2024-02-16 12:41:04 +00:00
|
|
|
import * as plugins from '../plugins.js';
|
2024-02-16 19:42:26 +00:00
|
|
|
import type { MtaService } from './mta.classes.mta.js';
|
2024-02-16 12:28:40 +00:00
|
|
|
|
|
|
|
interface Headers {
|
|
|
|
[key: string]: string;
|
|
|
|
}
|
|
|
|
|
|
|
|
interface IEmailSignJobOptions {
|
|
|
|
domain: string;
|
|
|
|
selector: string;
|
|
|
|
headers: Headers;
|
|
|
|
body: string;
|
|
|
|
}
|
|
|
|
|
|
|
|
export class EmailSignJob {
|
2024-02-16 19:42:26 +00:00
|
|
|
mtaRef: MtaService;
|
2024-02-16 12:28:40 +00:00
|
|
|
jobOptions: IEmailSignJobOptions;
|
|
|
|
|
2024-02-16 19:42:26 +00:00
|
|
|
constructor(mtaRefArg: MtaService, options: IEmailSignJobOptions) {
|
2024-02-16 12:28:40 +00:00
|
|
|
this.mtaRef = mtaRefArg;
|
|
|
|
this.jobOptions = options;
|
|
|
|
}
|
|
|
|
|
|
|
|
async loadPrivateKey(): Promise<string> {
|
|
|
|
return plugins.fs.promises.readFile(
|
|
|
|
(await this.mtaRef.dkimCreator.getKeyPathsForDomain(this.jobOptions.domain)).privateKeyPath,
|
|
|
|
'utf-8'
|
|
|
|
);
|
|
|
|
}
|
|
|
|
|
|
|
|
public async getSignatureHeader(emailMessage: string): Promise<string> {
|
|
|
|
const signResult = await plugins.dkimSign(emailMessage, {
|
|
|
|
// Optional, default canonicalization, default is "relaxed/relaxed"
|
|
|
|
canonicalization: 'relaxed/relaxed', // c=
|
|
|
|
|
|
|
|
// Optional, default signing and hashing algorithm
|
|
|
|
// Mostly useful when you want to use rsa-sha1, otherwise no need to set
|
|
|
|
algorithm: 'rsa-sha256',
|
|
|
|
|
|
|
|
// Optional, default is current time
|
|
|
|
signTime: new Date(), // t=
|
|
|
|
|
|
|
|
// Keys for one or more signatures
|
|
|
|
// Different signatures can use different algorithms (mostly useful when
|
|
|
|
// you want to sign a message both with RSA and Ed25519)
|
|
|
|
signatureData: [
|
|
|
|
{
|
|
|
|
signingDomain: this.jobOptions.domain, // d=
|
|
|
|
selector: this.jobOptions.selector, // s=
|
|
|
|
// supported key types: RSA, Ed25519
|
|
|
|
privateKey: await this.loadPrivateKey(), // k=
|
|
|
|
|
|
|
|
// Optional algorithm, default is derived from the key.
|
|
|
|
// Overrides whatever was set in parent object
|
|
|
|
algorithm: 'rsa-sha256',
|
|
|
|
|
|
|
|
// Optional signature specifc canonicalization, overrides whatever was set in parent object
|
|
|
|
canonicalization: 'relaxed/relaxed', // c=
|
|
|
|
|
|
|
|
// Maximum number of canonicalized body bytes to sign (eg. the "l=" tag).
|
|
|
|
// Do not use though. This is available only for compatibility testing.
|
|
|
|
// maxBodyLength: 12345
|
|
|
|
},
|
|
|
|
],
|
|
|
|
});
|
|
|
|
const signature = signResult.signatures;
|
|
|
|
return signature;
|
|
|
|
}
|
|
|
|
}
|