Fix VAPID signature

Author: p1gp1g

src/Simplex/Messaging/Crypto.hs

@@ -95,6 +95,7 @@ module Simplex.Messaging.Crypto
     encodePrivKey,
     decodePrivKey,
     pubKeyBytes,
+    encodeBigInt,
     uncompressEncodePoint,
     uncompressDecodePoint,
     uncompressDecodePrivateNumber,

src/Simplex/Messaging/Notifications/Server/Push.hs

@@ -89,6 +89,17 @@ signedJWTToken pk (JWTToken hdr claims) = do
     jwtEncode = U.encodeUnpadded . LB.toStrict . J.encode
     serialize sig = U.encodeUnpadded $ encodeASN1' DER [Start Sequence, IntVal (EC.sign_r sig), IntVal (EC.sign_s sig), End Sequence]
 
+-- | Does it work with APNS ?
+signedJWTTokenRawSign :: EC.PrivateKey -> JWTToken -> IO SignedJWTToken
+signedJWTTokenRawSign pk (JWTToken hdr claims) = do
+  let hc = jwtEncode hdr <> "." <> jwtEncode claims
+  sig <- EC.sign pk SHA256 hc
+  pure $ hc <> "." <> serialize sig
+  where
+    jwtEncode :: ToJSON a => a -> ByteString
+    jwtEncode = U.encodeUnpadded . LB.toStrict . J.encode
+    serialize sig = U.encodeUnpadded $ LB.toStrict $ C.encodeBigInt (EC.sign_r sig) <> C.encodeBigInt (EC.sign_s sig)
+
 readECPrivateKey :: FilePath -> IO EC.PrivateKey
 readECPrivateKey f = do
   -- this pattern match is specific to APNS key type, it may need to be extended for other push providers

src/Simplex/Messaging/Notifications/Server/Push/WebPush.hs

@@ -107,11 +107,11 @@ mkVapidHeader VapidKey {key, fp} uriAuthority expire = do
         { iss = Nothing,
           iat = Nothing,
           exp = Just expire,
-          aud = Just $ T.decodeUtf8 uriAuthority,
+          aud = Just . T.decodeUtf8 $ "https://" <> uriAuthority,
           sub = Just "https://github.com/simplex-chat/simplexmq/"
         }
       jwt = JWTToken jwtHeader jwtClaims
-  signedToken <- signedJWTToken key jwt
+  signedToken <- signedJWTTokenRawSign key jwt
   pure $ "vapid t=" <> signedToken <> ",k=" <> fp
 
 wpPushProviderClient :: WebPushConfig -> IORef (Maybe WPCache) -> Manager -> PushProviderClient