server type
$requests = $this->prepare($batch);
foreach ($requests as $request)
{
try
{
// So, this SHOULD work, but it doesn't because of a Joomla Framework bug. HARD MODE ENGAGED.
//$response = $this->client->sendRequest($request);
$httpMethod = strtolower($request->getMethod());
$headers = array_map(
function ($values)
{
if (!is_array($values))
{
return $values;
}
return implode(' ', $values);
},
$request->getHeaders()
);
$timeout = $this->client->getOption('timeout', 10);
switch ($httpMethod)
{
case 'options':
case 'head':
case 'get':
case 'trace':
default:
$response = $this->client->{$httpMethod}(new Uri($request->getUri()), $headers, $timeout);
break;
case 'post':
case 'put':
case 'delete':
case 'patch':
$response = $this->client->{$httpMethod}(new Uri($request->getUri()), $request->getBody()->getContents(), $headers, $timeout);
break;
}
$success = $response->getStatusCode() >= 200 && $response->getStatusCode() < 400;
$reason = $success ? 'OK' : (strip_tags($response->body) ?: $response->getReasonPhrase());
yield new MessageSentReport($request, $response, $success, $reason);
}
catch (\Exception $e)
{
yield new MessageSentReport($request, $response, false, $e->getMessage());
}
}
}
if ($this->reuseVAPIDHeaders)
{
$this->vapidHeaders = [];
}
}
/**
* @return int
*/
public function getAutomaticPadding()
{
return $this->automaticPadding;
}
/**
* @param int|bool $automaticPadding Max padding length
*
* @throws \Exception
*/
public function setAutomaticPadding($automaticPadding): WebPush
{
if ($automaticPadding > Encryption::MAX_PAYLOAD_LENGTH)
{
throw new \Exception('Automatic padding is too large. Max is ' . Encryption::MAX_PAYLOAD_LENGTH . '. Recommended max is ' . Encryption::MAX_COMPATIBILITY_PAYLOAD_LENGTH . ' for compatibility reasons (see README).');
}
elseif ($automaticPadding < 0)
{
throw new \Exception('Padding length should be positive or zero.');
}
elseif ($automaticPadding === true)
{
$this->automaticPadding = Encryption::MAX_COMPATIBILITY_PAYLOAD_LENGTH;
}
elseif ($automaticPadding === false)
{
$this->automaticPadding = 0;
}
else
{
$this->automaticPadding = $automaticPadding;
}
return $this;
}
public function getDefaultOptions(): array
{
return $this->defaultOptions;
}
/**
* @param array $defaultOptions Keys 'TTL' (Time To Live, defaults 4 weeks), 'urgency', 'topic', 'batchSize'
*
* @return WebPush
*/
public function setDefaultOptions(array $defaultOptions)
{
$this->defaultOptions['TTL'] = $defaultOptions['TTL'] ?? 2419200;
$this->defaultOptions['urgency'] = $defaultOptions['urgency'] ?? null;
$this->defaultOptions['topic'] = $defaultOptions['topic'] ?? null;
$this->defaultOptions['batchSize'] = $defaultOptions['batchSize'] ?? 1000;
return $this;
}
/**
* @return bool
*/
public function getReuseVAPIDHeaders()
{
return $this->reuseVAPIDHeaders;
}
/**
* Reuse VAPID headers in the same flush session to improve performance
*
* @return WebPush
*/
public function setReuseVAPIDHeaders(bool $enabled)
{
$this->reuseVAPIDHeaders = $enabled;
return $this;
}
public function isAutomaticPadding(): bool
{
return $this->automaticPadding !== 0;
}
/**
* Queue a notification. Will be sent when flush() is called.
*
* @param string|null $payload If you want to send an array or object, json_encode it
* @param array $options Array with several options tied to this notification. If not set, will use the
* default options that you can set in the WebPush object
* @param array $auth Use this auth details instead of what you provided when creating WebPush
*
* @throws \ErrorException
*/
public function queueNotification(SubscriptionInterface $subscription, ?string $payload = null, array $options = [], array $auth = []): void
{
if (isset($payload))
{
if (Utils::safeStrlen($payload) > Encryption::MAX_PAYLOAD_LENGTH)
{
throw new \ErrorException('Size of payload must not be greater than ' . Encryption::MAX_PAYLOAD_LENGTH . ' octets.');
}
$contentEncoding = $subscription->getContentEncoding();
if (!$contentEncoding)
{
throw new \ErrorException('Subscription should have a content encoding');
}
$payload = Encryption::padPayload($payload, $this->automaticPadding, $contentEncoding);
}
if (array_key_exists('VAPID', $auth))
{
$auth['VAPID'] = VAPID::validate($auth['VAPID']);
}
$this->notifications[] = new Notification($subscription, $payload, $options, $auth);
}
/**
* @param string|null $payload If you want to send an array or object, json_encode it
* @param array $options Array with several options tied to this notification. If not set, will use the
* default options that you can set in the WebPush object
* @param array $auth Use this auth details instead of what you provided when creating WebPush
*
* @throws \ErrorException
*/
public function sendOneNotification(SubscriptionInterface $subscription, ?string $payload = null, array $options = [], array $auth = []): MessageSentReport
{
$this->queueNotification($subscription, $payload, $options, $auth);
return $this->flush()->current();
}
/**
* @return array
* @throws \ErrorException
*/
protected function getVAPIDHeaders(string $audience, string $contentEncoding, array $vapid)
{
$vapidHeaders = null;
$cache_key = null;
if ($this->reuseVAPIDHeaders)
{
$cache_key = implode('#', [$audience, $contentEncoding, crc32(serialize($vapid))]);
if (array_key_exists($cache_key, $this->vapidHeaders))
{
$vapidHeaders = $this->vapidHeaders[$cache_key];
}
}
if (!$vapidHeaders)
{
$vapidHeaders = VAPID::getVapidHeaders($audience, $vapid['subject'], $vapid['publicKey'], $vapid['privateKey'], $contentEncoding);
}
if ($this->reuseVAPIDHeaders)
{
$this->vapidHeaders[$cache_key] = $vapidHeaders;
}
return $vapidHeaders;
}
/**
* @return Request[]
* @throws \ErrorException
*
*/
protected function prepare(array $notifications): array
{
$requests = [];
foreach ($notifications as $notification)
{
\assert($notification instanceof Notification);
$subscription = $notification->getSubscription();
$endpoint = $subscription->getEndpoint();
$userPublicKey = $subscription->getPublicKey();
$userAuthToken = $subscription->getAuthToken();
$contentEncoding = $subscription->getContentEncoding();
$payload = $notification->getPayload();
$options = $notification->getOptions($this->getDefaultOptions());
$auth = $notification->getAuth($this->auth);
if (!empty($payload) && !empty($userPublicKey) && !empty($userAuthToken))
{
if (!$contentEncoding)
{
throw new \ErrorException('Subscription should have a content encoding');
}
$encrypted = Encryption::encrypt($payload, $userPublicKey, $userAuthToken, $contentEncoding);
$cipherText = $encrypted['cipherText'];
$salt = $encrypted['salt'];
$localPublicKey = $encrypted['localPublicKey'];
$headers = [
'Content-Type' => 'application/octet-stream',
'Content-Encoding' => $contentEncoding,
];
if ($contentEncoding === "aesgcm")
{
$headers['Encryption'] = 'salt=' . Base64Url::encode($salt);
$headers['Crypto-Key'] = 'dh=' . Base64Url::encode($localPublicKey);
}
$encryptionContentCodingHeader = Encryption::getContentCodingHeader($salt, $localPublicKey, $contentEncoding);
$content = $encryptionContentCodingHeader . $cipherText;
$headers['Content-Length'] = (string) Utils::safeStrlen($content);
}
else
{
$headers = [
'Content-Length' => '0',
];
$content = '';
}
$headers['TTL'] = $options['TTL'];
if (isset($options['urgency']))
{
$headers['Urgency'] = $options['urgency'];
}
if (isset($options['topic']))
{
$headers['Topic'] = $options['topic'];
}
if (array_key_exists('VAPID', $auth) && $contentEncoding)
{
$audience = parse_url($endpoint, PHP_URL_SCHEME) . '://' . parse_url($endpoint, PHP_URL_HOST);
if (!parse_url($audience))
{
throw new \ErrorException('Audience "' . $audience . '"" could not be generated.');
}
$vapidHeaders = $this->getVAPIDHeaders($audience, $contentEncoding, $auth['VAPID']);
$headers['Authorization'] = $vapidHeaders['Authorization'];
if ($contentEncoding === 'aesgcm')
{
if (array_key_exists('Crypto-Key', $headers))
{
$headers['Crypto-Key'] .= ';' . $vapidHeaders['Crypto-Key'];
}
else
{
$headers['Crypto-Key'] = $vapidHeaders['Crypto-Key'];
}
}
}
$streamFactory = new StreamFactory();
$requests[] = new Request($endpoint, 'POST', $streamFactory->createStream($content), $headers);
}
return $requests;
}
}

117
administrator/components/com_akeebabackup/webpush/WebPushControllerTrait.php Normal file
View File

@@ -0,0 +1,117 @@
<?php
/**
* Akeeba WebPush
*
* An abstraction layer for easier implementation of WebPush in Joomla components.
*
* @copyright (c) 2022 Akeeba Ltd
* @license GNU GPL v3 or later; see LICENSE.txt
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*/
namespace Akeeba\WebPush;
use Joomla\CMS\Language\Text;
/**
* Trait for controllers implementing the Web Push user registration flow
*
* @since 1.0.0
*/
trait WebPushControllerTrait
{
/**
* Record the Web Push user subscription object to the database.
*
* @return void
* @since 1.0.0
*/
public function webpushsubscribe(): void
{
$ret = [
'success' => true,
'error' => null,
];
try
{
if (!$this->checkToken('post', false))
{
throw new \RuntimeException(Text::_('JINVALID_TOKEN_NOTICE'));
}
$json = $this->input->post->getRaw('subscription', '{}');
$model = $this->getModel();
$model->webPushSaveSubscription($json);
if (method_exists($this, 'onAfterWebPushSaveSubscription'))
{
$this->onAfterWebPushSaveSubscription(json_decode($json));
}
}
catch (\Throwable $e)
{
$ret['success'] = false;
$ret['error'] = $e->getMessage();
}
@ob_end_clean();
header('Content-Type: application/json');
echo json_encode($ret);
$this->app->close();
}
/**
* Remove the Web Push user subscription object from the database.
*
* @return void
* @since 1.0.0
*/
public function webpushunsubscribe(): void
{
$ret = [
'success' => true,
'error' => null,
];
try
{
if (!$this->checkToken('post', false))
{
throw new \RuntimeException(Text::_('JINVALID_TOKEN_NOTICE'));
}
$json = $this->input->post->getRaw('subscription', '{}');
$model = $this->getModel();
$model->webPushRemoveSubscription($json);
}
catch (\Throwable $e)
{
$ret['success'] = false;
$ret['error'] = $e->getMessage();
}
@ob_end_clean();
header('Content-Type: application/json');
echo json_encode($ret);
$this->app->close();
}
}

559
administrator/components/com_akeebabackup/webpush/WebPushModelTrait.php Normal file
View File

@@ -0,0 +1,559 @@
<?php
/**
* Akeeba WebPush
*
* An abstraction layer for easier implementation of WebPush in Joomla components.
*
* @copyright (c) 2022 Akeeba Ltd
* @license GNU GPL v3 or later; see LICENSE.txt
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*/
namespace Akeeba\WebPush;
use Akeeba\WebPush\WebPush\MessageSentReport;
use Akeeba\WebPush\WebPush\Subscription;
use Akeeba\WebPush\WebPush\VAPID;
use Exception;
use Joomla\Application\ApplicationInterface;
use Joomla\CMS\Cache\CacheControllerFactoryInterface;
use Joomla\CMS\Cache\Controller\CallbackController;
use Joomla\CMS\Component\ComponentHelper;
use Joomla\CMS\Factory;
use Joomla\CMS\Uri\Uri;
use Joomla\Database\DatabaseInterface;
use Joomla\Database\ParameterType;
use RuntimeException;
use Throwable;
/**
* Trait for models implementing Web Push
*
* @since 1.0.0
*/
trait WebPushModelTrait
{
/**
* Internal cache of VAPID keys per component
*
* @since 1.0.0
* @var array
*/
private static $vapidKeys = [];
/**
* The component parameters key holding the VAPID keys configuration
*
* @since 1.0.0
* @var string
*/
private $webPushConfigKey;
/**
* The current component, e.g. com_example
*
* @since 1.0.0
* @var string
*/
private $webPushOption;
/**
* Return the VAPID keys for this component
*
* @return array{publicKey: string, privateKey: string}
* @since 1.0.0
*/
public function getVapidKeys(): ?array
{
if (is_array(self::$vapidKeys[$this->webPushOption] ?? null))
{
return self::$vapidKeys[$this->webPushOption];
}
$json = ComponentHelper::getParams($this->webPushOption)->get($this->webPushConfigKey);
if (!empty($json))
{
try
{
self::$vapidKeys[$this->webPushOption] = @json_decode($json, true);
}
catch (Exception $e)
{
self::$vapidKeys[$this->webPushOption] = null;
}
}
if (
is_array(self::$vapidKeys[$this->webPushOption])
&& isset(self::$vapidKeys[$this->webPushOption]['publicKey'])
&& isset(self::$vapidKeys[$this->webPushOption]['privateKey']))
{
return self::$vapidKeys[$this->webPushOption];
}
try
{
self::$vapidKeys[$this->webPushOption] = $this->getNewVapidKeys();
}
catch (\ErrorException $e)
{
return null;
}
return self::$vapidKeys[$this->webPushOption];
}
/**
* Returns the user's Web Push subscription object, or NULL if it's not defined or invalid.
*
* @param int|null $user_id The user ID to get the subscription for. NULL for current user.
*
* @return object[]|null The Web Push subscription object. NULL if not defined or invalid.
* @throws Exception
* @since 1.0.0
*/
public function getWebPushSubscriptions(?int $user_id = null): ?array
{
if (empty($user_id))
{
$app = Factory::getApplication();
$user_id = $app->getIdentity()->id;
}
$key = $this->webPushOption . '.webPushSubscription';
/** @var DatabaseInterface $db */
$db = method_exists($this, 'getDatabase') ? $this->getDatabase() : $this->getDbo();
$query = $db->getQuery(true)
->select($db->quoteName('profile_value'))
->from($db->quoteName('#__user_profiles'))
->where([
$db->quoteName('user_id') . ' = :user_id',
$db->quoteName('profile_key') . ' = :key',
])
->bind(':user_id', $user_id, ParameterType::INTEGER)
->bind(':key', $key, ParameterType::STRING);
$json = $db->setQuery($query)->loadResult() ?: null;
if (empty($json))
{
return null;
}
try
{
$array = @json_decode($json) ?: null;
if (!is_array($array))
{
return null;
}
return $array;
}
catch (Exception $e)
{
return null;
}
}
/**
* Send a notification to all the user's subscribed browsers.
*
* @param string $title Notification title
* @param array $options Notification options
* @param int|null $user_id Optional. The user_id of the subscribed user. NULL for current user.
* @param object|null $subscription Optional. A specific subscription to send the notifications to.
*
* @return array
*
* @throws \ErrorException
* @since 1.0.0
*/
public function sendNotification(string $title, array $options, ?int $user_id = null, ?object $subscription = null): array
{
// Get the user's subscriptions (or use a forced subscription)
$subscriptions = is_object($subscription) ? [$subscription] : $this->getWebPushSubscriptions($user_id);
if (empty($subscriptions))
{
return [];
}
// Convert the raw subscription data to Subscription objects
$subscriptions = array_map(
function ($subData) {
try
{
return new Subscription(
$subData->endpoint,
$subData->keys->p256dh,
$subData->keys->auth
);
}
catch (\ErrorException $e)
{
return null;
}
}, $subscriptions
);
$subscriptions = array_filter(
$subscriptions,
function ($x) {
return $x !== null;
}
);
// Get the WebPush object
$vapidKeys = $this->getVapidKeys();
$auth = ($vapidKeys === null) ? [] : [
'VAPID' => [
'subject' => Uri::root(),
'publicKey' => $vapidKeys['publicKey'],
'privateKey' => $vapidKeys['privateKey'],
],
];
$webPush = new WebPush\WebPush($auth);
// Get the payload as JSON
$payload = json_encode([
'title' => $title,
'options' => $options,
]);
// Send all notifications
$reports = [];
foreach ($subscriptions as $subscription)
{
$reports[] = $webPush->sendOneNotification($subscription, $payload);
}
return $reports;
}
/**
* Save the Web Push user subscription record sent from the browser
*
* @param string $json The JSON serialised Web Push registration sent by the browser
*
* @return void
* @throws Exception
* @since 1.0.0
*/
public function webPushSaveSubscription(string $json): void
{
// Try to decode the JSON we retrieved from the browser
try
{
$subscriptionData = @json_decode($json);
}
catch (Exception $e)
{
$subscriptionData = null;
}
// Validate the format of the data we received from the browser
if (
!is_object($subscriptionData)
|| !isset($subscriptionData->endpoint)
|| !isset($subscriptionData->keys)
|| !is_object($subscriptionData->keys)
|| !isset($subscriptionData->keys->p256dh)
|| !is_string($subscriptionData->keys->p256dh)
|| empty($subscriptionData->keys->p256dh)
|| !isset($subscriptionData->keys->auth)
|| !is_string($subscriptionData->keys->auth)
|| empty($subscriptionData->keys->auth)
)
{
throw new RuntimeException('Invalid Web Push user subscription record');
}
// Get the user options key and the user ID
$user = Factory::getApplication()->getIdentity();
$user_id = $user->id;
$key = $this->webPushOption . '.webPushSubscription';
// Get any existing subscriptions, append the new one
$subscriptions = $this->getWebPushSubscriptions() ?: [];
$subscriptions[] = $subscriptionData ?: [];
// Remove any existing options
/** @var DatabaseInterface $db */
$db = method_exists($this, 'getDatabase') ? $this->getDatabase() : $this->getDbo();
$query = $db->getQuery(true)
->delete($db->quoteName('#__user_profiles'))
->where([
$db->quoteName('user_id') . ' = :user_id',
$db->quoteName('profile_key') . ' = :key',
])
->bind(':user_id', $user_id, ParameterType::INTEGER)
->bind(':key', $key, ParameterType::STRING);
$db->setQuery($query)->execute();
// Add the new options
$profileObject = (object) [
'user_id' => $user_id,
'profile_key' => $key,
'profile_value' => json_encode($subscriptions),
'ordering' => 0,
];
$db->insertObject('#__user_profiles', $profileObject);
}
/**
* Remove the Web Push user subscription record sent from the browser
*
* @param string $json The JSON serialised Web Push registration sent by the browser
*
* @return void
* @throws Exception
* @since 1.0.0
*/
public function webPushRemoveSubscription(string $json): void
{
// Try to decode the JSON we retrieved from the browser
try
{
$subscriptionData = @json_decode($json);
}
catch (Exception $e)
{
$subscriptionData = null;
}
if ($subscriptionData === null)
{
return;
}
// Validate the format of the data we received from the browser
if (
!is_object($subscriptionData)
|| !isset($subscriptionData->endpoint)
|| !isset($subscriptionData->keys)
|| !is_object($subscriptionData->keys)
|| !isset($subscriptionData->keys->p256dh)
|| !is_string($subscriptionData->keys->p256dh)
|| empty($subscriptionData->keys->p256dh)
|| !isset($subscriptionData->keys->auth)
|| !is_string($subscriptionData->keys->auth)
|| empty($subscriptionData->keys->auth)
)
{
throw new RuntimeException('Invalid Web Push user subscription record');
}
// Get the user options key and the user ID
$user = Factory::getApplication()->getIdentity();
$user_id = $user->id;
$key = $this->webPushOption . '.webPushSubscription';
// Get any existing subscriptions, remove the specified one
$subscriptions = $this->getWebPushSubscriptions() ?: [];
$index = null;
foreach ($subscriptions as $k => $v)
{
if (
$v->endpoint === $subscriptionData->endpoint
&& $v->keys->p256dh === $subscriptionData->keys->p256dh
&& $v->keys->auth === $subscriptionData->keys->auth
)
{
$index = $k;
break;
}
}
if ($index === null)
{
return;
}
unset($subscriptions[$k]);
$subscriptions = array_values($subscriptions);
// Remove any existing options
/** @var DatabaseInterface $db */
$db = method_exists($this, 'getDatabase') ? $this->getDatabase() : $this->getDbo();
$query = $db->getQuery(true)
->delete($db->quoteName('#__user_profiles'))
->where([
$db->quoteName('user_id') . ' = :user_id',
$db->quoteName('profile_key') . ' = :key',
])
->bind(':user_id', $user_id, ParameterType::INTEGER)
->bind(':key', $key, ParameterType::STRING);
$db->setQuery($query)->execute();
// Add the new options
$profileObject = (object) [
'user_id' => $user_id,
'profile_key' => $key,
'profile_value' => json_encode($subscriptions),
'ordering' => 0,
];
$db->insertObject('#__user_profiles', $profileObject);
}
/**
* Initialise the Web Push integration
*
* @param string $option The current component, e.g. com_example
* @param string $configKey The component's configuration key holding the VAPID keys
*
* @return void
* @since 1.0.0
*/
protected function initialiseWebPush(string $option, string $configKey = 'vapidKey'): void
{
$this->webPushOption = $option;
$this->webPushConfigKey = $configKey;
}
/**
* Clear a cache group.
*
* Used internally when saving the component's options after creating new VAPID keys.
*
* @param string $group The cache to clean, e.g. com_content
* @param int $client_id The application ID for which the cache will be cleaned
* @param ApplicationInterface $app The current CMS application.
*
* @return array Cache controller options, including cleaning result
* @throws Exception
* @since 1.0.0
*/
private function clearCacheGroup(string $group, int $client_id, ApplicationInterface $app): array
{
// Get the default cache folder. Start by using the JPATH_CACHE constant.
$cacheBaseDefault = JPATH_CACHE;
$appClientId = 0;
if (method_exists($app, 'getClientId'))
{
$appClientId = $app->getClientId();
}
// -- If we are asked to clean cache on the other side of the application we need to find a new cache base
if ($client_id != $appClientId)
{
$cacheBaseDefault = (($client_id) ? JPATH_SITE : JPATH_ADMINISTRATOR) . '/cache';
}
// Get the cache controller's options
$options = [
'defaultgroup' => $group,
'cachebase' => $app->get('cache_path', $cacheBaseDefault),
'result' => true,
];
try
{
$container = Factory::getContainer();
if (empty($container))
{
throw new RuntimeException('Cannot get Joomla 4 application container');
}
/** @var CacheControllerFactoryInterface $cacheControllerFactory */
$cacheControllerFactory = $container->get('cache.controller.factory');
if (empty($cacheControllerFactory))
{
throw new RuntimeException('Cannot get Joomla 4 cache controller factory');
}
/** @var CallbackController $cache */
$cache = $cacheControllerFactory->createCacheController('callback', $options);
if (empty($cache) || !property_exists($cache, 'cache') || !method_exists($cache->cache, 'clean'))
{
throw new RuntimeException('Cannot get Joomla 4 cache controller');
}
$cache->cache->clean();
}
catch (Throwable $e)
{
$options['result'] = false;
}
return $options;
}
/**
* Create, save and return new VAPID keys.
*
* DO NOT RUN MORE THAN ONCE. Doing so will invalidate all Web Push registrations for existing users!
*
* @return array{publicKey: string, privateKey: string}
* @throws \ErrorException
* @since 1.0.0
*/
private function getNewVapidKeys(): array
{
$vapidKeys = VAPID::createVapidKeys();
$params = ComponentHelper::getParams($this->webPushOption);
$params->set($this->webPushConfigKey, json_encode($vapidKeys));
/** @var DatabaseInterface $db */
$db = method_exists($this, 'getDatabase') ? $this->getDatabase() : $this->getDbo();
$data = $params->toString('JSON');
$sql = $db->getQuery(true)
->update($db->qn('#__extensions'))
->set($db->qn('params') . ' = ' . $db->q($data))
->where($db->qn('element') . ' = :option')
->where($db->qn('type') . ' = ' . $db->q('component'))
->bind(':option', $this->webPushOption);
$db->setQuery($sql);
try
{
$db->execute();
// The component parameters are cached. We just changed them. Therefore we MUST reset the system cache which holds them.
$app = Factory::getApplication();
$this->clearCacheGroup('_system', 0, $app);
$this->clearCacheGroup('_system', 1, $app);
}
catch (Exception $e)
{
// Don't sweat if it fails
}
// Reset ComponentHelper's cache
$refClass = new \ReflectionClass(ComponentHelper::class);
$refProp = $refClass->getProperty('components');
$refProp->setAccessible(true);
$components = $refProp->getValue();
$components[$this->webPushOption]->params = $params;
$refProp->setValue($components);
return $vapidKeys;
}
}

116
administrator/components/com_akeebabackup/webpush/Workarounds/OpenSSL.php Normal file
View File

@@ -0,0 +1,116 @@
<?php
/**
* @package akeebabackup
* @copyright Copyright (c)2006-2022 Nicholas K. Dionysopoulos / Akeeba Ltd
* @license GNU General Public License version 3, or later
*/
/** @noinspection PhpIllegalPsrClassPathInspection */
namespace Lcobucci\JWT\Signer;
use InvalidArgumentException;
use function is_resource;
use function openssl_error_string;
use function openssl_free_key;
use function openssl_pkey_get_details;
use function openssl_pkey_get_private;
use function openssl_pkey_get_public;
use function openssl_sign;
use function openssl_verify;
abstract class OpenSSL extends BaseSigner
{
public function createHash($payload, Key $key)
{
$privateKey = $this->getPrivateKey($key->getContent(), $key->getPassphrase());
try {
$signature = '';
if (! openssl_sign($payload, $signature, $privateKey, $this->getAlgorithm())) {
throw CannotSignPayload::errorHappened(openssl_error_string());
}
return $signature;
} finally {
@openssl_free_key($privateKey);
}
}
/**
* @param string $pem
* @param string $passphrase
*
* @return resource
*/
private function getPrivateKey($pem, $passphrase)
{
$privateKey = openssl_pkey_get_private($pem, $passphrase);
$this->validateKey($privateKey);
return $privateKey;
}
/**
* @param $expected
* @param $payload
* @param $key
* @return bool
*/
public function doVerify($expected, $payload, Key $key)
{
$publicKey = $this->getPublicKey($key->getContent());
$result = openssl_verify($payload, $expected, $publicKey, $this->getAlgorithm());
openssl_free_key($publicKey);
return $result === 1;
}
/**
* @param string $pem
*
* @return resource
*/
private function getPublicKey($pem)
{
$publicKey = openssl_pkey_get_public($pem);
$this->validateKey($publicKey);
return $publicKey;
}
/**
* Raises an exception when the key type is not the expected type
*
* @param resource|bool $key
*
* @throws InvalidArgumentException
*/
private function validateKey($key)
{
if (! is_resource($key) && !is_object($key)) {
throw InvalidKeyProvided::cannotBeParsed(openssl_error_string());
}
$details = openssl_pkey_get_details($key);
if (! isset($details['key']) || $details['type'] !== $this->getKeyType()) {
throw InvalidKeyProvided::incompatibleKey();
}
}
/**
* Returns the type of key to be used to create/verify the signature (using OpenSSL constants)
*
* @internal
*/
abstract public function getKeyType();
/**
* Returns which algorithm to be used to create/verify the signature (using OpenSSL constants)
*
* @internal
*/
abstract public function getAlgorithm();
}