ts/mail/delivery/classes.emailsignjob.ts

import * as plugins from '../../plugins.ts';
import type { UnifiedEmailServer } from '../routing/classes.unified.email.server.ts';

interface Headers {
  [key: string]: string;
}

interface IEmailSignJobOptions {
  domain: string;
  selector: string;
  headers: Headers;
  body: string;
}

export class EmailSignJob {
  emailServerRef: UnifiedEmailServer;
  jobOptions: IEmailSignJobOptions;

  constructor(emailServerRef: UnifiedEmailServer, options: IEmailSignJobOptions) {
    this.emailServerRef = emailServerRef;
    this.jobOptions = options;
  }

  async loadPrivateKey(): Promise<string> {
    const keyInfo = await this.emailServerRef.dkimCreator.readDKIMKeys(this.jobOptions.domain);
    return keyInfo.privateKey;
  }

  public async getSignatureHeader(emailMessage: string): Promise<string> {
    const signResult = await plugins.dkimSign(emailMessage, {
      // Optional, default canonicalization, default is "relaxed/relaxed"
      canonicalization: 'relaxed/relaxed', // c=

      // Optional, default signing and hashing algorithm
      // Mostly useful when you want to use rsa-sha1, otherwise no need to set
      algorithm: 'rsa-sha256',

      // Optional, default is current time
      signTime: new Date(), // t=

      // Keys for one or more signatures
      // Different signatures can use different algorithms (mostly useful when
      // you want to sign a message both with RSA and Ed25519)
      signatureData: [
        {
          signingDomain: this.jobOptions.domain, // d=
          selector: this.jobOptions.selector, // s=
          // supported key types: RSA, Ed25519
          privateKey: await this.loadPrivateKey(), // k=

          // Optional algorithm, default is derived from the key.
          // Overrides whatever was set in parent object
          algorithm: 'rsa-sha256',

          // Optional signature specifc canonicalization, overrides whatever was set in parent object
          canonicalization: 'relaxed/relaxed', // c=

          // Maximum number of canonicalized body bytes to sign (eg. the "l=" tag).
          // Do not use though. This is available only for compatibility testing.
          // maxBodyLength: 12345
        },
      ],
    });
    const signature = signResult.signatures;
    return signature;
  }
}
initial 2025-10-24 08:09:29 +00:00			`import * as plugins from '../../plugins.ts';`
			`import type { UnifiedEmailServer } from '../routing/classes.unified.email.server.ts';`

			`interface Headers {`
			`[key: string]: string;`
			`}`

			`interface IEmailSignJobOptions {`
			`domain: string;`
			`selector: string;`
			`headers: Headers;`
			`body: string;`
			`}`

			`export class EmailSignJob {`
			`emailServerRef: UnifiedEmailServer;`
			`jobOptions: IEmailSignJobOptions;`

			`constructor(emailServerRef: UnifiedEmailServer, options: IEmailSignJobOptions) {`
			`this.emailServerRef = emailServerRef;`
			`this.jobOptions = options;`
			`}`

			`async loadPrivateKey(): Promise<string> {`
			`const keyInfo = await this.emailServerRef.dkimCreator.readDKIMKeys(this.jobOptions.domain);`
			`return keyInfo.privateKey;`
			`}`

			`public async getSignatureHeader(emailMessage: string): Promise<string> {`
			`const signResult = await plugins.dkimSign(emailMessage, {`
			`// Optional, default canonicalization, default is "relaxed/relaxed"`
			`canonicalization: 'relaxed/relaxed', // c=`

			`// Optional, default signing and hashing algorithm`
			`// Mostly useful when you want to use rsa-sha1, otherwise no need to set`
			`algorithm: 'rsa-sha256',`

			`// Optional, default is current time`
			`signTime: new Date(), // t=`

			`// Keys for one or more signatures`
			`// Different signatures can use different algorithms (mostly useful when`
			`// you want to sign a message both with RSA and Ed25519)`
			`signatureData: [`
			`{`
			`signingDomain: this.jobOptions.domain, // d=`
			`selector: this.jobOptions.selector, // s=`
			`// supported key types: RSA, Ed25519`
			`privateKey: await this.loadPrivateKey(), // k=`

			`// Optional algorithm, default is derived from the key.`
			`// Overrides whatever was set in parent object`
			`algorithm: 'rsa-sha256',`

			`// Optional signature specifc canonicalization, overrides whatever was set in parent object`
			`canonicalization: 'relaxed/relaxed', // c=`

			`// Maximum number of canonicalized body bytes to sign (eg. the "l=" tag).`
			`// Do not use though. This is available only for compatibility testing.`
			`// maxBodyLength: 12345`
			`},`
			`],`
			`});`
			`const signature = signResult.signatures;`
			`return signature;`
			`}`
			`}`