Merge 894936092e into 580d0b0e4e

encoding.go

@@ -19,6 +19,9 @@ type MIMEVersion string
 // MIMEType represents the MIME type for the mail
 type MIMEType string
 
+// Disposition represents a content disposition for the Msg
+type Disposition string
+
 // List of supported encodings
 const (
 	// EncodingB64 represents the Base64 encoding as specified in RFC 2045.
@@ -149,6 +152,7 @@ const (
 	TypePGPEncrypted         ContentType = "application/pgp-encrypted"
 	TypeTextHTML             ContentType = "text/html"
 	TypeTextPlain            ContentType = "text/plain"
+	typeSMimeSigned          ContentType = `application/pkcs7-signature; name="smime.p7s"`
 )
 
 // List of MIMETypes
@@ -156,6 +160,12 @@ const (
 	MIMEAlternative MIMEType = "alternative"
 	MIMEMixed       MIMEType = "mixed"
 	MIMERelated     MIMEType = "related"
+	MIMESMime       MIMEType = `signed; protocol="application/pkcs7-signature"; micalg=sha256`
+)
+
+// List of common content disposition
+const (
+	DispositionSMime Disposition = `attachment; filename="smime.p7s"`
 )
 
 // String is a standard method to convert an Charset into a printable format
@@ -172,3 +182,8 @@ func (c ContentType) String() string {
 func (e Encoding) String() string {
 	return string(e)
 }
+
+// String is a standard method to convert an Disposition into a printable format
+func (d Disposition) String() string {
+	return string(d)
+}

encoding_test.go

@@ -61,6 +61,11 @@ func TestContentType_String(t *testing.T) {
 			"ContentType: application/pgp-encrypted", TypePGPEncrypted,
 			"application/pgp-encrypted",
 		},
+
+		{
+			"ContentType: pkcs7-signature", typeSMimeSigned,
+			`application/pkcs7-signature; name="smime.p7s"`,
+		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
@@ -121,3 +126,22 @@ func TestCharset_String(t *testing.T) {
 		})
 	}
 }
+
+// TestDisposition_String tests the string method of the Disposition object
+func TestDisposition_String(t *testing.T) {
+	tests := []struct {
+		name string
+		d    Disposition
+		want string
+	}{
+		{"Disposition: S/Mime", DispositionSMime, `attachment; filename="smime.p7s"`},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			if tt.d.String() != tt.want {
+				t.Errorf("wrong string for Disposition returned. Expected: %s, got: %s",
+					tt.want, tt.d.String())
+			}
+		})
+	}
+}

go.mod

@@ -5,3 +5,5 @@
 module github.com/wneessen/go-mail
 
 go 1.16
+
+require go.mozilla.org/pkcs7 v0.9.0

go.sum

@@ -0,0 +1,2 @@
+go.mozilla.org/pkcs7 v0.9.0 h1:yM4/HS9dYv7ri2biPtxt8ikvB37a980dg69/pKmS+eI=
+go.mozilla.org/pkcs7 v0.9.0/go.mod h1:SNgMg+EgDFwmvSmLRTNKC5fegJjB7v23qTQ0XLGUNHk=

msg.go

@@ -7,6 +7,8 @@ package mail
 import (
 	"bytes"
 	"context"
+	"crypto/rsa"
+	"crypto/x509"
 	"embed"
 	"errors"
 	"fmt"
@@ -120,6 +122,9 @@ type Msg struct {
 
 	// noDefaultUserAgent indicates whether the default User Agent will be excluded for the Msg when it's sent.
 	noDefaultUserAgent bool
+
+	// SMime represents a middleware used to sign messages with S/MIME
+	sMime *SMime
 }
 
 // SendmailPath is the default system path to the sendmail binary
@@ -202,6 +207,16 @@ func WithNoDefaultUserAgent() MsgOption {
 	}
 }
 
+// SignWithSMime configures the Msg to be signed with S/MIME
+func (m *Msg) SignWithSMime(privateKey *rsa.PrivateKey, certificate *x509.Certificate) error {
+	sMime, err := NewSMime(privateKey, certificate)
+	if err != nil {
+		return err
+	}
+	m.sMime = sMime
+	return nil
+}
+
 // SetCharset sets the encoding charset of the Msg
 func (m *Msg) SetCharset(c Charset) {
 	m.charset = c
@@ -979,10 +994,47 @@ func (m *Msg) applyMiddlewares(msg *Msg) *Msg {
 	return msg
 }
 
+// signMessage sign the Msg with S/MIME
+func (m *Msg) signMessage(msg *Msg) (*Msg, error) {
+	currentPart := m.GetParts()[0]
+	currentPart.SetEncoding(EncodingUSASCII)
+	currentPart.SetContentType(TypeTextPlain)
+	content, err := currentPart.GetContent()
+	if err != nil {
+		return nil, errors.New("failed to extract content from part")
+	}
+
+	signedContent, err := m.sMime.Sign(content)
+	if err != nil {
+		return nil, errors.New("failed to sign message")
+	}
+
+	signedPart := msg.newPart(
+		typeSMimeSigned,
+		WithPartEncoding(EncodingB64),
+		WithContentDisposition(DispositionSMime),
+	)
+	signedPart.SetContent(*signedContent)
+	msg.parts = append(msg.parts, signedPart)
+
+	return msg, nil
+}
+
 // WriteTo writes the formated Msg into a give io.Writer and satisfies the io.WriteTo interface
 func (m *Msg) WriteTo(writer io.Writer) (int64, error) {
 	mw := &msgWriter{writer: writer, charset: m.charset, encoder: m.encoder}
-	mw.writeMsg(m.applyMiddlewares(m))
+	msg := m.applyMiddlewares(m)
+
+	if m.sMime != nil {
+		signedMsg, err := m.signMessage(msg)
+		if err != nil {
+			return 0, err
+		}
+		msg = signedMsg
+	}
+
+	mw.writeMsg(msg)
+
 	return mw.bytesWritten, mw.err
 }
 
@@ -1177,6 +1229,11 @@ func (m *Msg) hasMixed() bool {
 	return m.pgptype == 0 && ((len(m.parts) > 0 && len(m.attachments) > 0) || len(m.attachments) > 1)
 }
 
+// hasSMime returns true if the Msg has should be signed with S/MIME
+func (m *Msg) hasSMime() bool {
+	return m.sMime != nil
+}
+
 // hasRelated returns true if the Msg has related parts
 func (m *Msg) hasRelated() bool {
 	return m.pgptype == 0 && ((len(m.parts) > 0 && len(m.embeds) > 0) || len(m.embeds) > 1)

msg_test.go

@@ -3246,6 +3246,36 @@ func TestNewMsgWithNoDefaultUserAgent(t *testing.T) {
 	}
 }
 
+// TestWithSMimeSinging_ValidPrivateKey tests WithSMimeSinging with given privateKey
+func TestWithSMimeSinging_ValidPrivateKey(t *testing.T) {
+	privateKey, err := getDummyPrivateKey()
+	if err != nil {
+		t.Errorf("failed to load dummy private key: %s", err)
+	}
+	certificate, err := getDummyCertificate(privateKey)
+	if err != nil {
+		t.Errorf("failed to load dummy certificate: %s", err)
+	}
+
+	m := NewMsg()
+	if err := m.SignWithSMime(privateKey, certificate); err != nil {
+		t.Errorf("failed to set sMime. Cause: %v", err)
+	}
+	if m.sMime.privateKey != privateKey {
+		t.Errorf("WithSMimeSinging. Expected %v, got: %v", privateKey, m.sMime.privateKey)
+	}
+}
+
+// TestWithSMimeSinging_InvalidPrivateKey tests WithSMimeSinging with given invalid privateKey
+func TestWithSMimeSinging_InvalidPrivateKey(t *testing.T) {
+	m := NewMsg()
+
+	err := m.SignWithSMime(nil, nil)
+	if !errors.Is(err, ErrInvalidPrivateKey) {
+		t.Errorf("failed to check sMimeAuthConfig values correctly: %s", err)
+	}
+}
+
 // Fuzzing tests
 func FuzzMsg_Subject(f *testing.F) {
 	f.Add("Testsubject")

msgwriter.go

@@ -88,6 +88,10 @@ func (mw *msgWriter) writeMsg(msg *Msg) {
 		}
 	}
 
+	if msg.hasSMime() {
+		mw.startMP(MIMESMime, msg.boundary)
+		mw.writeString(DoubleNewLine)
+	}
 	if msg.hasMixed() {
 		mw.startMP(MIMEMixed, msg.boundary)
 		mw.writeString(DoubleNewLine)
@@ -96,7 +100,7 @@ func (mw *msgWriter) writeMsg(msg *Msg) {
 		mw.startMP(MIMERelated, msg.boundary)
 		mw.writeString(DoubleNewLine)
 	}
-	if msg.hasAlt() {
+	if msg.hasAlt() && !msg.hasSMime() {
 		mw.startMP(MIMEAlternative, msg.boundary)
 		mw.writeString(DoubleNewLine)
 	}
@@ -265,6 +269,9 @@ func (mw *msgWriter) writePart(part *Part, charset Charset) {
 		if part.description != "" {
 			mimeHeader.Add(string(HeaderContentDescription), part.description)
 		}
+		if part.disposition != "" {
+			mimeHeader.Add(string(HeaderContentDisposition), part.disposition.String())
+		}
 		mimeHeader.Add(string(HeaderContentType), contentType)
 		mimeHeader.Add(string(HeaderContentTransferEnc), contentTransferEnc)
 		mw.newPart(mimeHeader)

part.go

@@ -17,6 +17,7 @@ type Part struct {
 	contentType ContentType
 	charset     Charset
 	description string
+	disposition Disposition
 	encoding    Encoding
 	isDeleted   bool
 	writeFunc   func(io.Writer) (int64, error)
@@ -56,6 +57,11 @@ func (p *Part) GetDescription() string {
 	return p.description
 }
 
+// GetDisposition returns the currently set Content-Disposition of the Part
+func (p *Part) GetDisposition() Disposition {
+	return p.disposition
+}
+
 // SetContent overrides the content of the Part with the given string
 func (p *Part) SetContent(content string) {
 	buffer := bytes.NewBufferString(content)
@@ -82,6 +88,11 @@ func (p *Part) SetDescription(description string) {
 	p.description = description
 }
 
+// SetDisposition overrides the Content-Disposition of the Part
+func (p *Part) SetDisposition(disposition Disposition) {
+	p.disposition = disposition
+}
+
 // SetWriteFunc overrides the WriteFunc of the Part
 func (p *Part) SetWriteFunc(writeFunc func(io.Writer) (int64, error)) {
 	p.writeFunc = writeFunc
@@ -113,3 +124,10 @@ func WithPartContentDescription(description string) PartOption {
 		p.description = description
 	}
 }
+
+// WithContentDisposition overrides the default Part Content-Disposition
+func WithContentDisposition(disposition Disposition) PartOption {
+	return func(p *Part) {
+		p.disposition = disposition
+	}
+}

part_test.go

@@ -102,6 +102,35 @@ func TestPart_WithPartContentDescription(t *testing.T) {
 	}
 }
 
+// TestPart_withContentDisposition tests the WithContentDisposition method
+func TestPart_withContentDisposition(t *testing.T) {
+	tests := []struct {
+		name        string
+		disposition Disposition
+	}{
+		{"Part disposition: test", "test"},
+		{"Part disposition: empty", ""},
+	}
+	for _, tt := range tests {
+		m := NewMsg()
+		t.Run(tt.name, func(t *testing.T) {
+			part := m.newPart(TypeTextPlain, WithContentDisposition(tt.disposition), nil)
+			if part == nil {
+				t.Errorf("newPart() WithPartContentDescription() failed: no part returned")
+				return
+			}
+			if part.disposition != tt.disposition {
+				t.Errorf("newPart() WithContentDisposition() failed: expected: %s, got: %s", tt.disposition, part.description)
+			}
+			part.disposition = ""
+			part.SetDisposition(tt.disposition)
+			if part.disposition != tt.disposition {
+				t.Errorf("newPart() SetDisposition() failed: expected: %s, got: %s", tt.disposition, part.description)
+			}
+		})
+	}
+}
+
 // TestPartContentType tests Part.SetContentType
 func TestPart_SetContentType(t *testing.T) {
 	tests := []struct {
@@ -323,6 +352,31 @@ func TestPart_SetDescription(t *testing.T) {
 	}
 }
 
+// TestPart_SetDisposition tests Part.SetDisposition
+func TestPart_SetDisposition(t *testing.T) {
+	c := "This is a test"
+	d := Disposition("test-disposition")
+	m := NewMsg()
+	m.SetBodyString(TypeTextPlain, c)
+	pl, err := getPartList(m)
+	if err != nil {
+		t.Errorf("failed: %s", err)
+		return
+	}
+	pd := pl[0].GetDisposition()
+	if pd != "" {
+		t.Errorf("Part.GetDisposition failed. Expected empty description but got: %s", pd)
+	}
+	pl[0].SetDisposition(d)
+	if pl[0].disposition != d {
+		t.Errorf("Part.SetDisposition failed. Expected description to be: %s, got: %s", d, pd)
+	}
+	pd = pl[0].GetDisposition()
+	if pd != d {
+		t.Errorf("Part.GetDisposition failed. Expected: %s, got: %s", d, pd)
+	}
+}
+
 // TestPart_Delete tests Part.Delete
 func TestPart_Delete(t *testing.T) {
 	c := "This is a test with ümläutß"

sime.go

@@ -0,0 +1,70 @@
+package mail
+
+import (
+	"crypto/rsa"
+	"crypto/x509"
+	"errors"
+	"go.mozilla.org/pkcs7"
+)
+
+var (
+	// ErrInvalidPrivateKey should be used if private key is invalid
+	ErrInvalidPrivateKey = errors.New("invalid private key")
+
+	// ErrInvalidCertificate should be used if certificate is invalid
+	ErrInvalidCertificate = errors.New("invalid certificate")
+
+	// ErrCouldNotInitialize should be used if the signed data could not initialize
+	ErrCouldNotInitialize = errors.New("could not initialize signed data")
+
+	// ErrCouldNotAddSigner should be used if the signer could not be added
+	ErrCouldNotAddSigner = errors.New("could not add signer message")
+
+	// ErrCouldNotFinishSigning should be used if the signing could not be finished
+	ErrCouldNotFinishSigning = errors.New("could not finish signing")
+)
+
+// SMime is used to sign messages with S/MIME
+type SMime struct {
+	privateKey  *rsa.PrivateKey
+	certificate *x509.Certificate
+}
+
+// NewSMime construct a new instance of SMime with a provided *rsa.PrivateKey
+func NewSMime(privateKey *rsa.PrivateKey, certificate *x509.Certificate) (*SMime, error) {
+	if privateKey == nil {
+		return nil, ErrInvalidPrivateKey
+	}
+
+	if certificate == nil {
+		return nil, ErrInvalidCertificate
+	}
+
+	return &SMime{
+		privateKey:  privateKey,
+		certificate: certificate,
+	}, nil
+}
+
+// Sign the content with the given privateKey of the method NewSMime
+func (sm *SMime) Sign(content []byte) (*string, error) {
+	toBeSigned, err := pkcs7.NewSignedData(content)
+
+	toBeSigned.SetDigestAlgorithm(pkcs7.OIDDigestAlgorithmSHA256)
+	if err != nil {
+		return nil, ErrCouldNotInitialize
+	}
+
+	if err = toBeSigned.AddSigner(sm.certificate, sm.privateKey, pkcs7.SignerInfoConfig{}); err != nil {
+		return nil, ErrCouldNotAddSigner
+	}
+
+	signed, err := toBeSigned.Finish()
+	if err != nil {
+		return nil, ErrCouldNotFinishSigning
+	}
+
+	signedData := string(signed)
+
+	return &signedData, nil
+}

util_test.go

@@ -0,0 +1,41 @@
+package mail
+
+import (
+	"crypto/rand"
+	"crypto/rsa"
+	"crypto/x509"
+	"crypto/x509/pkix"
+	"math/big"
+	"time"
+)
+
+func getDummyPrivateKey() (*rsa.PrivateKey, error) {
+	privateKey, err := rsa.GenerateKey(rand.Reader, 2048)
+	if err != nil {
+		return nil, err
+	}
+	return privateKey, nil
+}
+
+func getDummyCertificate(privateKey *rsa.PrivateKey) (*x509.Certificate, error) {
+	template := &x509.Certificate{
+		SerialNumber: big.NewInt(1234),
+		Subject:      pkix.Name{Organization: []string{"My Organization"}},
+		NotBefore:    time.Now(),
+		NotAfter:     time.Now().AddDate(1, 0, 0),
+		KeyUsage:     x509.KeyUsageDigitalSignature,
+		ExtKeyUsage:  []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},
+	}
+
+	certDER, err := x509.CreateCertificate(rand.Reader, template, template, &privateKey.PublicKey, privateKey)
+	if err != nil {
+		return nil, err
+	}
+
+	cert, err := x509.ParseCertificate(certDER)
+	if err != nil {
+		return nil, err
+	}
+
+	return cert, nil
+}