mox/mox-/dkimsign.go

package mox

import (
	"bytes"
	"context"
	"fmt"
	"strings"
	"time"

	"github.com/mjl-/mox/config"
	"github.com/mjl-/mox/dkim"
	"github.com/mjl-/mox/dns"
	"github.com/mjl-/mox/mlog"
	"github.com/mjl-/mox/smtp"
)

// DKIMSelectors returns the selectors to use for signing.
func DKIMSelectors(dkimConf config.DKIM) []dkim.Selector {
	var l []dkim.Selector
	for _, sign := range dkimConf.Sign {
		sel := dkimConf.Selectors[sign]
		s := dkim.Selector{
			Hash:          sel.HashEffective,
			HeaderRelaxed: sel.Canonicalization.HeaderRelaxed,
			BodyRelaxed:   sel.Canonicalization.BodyRelaxed,
			Headers:       sel.HeadersEffective,
			SealHeaders:   !sel.DontSealHeaders,
			Expiration:    time.Duration(sel.ExpirationSeconds) * time.Second,
			PrivateKey:    sel.Key,
			Domain:        sel.Domain,
		}
		l = append(l, s)
	}
	return l
}

// DKIMSign looks up the domain for "from", and uses its DKIM configuration to
// generate DKIM-Signature headers, for inclusion in a message. The
// DKIM-Signatur headers, are returned. If no domain was found an empty string and
// nil error is returned.
func DKIMSign(ctx context.Context, log mlog.Log, from smtp.Path, smtputf8 bool, data []byte) (string, error) {
	// Add DKIM signature for domain, even if higher up than the full mail hostname.
	// This helps with an assumed (because default) relaxed DKIM policy. If the DMARC
	// policy happens to be strict, the signature won't help, but won't hurt either.
	fd := from.IPDomain.Domain
	var zerodom dns.Domain
	for fd != zerodom {
		confDom, ok := Conf.Domain(fd)
		if !ok {
			var nfd dns.Domain
			_, nfd.ASCII, _ = strings.Cut(fd.ASCII, ".")
			_, nfd.Unicode, _ = strings.Cut(fd.Unicode, ".")
			fd = nfd
			continue
		}

		selectors := DKIMSelectors(confDom.DKIM)
		dkimHeaders, err := dkim.Sign(ctx, log.Logger, from.Localpart, fd, selectors, smtputf8, bytes.NewReader(data))
		if err != nil {
			return "", fmt.Errorf("dkim sign for domain %s: %v", fd, err)
		}
		return dkimHeaders, nil
	}
	return "", nil
}
expose fewer internals in packages, for easier software reuse - prometheus is now behind an interface, they aren't dependencies for the reusable components anymore. - some dependencies have been inverted: instead of packages importing a main package to get configuration, the main package now sets configuration in these packages. that means fewer internals are pulled in. - some functions now have new parameters for values that were retrieved from package "mox-". 2023-12-05 23:13:57 +03:00			`package mox`

			`import (`
			`"bytes"`
			`"context"`
			`"fmt"`
			`"strings"`
			`"time"`

			`"github.com/mjl-/mox/config"`
			`"github.com/mjl-/mox/dkim"`
			`"github.com/mjl-/mox/dns"`
			`"github.com/mjl-/mox/mlog"`
			`"github.com/mjl-/mox/smtp"`
			`)`

			`// DKIMSelectors returns the selectors to use for signing.`
			`func DKIMSelectors(dkimConf config.DKIM) []dkim.Selector {`
			`var l []dkim.Selector`
			`for _, sign := range dkimConf.Sign {`
			`sel := dkimConf.Selectors[sign]`
			`s := dkim.Selector{`
			`Hash: sel.HashEffective,`
			`HeaderRelaxed: sel.Canonicalization.HeaderRelaxed,`
			`BodyRelaxed: sel.Canonicalization.BodyRelaxed,`
			`Headers: sel.HeadersEffective,`
			`SealHeaders: !sel.DontSealHeaders,`
			`Expiration: time.Duration(sel.ExpirationSeconds) * time.Second,`
			`PrivateKey: sel.Key,`
			`Domain: sel.Domain,`
			`}`
			`l = append(l, s)`
			`}`
			`return l`
			`}`

			`// DKIMSign looks up the domain for "from", and uses its DKIM configuration to`
			`// generate DKIM-Signature headers, for inclusion in a message. The`
			`// DKIM-Signatur headers, are returned. If no domain was found an empty string and`
			`// nil error is returned.`
			`func DKIMSign(ctx context.Context, log mlog.Log, from smtp.Path, smtputf8 bool, data []byte) (string, error) {`
			`// Add DKIM signature for domain, even if higher up than the full mail hostname.`
			`// This helps with an assumed (because default) relaxed DKIM policy. If the DMARC`
			`// policy happens to be strict, the signature won't help, but won't hurt either.`
			`fd := from.IPDomain.Domain`
			`var zerodom dns.Domain`
			`for fd != zerodom {`
			`confDom, ok := Conf.Domain(fd)`
			`if !ok {`
			`var nfd dns.Domain`
			`_, nfd.ASCII, _ = strings.Cut(fd.ASCII, ".")`
			`_, nfd.Unicode, _ = strings.Cut(fd.Unicode, ".")`
			`fd = nfd`
			`continue`
			`}`

			`selectors := DKIMSelectors(confDom.DKIM)`
			`dkimHeaders, err := dkim.Sign(ctx, log.Logger, from.Localpart, fd, selectors, smtputf8, bytes.NewReader(data))`
			`if err != nil {`
			`return "", fmt.Errorf("dkim sign for domain %s: %v", fd, err)`
			`}`
			`return dkimHeaders, nil`
			`}`
			`return "", nil`
			`}`