From 2f3416338d45cd48d0a9bad9e875b27df3810ef0 Mon Sep 17 00:00:00 2001 From: Kagami Sascha Rosylight Date: Mon, 15 Jan 2024 21:16:46 +0000 Subject: [PATCH] Bug 1869558 - Part 1: Add validation step for subscribeWithKey r=jonalmeida,geckoview-reviewers Ideally this validation steps should be shared in PushManager::Subscribe, but that's out of scope for this bug. For now this just copypastes the step from `dom/push/PushService.sys.mjs`. Differential Revision: https://phabricator.services.mozilla.com/D196586 --- .../components/geckoview/GeckoViewPush.sys.mjs | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/mobile/android/components/geckoview/GeckoViewPush.sys.mjs b/mobile/android/components/geckoview/GeckoViewPush.sys.mjs index 2a8d809d5882..8ae0f8155d20 100644 --- a/mobile/android/components/geckoview/GeckoViewPush.sys.mjs +++ b/mobile/android/components/geckoview/GeckoViewPush.sys.mjs @@ -10,6 +10,7 @@ const lazy = {}; ChromeUtils.defineESModuleGetters(lazy, { EventDispatcher: "resource://gre/modules/Messaging.sys.mjs", + PushCrypto: "resource://gre/modules/PushCrypto.sys.mjs", }); // Observer notification topics for push messages and subscription status @@ -67,13 +68,22 @@ export class PushService { } async subscribeWithKey(scope, principal, appServerKey, callback) { + const keyView = new Uint8Array(appServerKey); + + try { + await lazy.PushCrypto.validateAppServerKey(keyView); + } catch (error) { + callback.onPushSubscription(Cr.NS_ERROR_DOM_PUSH_INVALID_KEY_ERR, null); + return; + } + try { const response = await lazy.EventDispatcher.instance.sendRequestForResult( { type: "GeckoView:PushSubscribe", scope: scopeWithAttrs(scope, principal.originAttributes), appServerKey: appServerKey - ? ChromeUtils.base64URLEncode(new Uint8Array(appServerKey), { + ? ChromeUtils.base64URLEncode(keyView, { pad: true, }) : null,