diff --git a/index.html b/index.html
index 6294dfe..e0a6626 100644
--- a/index.html
+++ b/index.html
@@ -735,9 +735,8 @@
SHOULD attempt to refresh the push subscription before the subscription expires.
- A push subscription has internal slots for a P-256 ECDH key pair and an
- authentication secret in accordance with [[RFC8291]]. These slots MUST be populated when
- creating the push subscription.
+ A [=push subscription=] has an associated P-256 ECDH key pair and an
+ authentication secret in accordance with [[RFC8291]].
If the user agent has to change the keys of a [=push subscription=] for any reason
@@ -757,16 +756,12 @@
Set |subscription|'s {{PushSubscription/options}} attribute to |options|.
- Generate a new P-256 ECDH key pair [[ANSI-X9-62]]. Store the private key in an
- internal slot on |subscription|; this value MUST NOT be made available to applications.
- The public key is also stored in an internal slot and can be retrieved by calling the
- {{PushSubscription/getKey()}} method of the {{PushSubscription}} with an argument of
- {{PushEncryptionKeyName/"p256dh"}}.
+ Set |subscription|'s [=P-256 ECDH key pair=] to the result of generating a new P-256
+ [=ECDH=] key pair [[ANSI-X9-62]].
- Generate a new authentication secret, which is a sequence of octets as defined in
- [[RFC8291]]. Store the authentication secret in an internal slot on |subscription|. This
- key can be retrieved by calling the {{PushSubscription/getKey()}} method of the
- {{PushSubscription}} with an argument of {{PushEncryptionKeyName/"auth"}}.
+ Set |subscription|'s [=authentication secret=] to the result of generating a new
+ authentication secret, which is a sequence of octets as defined in [[RFC8291]] Section
+ 3.2.
Request a new push subscription. Include the
{{PushSubscriptionOptions/applicationServerKey}} attribute of |options| when it has been
@@ -1448,11 +1443,16 @@
PushSubscriptionJSON toJSON();
};
+
+ dictionary PushSubscriptionKeys {
+ USVString p256dh;
+ USVString auth;
+ };
dictionary PushSubscriptionJSON {
USVString endpoint;
EpochTimeStamp? expirationTime = null;
- record<DOMString, USVString> keys;
+ PushSubscriptionKeys keys;
};
@@ -1472,37 +1472,32 @@
subscription.
- The getKey() method retrieves keying material that can be used for encrypting
- and authenticating messages. When {{PushSubscription/getKey()}} is invoked the following
- process is followed:
+ The getKey(|name:PushEncryptionKeyName|) method retrieves keying
+ material that can be used for encrypting and authenticating messages. The method steps are:
-
- - Find the internal slot corresponding to the key named by the `name` argument.
-
- - If a slot was not found, return `null`.
-
- - Initialize a variable |key| with a newly instantiated {{ArrayBuffer}} instance.
+
+ - Let |key| be a newly instantiated {{ArrayBuffer}} instance.
- - If the internal slot contains an asymmetric key pair, set the contents of |key| to the
- serialized value of the public key from the key pair. This uses the serialization format
- described in the specification that defines the name. For example, [[RFC8291]] specifies
- that the {{PushEncryptionKeyName/"p256dh"}} public key is encoded using the uncompressed
- format defined in [[ANSI-X9-62]] Annex A (that is, a 65 octet sequence that starts with a
- 0x04 octet).
+
- If |name| is {{PushEncryptionKeyName/"p256dh"}}:
+
+ - Set the contents of |key| to the serialized value of the public key from
+ [=this=]'s [=P-256 ECDH key pair=], using the uncompressed format defined in
+ [[ANSI-X9-62]] Annex A (that is, a 65 octet sequence that starts with a 0x04 octet), as
+ [[RFC8291]] specifies.
+
+
- - Otherwise, if the internal slot contains a symmetric key, set the contents of |key| to
- a copy of the value from the internal slot. For example, the `auth` parameter contains an
- octet sequence used by the user agent to authenticate messages sent by an
- application server.
+
- Otherwise:
+
+ - [=/Assert=]: |name| is {{PushEncryptionKeyName/"auth"}}
+ - Set the contents of |key| to a copy of the value from [=this=]'s
+ [=authentication secret=].
+
+
- Return |key|.
-
- Keys named {{PushEncryptionKeyName/"p256dh"}} and {{PushEncryptionKeyName/"auth"}} MUST be
- supported, and their values MUST correspond to those necessary for the user agent to
- decrypt received push messages in accordance with [[RFC8291]].
-
The unsubscribe() method when invoked MUST run the
following steps:
@@ -1544,24 +1539,13 @@
- Set |json|["expirationTime"] to the result of [=getting the `expirationTime`
attribute=] of [=this=].
- - Let |keys| be a new empty instance of `record<DOMString, USVString>` .
+
- Let |keys:PushSubscriptionKeys| be a new {{PushSubscriptionKeys}} dictionary.
- - For each identifier |i| corresponding to keys in internal slots on the
- {{PushSubscription}}, ordered by the name of the key:
-
- - If the internal slot corresponds to an asymmetric key pair, let |b| be the encoded
- value of the public key corresponding to the key name |i|, using the encoding defined
- for the key name (see {{PushSubscription/getKey()}}).
-
- - Otherwise, let |b| be the value as returned by {{PushSubscription/getKey}}.
-
- - Let |s| be the URL-safe base64 encoding without padding [[RFC4648]] of |b| as a
- {{USVString}}. The user agent MUST use a serialization method that does not
- branch based on the value of |b|.
-
- - Set |keys|[|i|] to |s|.
-
-
+ - Set |keys|["p256dh"] to the URL-safe base64 encoding without padding [[RFC4648]] of
+ the value as returned by {{PushSubscription/getKey("p256dh")}}, as a {{USVString}}.
+
+ - Set |keys|["auth"] to the URL-safe base64 encoding without padding [[RFC4648]] of
+ the value as returned by {{PushSubscription/getKey("auth")}}, as a {{USVString}}.
- Set |json|["keys"] to |keys|.