2024-10-11 19:16:42 +02:00
|
|
|
// SPDX-FileCopyrightText: 2022-2023 The go-mail Authors
|
|
|
|
//
|
|
|
|
// SPDX-License-Identifier: MIT
|
|
|
|
|
2024-09-15 19:49:27 +02:00
|
|
|
package mail
|
|
|
|
|
|
|
|
import (
|
2024-09-26 16:32:51 +02:00
|
|
|
"bytes"
|
2024-09-15 19:49:27 +02:00
|
|
|
"crypto/rsa"
|
|
|
|
"crypto/x509"
|
2024-09-26 16:32:51 +02:00
|
|
|
"encoding/pem"
|
2024-09-18 14:23:26 +02:00
|
|
|
"errors"
|
2024-09-26 16:32:51 +02:00
|
|
|
"fmt"
|
|
|
|
"strings"
|
2024-10-11 19:21:34 +02:00
|
|
|
|
|
|
|
"go.mozilla.org/pkcs7"
|
2024-09-15 19:49:27 +02:00
|
|
|
)
|
|
|
|
|
2024-09-18 14:23:26 +02:00
|
|
|
var (
|
2024-10-11 18:43:04 +02:00
|
|
|
// ErrInvalidPrivateKey should be used if private key is invalid
|
|
|
|
ErrInvalidPrivateKey = errors.New("invalid private key")
|
2024-09-18 14:23:26 +02:00
|
|
|
|
2024-10-11 18:43:04 +02:00
|
|
|
// ErrInvalidCertificate should be used if the certificate is invalid
|
|
|
|
ErrInvalidCertificate = errors.New("invalid certificate")
|
|
|
|
|
|
|
|
// ErrInvalidIntermediateCertificate should be used if the intermediate certificate is invalid
|
|
|
|
ErrInvalidIntermediateCertificate = errors.New("invalid intermediate certificate")
|
2024-10-11 17:26:22 +02:00
|
|
|
|
2024-09-18 14:23:26 +02:00
|
|
|
// ErrCouldNotInitialize should be used if the signed data could not initialize
|
|
|
|
ErrCouldNotInitialize = errors.New("could not initialize signed data")
|
|
|
|
|
|
|
|
// ErrCouldNotAddSigner should be used if the signer could not be added
|
|
|
|
ErrCouldNotAddSigner = errors.New("could not add signer message")
|
|
|
|
|
|
|
|
// ErrCouldNotFinishSigning should be used if the signing could not be finished
|
|
|
|
ErrCouldNotFinishSigning = errors.New("could not finish signing")
|
2024-09-26 16:32:51 +02:00
|
|
|
|
|
|
|
// ErrCouldNoEncodeToPEM should be used if the signature could not be encoded to PEM
|
|
|
|
ErrCouldNoEncodeToPEM = errors.New("could not encode to PEM")
|
2024-09-18 14:23:26 +02:00
|
|
|
)
|
|
|
|
|
|
|
|
// SMime is used to sign messages with S/MIME
|
|
|
|
type SMime struct {
|
2024-10-11 18:43:04 +02:00
|
|
|
privateKey *rsa.PrivateKey
|
|
|
|
certificate *x509.Certificate
|
|
|
|
intermediateCertificate *x509.Certificate
|
2024-09-18 14:23:26 +02:00
|
|
|
}
|
|
|
|
|
2024-10-11 18:43:04 +02:00
|
|
|
// NewSMime construct a new instance of SMime with provided parameters
|
|
|
|
// privateKey as *rsa.PrivateKey
|
|
|
|
// certificate as *x509.Certificate
|
|
|
|
// intermediateCertificate as *x509.Certificate
|
|
|
|
func newSMime(privateKey *rsa.PrivateKey, certificate *x509.Certificate, intermediateCertificate *x509.Certificate) (*SMime, error) {
|
|
|
|
if privateKey == nil {
|
|
|
|
return nil, ErrInvalidPrivateKey
|
|
|
|
}
|
|
|
|
|
|
|
|
if certificate == nil {
|
|
|
|
return nil, ErrInvalidCertificate
|
2024-09-18 14:23:26 +02:00
|
|
|
}
|
|
|
|
|
2024-10-11 18:43:04 +02:00
|
|
|
if intermediateCertificate == nil {
|
|
|
|
return nil, ErrInvalidIntermediateCertificate
|
2024-10-11 17:26:22 +02:00
|
|
|
}
|
|
|
|
|
2024-09-18 14:23:26 +02:00
|
|
|
return &SMime{
|
2024-10-11 18:43:04 +02:00
|
|
|
privateKey: privateKey,
|
|
|
|
certificate: certificate,
|
|
|
|
intermediateCertificate: intermediateCertificate,
|
2024-09-18 14:23:26 +02:00
|
|
|
}, nil
|
|
|
|
}
|
|
|
|
|
2024-10-09 13:53:15 +02:00
|
|
|
// signMessage signs the message with S/MIME
|
|
|
|
func (sm *SMime) signMessage(message string) (*string, error) {
|
2024-09-26 16:32:51 +02:00
|
|
|
lines := parseLines([]byte(message))
|
|
|
|
toBeSigned := lines.bytesFromLines([]byte("\r\n"))
|
2024-09-18 14:23:26 +02:00
|
|
|
|
2024-10-09 13:53:15 +02:00
|
|
|
signedData, err := pkcs7.NewSignedData(toBeSigned)
|
|
|
|
signedData.SetDigestAlgorithm(pkcs7.OIDDigestAlgorithmSHA256)
|
2024-09-18 14:23:26 +02:00
|
|
|
if err != nil {
|
2024-10-09 13:53:15 +02:00
|
|
|
return nil, ErrCouldNotInitialize
|
2024-09-26 16:32:51 +02:00
|
|
|
}
|
|
|
|
|
2024-10-11 18:43:04 +02:00
|
|
|
if err = signedData.AddSignerChain(sm.certificate, sm.privateKey, []*x509.Certificate{sm.intermediateCertificate}, pkcs7.SignerInfoConfig{}); err != nil {
|
2024-10-09 13:53:15 +02:00
|
|
|
return nil, ErrCouldNotAddSigner
|
2024-09-18 14:23:26 +02:00
|
|
|
}
|
|
|
|
|
2024-10-09 13:53:15 +02:00
|
|
|
signedData.Detach()
|
|
|
|
|
|
|
|
signatureDER, err := signedData.Finish()
|
2024-09-26 16:32:51 +02:00
|
|
|
if err != nil {
|
2024-10-09 13:53:15 +02:00
|
|
|
return nil, ErrCouldNotFinishSigning
|
2024-09-18 14:23:26 +02:00
|
|
|
}
|
|
|
|
|
2024-09-26 16:32:51 +02:00
|
|
|
pemMsg, err := encodeToPEM(signatureDER)
|
2024-09-18 14:23:26 +02:00
|
|
|
if err != nil {
|
2024-10-09 13:53:15 +02:00
|
|
|
return nil, ErrCouldNoEncodeToPEM
|
2024-09-26 16:32:51 +02:00
|
|
|
}
|
|
|
|
|
2024-10-09 13:53:15 +02:00
|
|
|
return pemMsg, nil
|
2024-09-26 16:32:51 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
// createMessage prepares the message that will be used for the sign method later
|
2024-10-09 16:15:23 +02:00
|
|
|
func (sm *SMime) prepareMessage(encoding Encoding, contentType ContentType, charset Charset, body []byte) string {
|
2024-09-26 16:32:51 +02:00
|
|
|
return fmt.Sprintf("Content-Transfer-Encoding: %v\r\nContent-Type: %v; charset=%v\r\n\r\n%v", encoding, contentType, charset, string(body))
|
|
|
|
}
|
|
|
|
|
|
|
|
// encodeToPEM uses the method pem.Encode from the standard library but cuts the typical PEM preamble
|
|
|
|
func encodeToPEM(msg []byte) (*string, error) {
|
|
|
|
block := &pem.Block{Bytes: msg}
|
|
|
|
|
|
|
|
var arrayBuffer bytes.Buffer
|
|
|
|
if err := pem.Encode(&arrayBuffer, block); err != nil {
|
|
|
|
return nil, err
|
2024-09-18 14:23:26 +02:00
|
|
|
}
|
|
|
|
|
2024-09-26 16:32:51 +02:00
|
|
|
r := arrayBuffer.String()
|
2024-09-29 16:46:30 +02:00
|
|
|
r = strings.TrimPrefix(r, "-----BEGIN -----")
|
|
|
|
r = strings.Trim(r, "\n")
|
|
|
|
r = strings.TrimSuffix(r, "-----END -----")
|
|
|
|
r = strings.Trim(r, "\n")
|
2024-09-26 16:32:51 +02:00
|
|
|
|
|
|
|
return &r, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
// line is the representation of one line of the message that will be used for signing purposes
|
|
|
|
type line struct {
|
|
|
|
line []byte
|
|
|
|
endOfLine []byte
|
|
|
|
}
|
2024-09-18 14:23:26 +02:00
|
|
|
|
2024-09-26 16:32:51 +02:00
|
|
|
// lines is the representation of a message that will be used for signing purposes
|
|
|
|
type lines []line
|
|
|
|
|
|
|
|
// bytesFromLines creates the line representation with the given endOfLine char
|
|
|
|
func (ls lines) bytesFromLines(sep []byte) []byte {
|
|
|
|
var raw []byte
|
|
|
|
for i := range ls {
|
|
|
|
raw = append(raw, ls[i].line...)
|
|
|
|
if len(ls[i].endOfLine) != 0 && sep != nil {
|
|
|
|
raw = append(raw, sep...)
|
|
|
|
} else {
|
|
|
|
raw = append(raw, ls[i].endOfLine...)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return raw
|
|
|
|
}
|
|
|
|
|
|
|
|
// parseLines constructs the lines representation of a given message
|
|
|
|
func parseLines(raw []byte) lines {
|
|
|
|
oneLine := line{raw, nil}
|
|
|
|
lines := lines{oneLine}
|
|
|
|
lines = lines.splitLine([]byte("\r\n"))
|
|
|
|
lines = lines.splitLine([]byte("\r"))
|
|
|
|
lines = lines.splitLine([]byte("\n"))
|
|
|
|
return lines
|
|
|
|
}
|
|
|
|
|
|
|
|
// splitLine uses the given endOfLine to split the given line
|
|
|
|
func (ls lines) splitLine(sep []byte) lines {
|
|
|
|
nl := lines{}
|
|
|
|
for _, l := range ls {
|
|
|
|
split := bytes.Split(l.line, sep)
|
|
|
|
if len(split) > 1 {
|
|
|
|
for i := 0; i < len(split)-1; i++ {
|
|
|
|
nl = append(nl, line{split[i], sep})
|
|
|
|
}
|
|
|
|
nl = append(nl, line{split[len(split)-1], l.endOfLine})
|
|
|
|
} else {
|
|
|
|
nl = append(nl, l)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return nl
|
2024-09-15 19:49:27 +02:00
|
|
|
}
|