2024-10-11 19:16:42 +02:00
|
|
|
// SPDX-FileCopyrightText: 2022-2023 The go-mail Authors
|
|
|
|
//
|
|
|
|
// SPDX-License-Identifier: MIT
|
|
|
|
|
2024-09-15 19:49:27 +02:00
|
|
|
package mail
|
|
|
|
|
|
|
|
import (
|
2024-09-26 16:32:51 +02:00
|
|
|
"bytes"
|
2024-10-17 15:56:45 +02:00
|
|
|
"crypto"
|
|
|
|
"crypto/ecdsa"
|
2024-09-15 19:49:27 +02:00
|
|
|
"crypto/rsa"
|
|
|
|
"crypto/x509"
|
2024-09-26 16:32:51 +02:00
|
|
|
"encoding/pem"
|
2024-09-18 14:23:26 +02:00
|
|
|
"errors"
|
2024-09-26 16:32:51 +02:00
|
|
|
"fmt"
|
2024-10-27 09:42:13 +01:00
|
|
|
"mime/quotedprintable"
|
2024-09-26 16:32:51 +02:00
|
|
|
"strings"
|
2024-09-15 19:49:27 +02:00
|
|
|
)
|
|
|
|
|
2024-09-18 14:23:26 +02:00
|
|
|
var (
|
2024-10-11 18:43:04 +02:00
|
|
|
// ErrInvalidPrivateKey should be used if private key is invalid
|
|
|
|
ErrInvalidPrivateKey = errors.New("invalid private key")
|
2024-09-18 14:23:26 +02:00
|
|
|
|
2024-10-11 18:43:04 +02:00
|
|
|
// ErrInvalidCertificate should be used if the certificate is invalid
|
|
|
|
ErrInvalidCertificate = errors.New("invalid certificate")
|
2024-10-17 15:56:45 +02:00
|
|
|
)
|
2024-10-11 18:43:04 +02:00
|
|
|
|
2024-10-17 15:56:45 +02:00
|
|
|
// privateKeyHolder is the representation of a private key
|
|
|
|
type privateKeyHolder struct {
|
|
|
|
ecdsa *ecdsa.PrivateKey
|
|
|
|
rsa *rsa.PrivateKey
|
|
|
|
}
|
2024-09-26 16:32:51 +02:00
|
|
|
|
2024-10-17 15:56:45 +02:00
|
|
|
// get returns the private key of the privateKeyHolder
|
|
|
|
func (p privateKeyHolder) get() crypto.PrivateKey {
|
|
|
|
if p.ecdsa != nil {
|
|
|
|
return p.ecdsa
|
|
|
|
}
|
|
|
|
return p.rsa
|
|
|
|
}
|
2024-09-18 14:23:26 +02:00
|
|
|
|
|
|
|
// SMime is used to sign messages with S/MIME
|
|
|
|
type SMime struct {
|
2024-10-17 15:56:45 +02:00
|
|
|
privateKey privateKeyHolder
|
2024-10-11 18:43:04 +02:00
|
|
|
certificate *x509.Certificate
|
|
|
|
intermediateCertificate *x509.Certificate
|
2024-09-18 14:23:26 +02:00
|
|
|
}
|
|
|
|
|
2024-10-17 15:56:45 +02:00
|
|
|
// newSMimeWithRSA construct a new instance of SMime with provided parameters
|
2024-10-11 18:43:04 +02:00
|
|
|
// privateKey as *rsa.PrivateKey
|
|
|
|
// certificate as *x509.Certificate
|
2024-10-17 15:56:45 +02:00
|
|
|
// intermediateCertificate (optional) as *x509.Certificate
|
|
|
|
func newSMimeWithRSA(privateKey *rsa.PrivateKey, certificate *x509.Certificate, intermediateCertificate *x509.Certificate) (*SMime, error) {
|
2024-10-11 18:43:04 +02:00
|
|
|
if privateKey == nil {
|
|
|
|
return nil, ErrInvalidPrivateKey
|
|
|
|
}
|
|
|
|
|
|
|
|
if certificate == nil {
|
|
|
|
return nil, ErrInvalidCertificate
|
2024-09-18 14:23:26 +02:00
|
|
|
}
|
|
|
|
|
2024-10-17 15:56:45 +02:00
|
|
|
return &SMime{
|
|
|
|
privateKey: privateKeyHolder{rsa: privateKey},
|
|
|
|
certificate: certificate,
|
|
|
|
intermediateCertificate: intermediateCertificate,
|
|
|
|
}, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
// newSMimeWithECDSA construct a new instance of SMime with provided parameters
|
|
|
|
// privateKey as *ecdsa.PrivateKey
|
|
|
|
// certificate as *x509.Certificate
|
|
|
|
// intermediateCertificate (optional) as *x509.Certificate
|
|
|
|
func newSMimeWithECDSA(privateKey *ecdsa.PrivateKey, certificate *x509.Certificate, intermediateCertificate *x509.Certificate) (*SMime, error) {
|
|
|
|
if privateKey == nil {
|
|
|
|
return nil, ErrInvalidPrivateKey
|
|
|
|
}
|
|
|
|
|
|
|
|
if certificate == nil {
|
|
|
|
return nil, ErrInvalidCertificate
|
2024-10-11 17:26:22 +02:00
|
|
|
}
|
|
|
|
|
2024-09-18 14:23:26 +02:00
|
|
|
return &SMime{
|
2024-10-17 15:56:45 +02:00
|
|
|
privateKey: privateKeyHolder{ecdsa: privateKey},
|
2024-10-11 18:43:04 +02:00
|
|
|
certificate: certificate,
|
|
|
|
intermediateCertificate: intermediateCertificate,
|
2024-09-18 14:23:26 +02:00
|
|
|
}, nil
|
|
|
|
}
|
|
|
|
|
2024-10-09 13:53:15 +02:00
|
|
|
// signMessage signs the message with S/MIME
|
|
|
|
func (sm *SMime) signMessage(message string) (*string, error) {
|
2024-09-26 16:32:51 +02:00
|
|
|
lines := parseLines([]byte(message))
|
|
|
|
toBeSigned := lines.bytesFromLines([]byte("\r\n"))
|
2024-09-18 14:23:26 +02:00
|
|
|
|
2024-10-17 15:56:45 +02:00
|
|
|
signedData, err := newSignedData(toBeSigned)
|
|
|
|
if err != nil || signedData == nil {
|
|
|
|
return nil, fmt.Errorf("could not initialize signed data: %w", err)
|
|
|
|
}
|
|
|
|
|
|
|
|
if err = signedData.addSigner(sm.certificate, sm.privateKey.get(), SignerInfoConfig{}); err != nil {
|
|
|
|
return nil, fmt.Errorf("could not add signer message: %w", err)
|
2024-09-26 16:32:51 +02:00
|
|
|
}
|
|
|
|
|
2024-10-17 15:56:45 +02:00
|
|
|
if sm.intermediateCertificate != nil {
|
|
|
|
signedData.addCertificate(sm.intermediateCertificate)
|
2024-09-18 14:23:26 +02:00
|
|
|
}
|
|
|
|
|
2024-10-17 15:56:45 +02:00
|
|
|
signedData.detach()
|
2024-10-09 13:53:15 +02:00
|
|
|
|
2024-10-17 15:56:45 +02:00
|
|
|
signatureDER, err := signedData.finish()
|
2024-09-26 16:32:51 +02:00
|
|
|
if err != nil {
|
2024-10-17 15:56:45 +02:00
|
|
|
return nil, fmt.Errorf("could not finish signing: %w", err)
|
2024-09-18 14:23:26 +02:00
|
|
|
}
|
|
|
|
|
2024-09-26 16:32:51 +02:00
|
|
|
pemMsg, err := encodeToPEM(signatureDER)
|
2024-09-18 14:23:26 +02:00
|
|
|
if err != nil {
|
2024-10-17 15:56:45 +02:00
|
|
|
return nil, fmt.Errorf("could not encode to PEM: %w", err)
|
2024-09-26 16:32:51 +02:00
|
|
|
}
|
|
|
|
|
2024-10-09 13:53:15 +02:00
|
|
|
return pemMsg, nil
|
2024-09-26 16:32:51 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
// createMessage prepares the message that will be used for the sign method later
|
2024-10-27 09:42:13 +01:00
|
|
|
func (sm *SMime) prepareMessage(encoding Encoding, contentType ContentType, charset Charset, body []byte) (*string, error) {
|
|
|
|
encodedMessage, err := sm.encodeMessage(encoding, string(body))
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
preparedMessage := fmt.Sprintf("Content-Transfer-Encoding: %v\r\nContent-Type: %v; charset=%v\r\n\r\n%v", encoding, contentType, charset, *encodedMessage)
|
|
|
|
return &preparedMessage, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
// encodeMessage encodes the message with the given encoding
|
|
|
|
func (sm *SMime) encodeMessage(encoding Encoding, message string) (*string, error) {
|
|
|
|
if encoding != EncodingQP {
|
|
|
|
return &message, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
buffer := bytes.Buffer{}
|
|
|
|
writer := quotedprintable.NewWriter(&buffer)
|
|
|
|
if _, err := writer.Write([]byte(message)); err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
if err := writer.Close(); err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
encodedMessage := buffer.String()
|
|
|
|
|
|
|
|
return &encodedMessage, nil
|
2024-09-26 16:32:51 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
// encodeToPEM uses the method pem.Encode from the standard library but cuts the typical PEM preamble
|
|
|
|
func encodeToPEM(msg []byte) (*string, error) {
|
|
|
|
block := &pem.Block{Bytes: msg}
|
|
|
|
|
|
|
|
var arrayBuffer bytes.Buffer
|
|
|
|
if err := pem.Encode(&arrayBuffer, block); err != nil {
|
|
|
|
return nil, err
|
2024-09-18 14:23:26 +02:00
|
|
|
}
|
|
|
|
|
2024-09-26 16:32:51 +02:00
|
|
|
r := arrayBuffer.String()
|
2024-09-29 16:46:30 +02:00
|
|
|
r = strings.TrimPrefix(r, "-----BEGIN -----")
|
|
|
|
r = strings.Trim(r, "\n")
|
|
|
|
r = strings.TrimSuffix(r, "-----END -----")
|
|
|
|
r = strings.Trim(r, "\n")
|
2024-09-26 16:32:51 +02:00
|
|
|
|
|
|
|
return &r, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
// line is the representation of one line of the message that will be used for signing purposes
|
|
|
|
type line struct {
|
|
|
|
line []byte
|
|
|
|
endOfLine []byte
|
|
|
|
}
|
2024-09-18 14:23:26 +02:00
|
|
|
|
2024-09-26 16:32:51 +02:00
|
|
|
// lines is the representation of a message that will be used for signing purposes
|
|
|
|
type lines []line
|
|
|
|
|
|
|
|
// bytesFromLines creates the line representation with the given endOfLine char
|
|
|
|
func (ls lines) bytesFromLines(sep []byte) []byte {
|
|
|
|
var raw []byte
|
|
|
|
for i := range ls {
|
|
|
|
raw = append(raw, ls[i].line...)
|
|
|
|
if len(ls[i].endOfLine) != 0 && sep != nil {
|
|
|
|
raw = append(raw, sep...)
|
|
|
|
} else {
|
|
|
|
raw = append(raw, ls[i].endOfLine...)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return raw
|
|
|
|
}
|
|
|
|
|
|
|
|
// parseLines constructs the lines representation of a given message
|
|
|
|
func parseLines(raw []byte) lines {
|
|
|
|
oneLine := line{raw, nil}
|
|
|
|
lines := lines{oneLine}
|
|
|
|
lines = lines.splitLine([]byte("\r\n"))
|
|
|
|
lines = lines.splitLine([]byte("\r"))
|
|
|
|
lines = lines.splitLine([]byte("\n"))
|
|
|
|
return lines
|
|
|
|
}
|
|
|
|
|
|
|
|
// splitLine uses the given endOfLine to split the given line
|
|
|
|
func (ls lines) splitLine(sep []byte) lines {
|
|
|
|
nl := lines{}
|
|
|
|
for _, l := range ls {
|
|
|
|
split := bytes.Split(l.line, sep)
|
|
|
|
if len(split) > 1 {
|
|
|
|
for i := 0; i < len(split)-1; i++ {
|
|
|
|
nl = append(nl, line{split[i], sep})
|
|
|
|
}
|
|
|
|
nl = append(nl, line{split[len(split)-1], l.endOfLine})
|
|
|
|
} else {
|
|
|
|
nl = append(nl, l)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return nl
|
2024-09-15 19:49:27 +02:00
|
|
|
}
|