dcrouter/test/suite/smtpclient_security/test.csec-03.dkim-signing.ts

import { tap, expect } from '@git.zone/tstest/tapbundle';
import { startTestServer, stopTestServer, type ITestServer } from '../../helpers/server.loader.js';
import { createTestSmtpClient } from '../../helpers/smtp.client.js';
import { Email } from '../../../ts/mail/core/classes.email.js';
import * as crypto from 'crypto';

let testServer: ITestServer;

tap.test('setup test SMTP server', async () => {
  testServer = await startTestServer({
    port: 2563,
    tlsEnabled: false,
    authRequired: false
  });
  expect(testServer).toBeTruthy();
  expect(testServer.port).toBeGreaterThan(0);
});

tap.test('CSEC-03: Basic DKIM signature structure', async () => {
  const smtpClient = createTestSmtpClient({
    host: testServer.hostname,
    port: testServer.port,
    secure: false,
    connectionTimeout: 5000,
    debug: true
  });

  // Create email with DKIM configuration
  const email = new Email({
    from: 'sender@example.com',
    to: ['recipient@example.com'],
    subject: 'DKIM Signed Email',
    text: 'This email should be DKIM signed'
  });

  // Note: DKIM signing would be handled by the Email class or SMTP client
  // This test verifies the structure when it's implemented
  const result = await smtpClient.sendMail(email);
  expect(result.success).toBeTruthy();
  
  console.log('Email sent successfully');
  console.log('Note: DKIM signing functionality would be applied here');

  await smtpClient.close();
});

tap.test('CSEC-03: DKIM with RSA key generation', async () => {
  // Generate a test RSA key pair
  const { privateKey, publicKey } = crypto.generateKeyPairSync('rsa', {
    modulusLength: 2048,
    publicKeyEncoding: {
      type: 'spki',
      format: 'pem'
    },
    privateKeyEncoding: {
      type: 'pkcs8',
      format: 'pem'
    }
  });

  console.log('Generated RSA key pair for DKIM:');
  console.log('Public key (first line):', publicKey.split('\n')[1].substring(0, 50) + '...');
  
  // Create DNS TXT record format
  const publicKeyBase64 = publicKey
    .replace(/-----BEGIN PUBLIC KEY-----/, '')
    .replace(/-----END PUBLIC KEY-----/, '')
    .replace(/\s/g, '');
  
  console.log('\nDNS TXT record for default._domainkey.example.com:');
  console.log(`v=DKIM1; k=rsa; p=${publicKeyBase64.substring(0, 50)}...`);

  const smtpClient = createTestSmtpClient({
    host: testServer.hostname,
    port: testServer.port,
    secure: false,
    connectionTimeout: 5000,
    debug: true
  });

  const email = new Email({
    from: 'sender@example.com',
    to: ['recipient@example.com'],
    subject: 'DKIM with Real RSA Key',
    text: 'This email is signed with a real RSA key'
  });

  const result = await smtpClient.sendMail(email);
  expect(result.success).toBeTruthy();

  await smtpClient.close();
});

tap.test('CSEC-03: DKIM body hash calculation', async () => {
  const smtpClient = createTestSmtpClient({
    host: testServer.hostname,
    port: testServer.port,
    secure: false,
    connectionTimeout: 5000,
    debug: false
  });

  // Test body hash with different content
  const testBodies = [
    { name: 'Simple text', body: 'Hello World' },
    { name: 'Multi-line text', body: 'Line 1\r\nLine 2\r\nLine 3' },
    { name: 'Empty body', body: '' }
  ];

  for (const test of testBodies) {
    console.log(`\nTesting body hash for: ${test.name}`);
    
    // Calculate expected body hash
    const canonicalBody = test.body.replace(/\r\n/g, '\n').trimEnd() + '\n';
    const bodyHash = crypto.createHash('sha256').update(canonicalBody).digest('base64');
    console.log(`  Expected hash: ${bodyHash.substring(0, 20)}...`);
    
    const email = new Email({
      from: 'sender@example.com',
      to: ['recipient@example.com'],
      subject: `Body Hash Test: ${test.name}`,
      text: test.body
    });

    const result = await smtpClient.sendMail(email);
    expect(result.success).toBeTruthy();
  }

  await smtpClient.close();
});

tap.test('cleanup test SMTP server', async () => {
  if (testServer) {
    await stopTestServer(testServer);
  }
});

tap.start();