You are viewing a plain text version of this content. The canonical link for it is here.
Posted to server-dev@james.apache.org by "Benoit Tellier (Jira)" <se...@james.apache.org> on 2024/02/13 14:00:00 UTC

[jira] [Comment Edited] (JAMES-3990) Implement Vapid Key for JMAP

    [ https://issues.apache.org/jira/browse/JAMES-3990?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17817011#comment-17817011 ] 

Benoit Tellier edited comment on JAMES-3990 at 2/13/24 1:59 PM:
----------------------------------------------------------------

Added to Linagora backlog: https://github.com/linagora/james-project/issues/5059


h3. How

 - Have a configuration parameter to enable vapid authentication within `jmap.properties`.
 - Reuse existing jmap draft token signing cryptographic asymetric keys to sign Vapid tokens.
 - Modify the webpush client in order to add vapid authentication
 

{code:java}
    Authorization: vapid
      t=eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiJ9.eyJhdWQiOiJodHRwczovL3
        B1c2guZXhhbXBsZS5uZXQiLCJleHAiOjE0NTM1MjM3NjgsInN1YiI6Im1ha
        Wx0bzpwdXNoQGV4YW1wbGUuY29tIn0.i3CYb7t4xfxCDquptFOepC9GAu_H
        LGkMlMuCGSK2rpiUfnK9ojFwDXb1JrErtmysazNjjvW2L9OkSSHzvoD1oA,
      k=BA1Hxzyi1RUM1b5wjxsn7nGxAszw2u61m164i3MrAIxHF6YK5h4SDYic-dR
        uU_RCPCfA5aq9ojSwk5Y2EmClBPs
   { encrypted push message }
   
      JWT header = { "typ": "JWT", "alg": "ES256" }
   JWT body = { "aud": "https://push.example.net",
                "exp": 1453523768,
                "sub": "mailto:push@example.com" }
   JWK = { "crv":"P-256",
           "kty":"EC",
           "x":"DUfHPKLVFQzVvnCPGyfucbECzPDa7rWbXriLcysAjEc",
           "y":"F6YK5h4SDYic-dRuU_RCPCfA5aq9ojSwk5Y2EmClBPs" }

{code}

 
 CF https://datatracker.ietf.org/doc/html/rfc8292

 - Finally the public key shall be advertized through the JMAP session.

This would be how Vapid key configuration looks like: `jmap.properties`

{code:java}
webpush.vapid.auth.enabled = true
webpush.vapid.private.key=conf://vapid.private.key
webpush.vapid.private.key=conf://vapid.public.key
{code}

h3. Definition of done

- Integration tests with Vapid enabled
- Proof of concept of firebase usage with a pet webpush application and Vapid keys


was (Author: btellier):
Added to Linagora backlog:


h3. How

 - Have a configuration parameter to enable vapid authentication within `jmap.properties`.
 - Reuse existing jmap draft token signing cryptographic asymetric keys to sign Vapid tokens.
 - Modify the webpush client in order to add vapid authentication
 

{code:java}
    Authorization: vapid
      t=eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiJ9.eyJhdWQiOiJodHRwczovL3
        B1c2guZXhhbXBsZS5uZXQiLCJleHAiOjE0NTM1MjM3NjgsInN1YiI6Im1ha
        Wx0bzpwdXNoQGV4YW1wbGUuY29tIn0.i3CYb7t4xfxCDquptFOepC9GAu_H
        LGkMlMuCGSK2rpiUfnK9ojFwDXb1JrErtmysazNjjvW2L9OkSSHzvoD1oA,
      k=BA1Hxzyi1RUM1b5wjxsn7nGxAszw2u61m164i3MrAIxHF6YK5h4SDYic-dR
        uU_RCPCfA5aq9ojSwk5Y2EmClBPs
   { encrypted push message }
   
      JWT header = { "typ": "JWT", "alg": "ES256" }
   JWT body = { "aud": "https://push.example.net",
                "exp": 1453523768,
                "sub": "mailto:push@example.com" }
   JWK = { "crv":"P-256",
           "kty":"EC",
           "x":"DUfHPKLVFQzVvnCPGyfucbECzPDa7rWbXriLcysAjEc",
           "y":"F6YK5h4SDYic-dRuU_RCPCfA5aq9ojSwk5Y2EmClBPs" }

{code}

 
 CF https://datatracker.ietf.org/doc/html/rfc8292

 - Finally the public key shall be advertized through the JMAP session.

This would be how Vapid key configuration looks like: `jmap.properties`

{code:java}
webpush.vapid.auth.enabled = true
webpush.vapid.private.key=conf://vapid.private.key
webpush.vapid.private.key=conf://vapid.public.key
{code}

h3. Definition of done

- Integration tests with Vapid enabled
- Proof of concept of firebase usage with a pet webpush application and Vapid keys

> Implement Vapid Key for JMAP
> ----------------------------
>
>                 Key: JAMES-3990
>                 URL: https://issues.apache.org/jira/browse/JAMES-3990
>             Project: James Server
>          Issue Type: New Feature
>          Components: JMAP
>            Reporter: Benoit Tellier
>            Assignee: Antoine Duprat
>            Priority: Major
>
> https://datatracker.ietf.org/doc/draft-ietf-jmap-webpush-vapid/
> {code:java}
>    JMAP [RFC8620] specifies how clients can subscribe to events using a
>    protocol that is compatible to WebPush [RFC8030].  Some push services
>    require that the application server authenticates all push messages
>    using the Voluntary Application Server Identification protocol
>    [RFC8292].  To faciliate that the client (or user agent in WebPush
>    terminology) needs the VAPID public key of the application server to
>    pass it along to the push service when retrieving a new endpoint.
> {code}
> Implementing this as a standard would allow frontend applications (like the one edited by Linagora: Twake mail) to directly use systems like firebase cloud messaging, which was the motivation of Daniel Glusch.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscribe@james.apache.org
For additional commands, e-mail: server-dev-help@james.apache.org