wildduck/lib/dkim-handler.js

277 lines
8.5 KiB
JavaScript
Raw Normal View History

2018-01-02 19:46:32 +08:00
'use strict';
const ObjectId = require('mongodb').ObjectId;
2018-01-02 19:46:32 +08:00
const fingerprint = require('key-fingerprint').fingerprint;
2018-01-03 19:23:42 +08:00
const forge = require('node-forge');
2018-01-02 19:46:32 +08:00
const crypto = require('crypto');
const tools = require('./tools');
2020-10-09 16:08:33 +08:00
const { publish, DKIM_CREATED, DKIM_UPDATED, DKIM_DELETED } = require('./events');
2021-07-05 20:24:01 +08:00
const { encrypt, decrypt } = require('./encrypt');
2018-01-02 19:46:32 +08:00
2021-06-20 18:40:04 +08:00
const { promisify } = require('util');
const generateKeyPair = promisify(crypto.generateKeyPair);
2018-01-02 19:46:32 +08:00
class DkimHandler {
constructor(options) {
options = options || {};
this.cipher = options.cipher;
this.secret = options.secret;
this.database = options.database;
2020-10-09 16:08:33 +08:00
this.redis = options.redis;
2018-10-18 15:37:32 +08:00
this.loggelf = options.loggelf || (() => false);
2018-01-02 19:46:32 +08:00
}
2021-06-20 18:40:04 +08:00
async generateKey(keyBits, keyExponent) {
const { privateKey, publicKey } = await generateKeyPair('rsa', {
modulusLength: keyBits || 2048, // options
publicExponent: keyExponent || 65537,
publicKeyEncoding: {
type: 'spki',
2021-06-20 18:40:04 +08:00
format: 'pem'
},
privateKeyEncoding: {
2021-08-30 18:04:13 +08:00
type: 'pkcs8',
2021-06-20 18:40:04 +08:00
format: 'pem'
}
});
return { privateKey, publicKey };
}
async set(options) {
2018-01-02 19:46:32 +08:00
const domain = tools.normalizeDomain(options.domain);
const selector = options.selector;
const description = options.description;
let privateKeyPem = options.privateKey;
2018-01-03 19:23:42 +08:00
let publicKeyPem;
2018-01-02 19:46:32 +08:00
if (!privateKeyPem) {
let keyPair = await this.generateKey();
if (!keyPair || !keyPair.privateKey || !keyPair.publicKey) {
let err = new Error('Failed to generate key pair');
err.responseCode = 500;
err.code = 'KeyGenereateError';
throw err;
2018-05-11 19:39:23 +08:00
}
privateKeyPem = keyPair.privateKey;
publicKeyPem = keyPair.publicKey;
}
2018-05-11 19:39:23 +08:00
if (!publicKeyPem) {
2021-06-20 18:40:04 +08:00
// extract public key from private key using Forge
2018-05-11 19:39:23 +08:00
let privateKey = forge.pki.privateKeyFromPem(privateKeyPem);
let publicKey = forge.pki.setRsaPublicKey(privateKey.n, privateKey.e);
publicKeyPem = forge.pki.publicKeyToPem(publicKey);
if (!publicKeyPem) {
let err = new Error('Failed to generate public key');
2021-05-22 01:14:43 +08:00
err.responseCode = 500;
2018-05-11 19:39:23 +08:00
err.code = 'KeyGenereateError';
throw err;
2018-01-02 19:46:32 +08:00
}
}
2018-01-02 19:46:32 +08:00
let fp;
try {
fp = fingerprint(privateKeyPem, 'sha256', true);
let ciphered = crypto.publicEncrypt(publicKeyPem, Buffer.from('secretvalue'));
let deciphered = crypto.privateDecrypt(privateKeyPem, ciphered);
if (deciphered.toString() !== 'secretvalue') {
throw new Error('Was not able to use key for encryption');
}
} catch (E) {
let err = new Error('Invalid or incompatible private key. ' + E.message);
err.responseCode = 400;
err.code = 'InputValidationError';
throw err;
}
// encrypt if needed
privateKeyPem = await encrypt(privateKeyPem, this.secret);
let dkimData = {
domain,
selector,
privateKey: privateKeyPem,
publicKey: publicKeyPem,
fingerprint: fp,
created: new Date(),
latest: true
2018-05-11 19:39:23 +08:00
};
if (description) {
dkimData.description = description;
}
let r;
try {
r = await this.database.collection('dkim').findOneAndReplace(
{
domain
},
dkimData,
{
upsert: true,
returnDocument: 'after'
}
);
} catch (err) {
err.responseCode = 500;
err.code = 'InternalDatabaseError';
throw err;
}
if (!r.value) {
let err = new Error('Failed to insert DKIM key');
err.responseCode = 500;
err.code = 'InternalDatabaseError';
throw err;
}
if (this.redis) {
if (r.lastErrorObject.upserted) {
try {
await publish(this.redis, {
ev: DKIM_CREATED,
dkim: r.value._id,
domain,
selector,
fingerprint: fp
});
} catch (err) {
// ignore?
}
} else if (r.lastErrorObject.updatedExisting) {
2018-01-03 19:23:42 +08:00
try {
await publish(this.redis, {
ev: DKIM_UPDATED,
dkim: r.value._id,
domain,
selector,
fingerprint: fp
});
} catch (err) {
// ignore?
2018-01-02 19:46:32 +08:00
}
}
}
2018-01-03 19:23:42 +08:00
return {
id: r.value._id.toString(),
domain: dkimData.domain,
selector: dkimData.selector,
description: dkimData.description,
fingerprint: dkimData.fingerprint,
publicKey: dkimData.publicKey,
dnsTxt: {
name: dkimData.selector + '._domainkey.' + dkimData.domain,
value: 'v=DKIM1;t=s;p=' + dkimData.publicKey.replace(/^-.*-$/gm, '').replace(/\s/g, '')
}
};
2018-01-02 19:46:32 +08:00
}
async get(options, includePrivateKey) {
2018-01-02 19:46:32 +08:00
let query = {};
2018-04-29 03:44:38 +08:00
options = options || {};
if (options.domain) {
query.domain = tools.normalizeDomain(options.domain);
} else if (options._id && tools.isId(options._id)) {
query._id = new ObjectId(options._id);
2018-01-02 19:46:32 +08:00
} else {
2018-04-29 03:54:38 +08:00
let err = new Error('Invalid or unknown DKIM key');
2021-05-22 01:14:43 +08:00
err.responseCode = 404;
2018-09-11 16:13:53 +08:00
err.code = 'DkimNotFound';
throw err;
2018-01-02 19:46:32 +08:00
}
let dkimData;
try {
dkimData = await this.database.collection('dkim').findOne(query);
} catch (err) {
err.responseCode = 500;
err.code = 'InternalDatabaseError';
throw err;
}
if (!dkimData) {
let err = new Error('Invalid or unknown DKIM key');
err.responseCode = 404;
err.code = 'DkimNotFound';
throw err;
}
2021-07-05 20:24:01 +08:00
let privateKey;
if (includePrivateKey) {
privateKey = await decrypt(dkimData.privateKey, this.secret, this.cipher);
}
2021-07-05 20:24:01 +08:00
return {
id: dkimData._id.toString(),
domain: dkimData.domain,
selector: dkimData.selector,
description: dkimData.description,
fingerprint: dkimData.fingerprint,
publicKey: dkimData.publicKey,
privateKey,
dnsTxt: {
name: dkimData.selector + '._domainkey.' + dkimData.domain,
value: 'v=DKIM1;t=s;p=' + dkimData.publicKey.replace(/^-.*-$/gm, '').replace(/\s/g, '')
},
created: dkimData.created
};
2018-01-02 19:46:32 +08:00
}
async del(options) {
2018-01-02 19:46:32 +08:00
let query = {};
2018-04-29 03:44:38 +08:00
if (options.domain) {
query.domain = tools.normalizeDomain(options.domain);
} else if (options._id && tools.isId(options._id)) {
query._id = new ObjectId(options._id);
2018-01-02 19:46:32 +08:00
} else {
2018-04-29 03:54:38 +08:00
let err = new Error('Invalid or unknown DKIM key');
2021-05-22 01:14:43 +08:00
err.responseCode = 404;
2018-09-11 16:13:53 +08:00
err.code = 'DkimNotFound';
throw err;
2018-01-02 19:46:32 +08:00
}
2020-10-09 16:08:33 +08:00
// delete dkim key from database
let r;
try {
r = await this.database.collection('dkim').findOneAndDelete(query);
} catch (err) {
err.responseCode = 500;
err.code = 'InternalDatabaseError';
throw err;
}
2018-01-02 19:46:32 +08:00
if (!r.value) {
let err = new Error('Invalid or unknown DKIM key');
err.responseCode = 404;
err.code = 'DkimNotFound';
throw err;
}
2018-01-02 19:46:32 +08:00
try {
await publish(this.redis, {
2020-10-09 16:08:33 +08:00
ev: DKIM_DELETED,
dkim: r.value._id,
domain: r.value.domain,
selector: r.value.selector,
fingerprint: r.value.fingerprint
});
} catch (err) {
// ignore?
}
2020-10-09 16:08:33 +08:00
return true;
2018-01-02 19:46:32 +08:00
}
}
module.exports = DkimHandler;