Allow generating DKIM private keys

2025-10-16 00:39:08 +08:00 · 2018-01-03 13:23:42 +02:00 · 2018-01-03 13:23:42 +02:00 · cac8bc9c65
commit cac8bc9c65
parent d27a087d10
6 changed files with 106 additions and 84 deletions
--- a/docs/api_data.js
+++ b/docs/api_data.js
--- a/docs/api_data.json
+++ b/docs/api_data.json
--- a/docs/api_project.js
+++ b/docs/api_project.js
@ -1 +1 @@
-define({
  "name": "wildduck",
  "version": "1.0.0",
  "description": "WildDuck API docs. Under construction, see old docs here: https://github.com/nodemailer/wildduck/blob/master/docs/api.md",
  "title": "WildDuck API",
  "url": "http://localhost:8080",
  "sampleUrl": false,
  "defaultVersion": "0.0.0",
  "apidoc": "0.3.0",
  "generator": {
    "name": "apidoc",
    "time": "2018-01-02T14:09:30.712Z",
    "url": "http://apidocjs.com",
    "version": "0.17.6"
  }
});
+define({
  "name": "wildduck",
  "version": "1.0.0",
  "description": "WildDuck API docs. Under construction, see old docs here: https://github.com/nodemailer/wildduck/blob/master/docs/api.md",
  "title": "WildDuck API",
  "url": "http://localhost:8080",
  "sampleUrl": false,
  "defaultVersion": "0.0.0",
  "apidoc": "0.3.0",
  "generator": {
    "name": "apidoc",
    "time": "2018-01-03T11:22:08.500Z",
    "url": "http://apidocjs.com",
    "version": "0.17.6"
  }
});
--- a/docs/api_project.json
+++ b/docs/api_project.json
@ -1 +1 @@
-{
  "name": "wildduck",
  "version": "1.0.0",
  "description": "WildDuck API docs. Under construction, see old docs here: https://github.com/nodemailer/wildduck/blob/master/docs/api.md",
  "title": "WildDuck API",
  "url": "http://localhost:8080",
  "sampleUrl": false,
  "defaultVersion": "0.0.0",
  "apidoc": "0.3.0",
  "generator": {
    "name": "apidoc",
    "time": "2018-01-02T14:09:30.712Z",
    "url": "http://apidocjs.com",
    "version": "0.17.6"
  }
}
+{
  "name": "wildduck",
  "version": "1.0.0",
  "description": "WildDuck API docs. Under construction, see old docs here: https://github.com/nodemailer/wildduck/blob/master/docs/api.md",
  "title": "WildDuck API",
  "url": "http://localhost:8080",
  "sampleUrl": false,
  "defaultVersion": "0.0.0",
  "apidoc": "0.3.0",
  "generator": {
    "name": "apidoc",
    "time": "2018-01-03T11:22:08.500Z",
    "url": "http://apidocjs.com",
    "version": "0.17.6"
  }
}
--- a/lib/api/dkim.js
+++ b/lib/api/dkim.js
@ -195,7 +195,7 @@ module.exports = (db, server) => {
     * @apiParam {String} domain Domain name this DKIM key applies to. Use <code>"\*"</code> as a special value that will be used for domains that do not have their own DKIM key set
     * @apiParam {String} selector Selector for the key
     * @apiParam {String} [description] Key description
-     * @apiParam {String} privateKey Pem formatted DKIM private key
+     * @apiParam {String} [privateKey] Pem formatted DKIM private key. If not set then a new 2048 bit RSA key is generated, beware though that it can take several seconds to complete.
     *
     * @apiSuccess {Boolean} success Indicates successful response
     * @apiSuccess {String} id ID of the DKIM
@ -258,8 +258,7 @@ module.exports = (db, server) => {
            privateKey: Joi.string()
                .empty('')
                .trim()
-                .regex(/^-----BEGIN RSA PRIVATE KEY-----/, 'DKIM key format')
-                .required(),
+                .regex(/^-----BEGIN RSA PRIVATE KEY-----/, 'DKIM key format'),
            description: Joi.string()
                .max(255)
                //.hostname()
--- a/lib/dkim-handler.js
+++ b/lib/dkim-handler.js
@ -2,7 +2,7 @@

 const ObjectID = require('mongodb').ObjectID;
 const fingerprint = require('key-fingerprint').fingerprint;
-const pki = require('node-forge').pki;
+const forge = require('node-forge');
 const crypto = require('crypto');
 const tools = require('./tools');

@ -21,16 +21,38 @@ class DkimHandler {
        const description = options.description;

        let privateKeyPem = options.privateKey;
+        let publicKeyPem;

-        let fp, publicKeyPem;
+        let getPrivateKey = done => {
+            if (privateKeyPem) {
+                return done();
+            }
+            // private key not set, generate a new key
+            forge.rsa.generateKeyPair({ bits: 2048, workers: -1 }, (err, keypair) => {
+                if (err) {
+                    err.code = 'KeyGenereateError';
+                    return callback(err);
+                }
+                privateKeyPem = forge.pki.privateKeyToPem(keypair.privateKey);
+                publicKeyPem = forge.pki.publicKeyToPem(keypair.publicKey);
+                return done();
+            });
+        };
+
+        getPrivateKey(() => {
+            let fp;
            try {
                fp = fingerprint(privateKeyPem, 'sha256', true);
-            let privateKey = pki.privateKeyFromPem(privateKeyPem);
-            let publicKey = pki.setRsaPublicKey(privateKey.n, privateKey.e);
-            publicKeyPem = pki.publicKeyToPem(publicKey);
+
+                if (!publicKeyPem) {
+                    // extract public key from private key
+                    let privateKey = forge.pki.privateKeyFromPem(privateKeyPem);
+                    let publicKey = forge.pki.setRsaPublicKey(privateKey.n, privateKey.e);
+                    publicKeyPem = forge.pki.publicKeyToPem(publicKey);
                    if (!publicKeyPem) {
                        throw new Error('Was not able to extract public key from private key');
                    }
+                }

                let ciphered = crypto.publicEncrypt(publicKeyPem, Buffer.from('secretvalue'));
                let deciphered = crypto.privateDecrypt(privateKeyPem, ciphered);
@ -104,6 +126,7 @@ class DkimHandler {
                    });
                }
            );
+        });
    }

    get(domain, includePrivateKey, callback) {