Compare commits

..

No commits in common. "128b2bd32e30835c73ac0dc18836ce7098b9a3ad" and "7f7bf80e390f6df980ca66258b085ec5a4356bee" have entirely different histories.

11 changed files with 75 additions and 155 deletions

View file

@ -59,7 +59,6 @@ Here are some highlights of go-mail's featureset:
* [X] Custom error types for delivery errors * [X] Custom error types for delivery errors
* [X] Custom dial-context functions for more control over the connection (proxing, DNS hooking, etc.) * [X] Custom dial-context functions for more control over the connection (proxing, DNS hooking, etc.)
* [X] Output a go-mail message as EML file and parse EML file into a go-mail message * [X] Output a go-mail message as EML file and parse EML file into a go-mail message
* [X] S/MIME singed messages
go-mail works like a programatic email client and provides lots of methods and functionalities you would consider go-mail works like a programatic email client and provides lots of methods and functionalities you would consider
standard in a MUA. standard in a MUA.

View file

@ -1,3 +0,0 @@
// SPDX-FileCopyrightText: Copyright (c) 2022-2024 The go-mail Authors
//
// SPDX-License-Identifier: MIT

View file

@ -1,3 +0,0 @@
// SPDX-FileCopyrightText: Copyright (c) 2022-2024 The go-mail Authors
//
// SPDX-License-Identifier: MIT

View file

@ -172,19 +172,19 @@ const (
// TypeTextPlain represents the MIME type for plain text content. // TypeTextPlain represents the MIME type for plain text content.
TypeTextPlain ContentType = "text/plain" TypeTextPlain ContentType = "text/plain"
// typeSMimeSigned represents the MIME type for S/MIME singed messages. // typeSMimeSigned represents the MIME type for S/MIME singed messages.
typeSMimeSigned ContentType = `application/pkcs7-signature; name="smime.p7s"` typeSMimeSigned ContentType = `application/pkcs7-signature; name="smime.p7s"`
) )
const ( const (
// MIMEAlternative MIMEType represents a MIME multipart/alternative type, used for emails with multiple versions. // MIMEAlternative MIMEType represents a MIME multipart/alternative type, used for emails with multiple versions.
MIMEAlternative MIMEType = "alternative" MIMEAlternative MIMEType = "alternative"
// MIMEMixed MIMEType represents a MIME multipart/mixed type used for emails containing different types of content. // MIMEMixed MIMEType represents a MIME multipart/mixed type used for emails containing different types of content.
MIMEMixed MIMEType = "mixed" MIMEMixed MIMEType = "mixed"
// MIMERelated MIMEType represents a MIME multipart/related type, used for emails with related content entities. // MIMERelated MIMEType represents a MIME multipart/related type, used for emails with related content entities.
MIMERelated MIMEType = "related" MIMERelated MIMEType = "related"
// MIMESMime MIMEType represents a MIME multipart/signed type, used for siging emails with S/MIME. // MIMESMime MIMEType represents a MIME multipart/signed type, used for siging emails with S/MIME.
MIMESMime MIMEType = `signed; protocol="application/pkcs7-signature"; micalg=sha-256` MIMESMime MIMEType = `signed; protocol="application/pkcs7-signature"; micalg=sha-256`
) )
// String satisfies the fmt.Stringer interface for the Charset type. // String satisfies the fmt.Stringer interface for the Charset type.

7
msg.go
View file

@ -7,8 +7,7 @@ package mail
import ( import (
"bytes" "bytes"
"context" "context"
"crypto/rsa" "crypto/tls"
"crypto/x509"
"embed" "embed"
"errors" "errors"
"fmt" "fmt"
@ -339,8 +338,8 @@ func WithNoDefaultUserAgent() MsgOption {
} }
// SignWithSMime configures the Msg to be signed with S/MIME // SignWithSMime configures the Msg to be signed with S/MIME
func (m *Msg) SignWithSMime(privateKey *rsa.PrivateKey, certificate *x509.Certificate, intermediateCertificate *x509.Certificate) error { func (m *Msg) SignWithSMime(keyPair *tls.Certificate) error {
sMime, err := newSMime(privateKey, certificate, intermediateCertificate) sMime, err := newSMime(keyPair)
if err != nil { if err != nil {
return err return err
} }

View file

@ -1909,15 +1909,15 @@ func TestMsg_hasAlt(t *testing.T) {
// TestMsg_hasAlt tests the hasAlt() method of the Msg with active S/MIME // TestMsg_hasAlt tests the hasAlt() method of the Msg with active S/MIME
func TestMsg_hasAltWithSMime(t *testing.T) { func TestMsg_hasAltWithSMime(t *testing.T) {
privateKey, certificate, intermediateCertificate, err := getDummyCryptoMaterial() keyPair, err := getDummyCertificate()
if err != nil { if err != nil {
t.Errorf("failed to laod dummy crypto material. Cause: %v", err) t.Errorf("failed to load dummy certificate. Cause: %v", err)
} }
m := NewMsg() m := NewMsg()
m.SetBodyString(TypeTextPlain, "Plain") m.SetBodyString(TypeTextPlain, "Plain")
m.AddAlternativeString(TypeTextHTML, "<b>HTML</b>") m.AddAlternativeString(TypeTextHTML, "<b>HTML</b>")
if err := m.SignWithSMime(privateKey, certificate, intermediateCertificate); err != nil { if err := m.SignWithSMime(keyPair); err != nil {
t.Errorf("failed to init smime configuration") t.Errorf("set of certificate was not successful")
} }
if m.hasAlt() { if m.hasAlt() {
t.Errorf("mail has alternative parts and S/MIME is active, but hasAlt() returned true") t.Errorf("mail has alternative parts and S/MIME is active, but hasAlt() returned true")
@ -1926,13 +1926,13 @@ func TestMsg_hasAltWithSMime(t *testing.T) {
// TestMsg_hasSMime tests the hasSMime() method of the Msg // TestMsg_hasSMime tests the hasSMime() method of the Msg
func TestMsg_hasSMime(t *testing.T) { func TestMsg_hasSMime(t *testing.T) {
privateKey, certificate, intermediateCertificate, err := getDummyCryptoMaterial() keyPair, err := getDummyCertificate()
if err != nil { if err != nil {
t.Errorf("failed to laod dummy crypto material. Cause: %v", err) t.Errorf("failed to load dummy certificate. Cause: %v", err)
} }
m := NewMsg() m := NewMsg()
if err := m.SignWithSMime(privateKey, certificate, intermediateCertificate); err != nil { if err := m.SignWithSMime(keyPair); err != nil {
t.Errorf("failed to init smime configuration") t.Errorf("set of certificate was not successful")
} }
m.SetBodyString(TypeTextPlain, "Plain") m.SetBodyString(TypeTextPlain, "Plain")
if !m.hasSMime() { if !m.hasSMime() {
@ -2009,16 +2009,16 @@ func TestMsg_WriteToSkipMiddleware(t *testing.T) {
// TestMsg_WriteToWithSMIME tests the WriteTo() method of the Msg // TestMsg_WriteToWithSMIME tests the WriteTo() method of the Msg
func TestMsg_WriteToWithSMIME(t *testing.T) { func TestMsg_WriteToWithSMIME(t *testing.T) {
privateKey, certificate, intermediateCertificate, err := getDummyCryptoMaterial() keyPair, err := getDummyCertificate()
if err != nil { if err != nil {
t.Errorf("failed to laod dummy crypto material. Cause: %v", err) t.Errorf("failed to load dummy certificate. Cause: %v", err)
} }
m := NewMsg() m := NewMsg()
m.Subject("This is a test") m.Subject("This is a test")
m.SetBodyString(TypeTextPlain, "Plain") m.SetBodyString(TypeTextPlain, "Plain")
if err := m.SignWithSMime(privateKey, certificate, intermediateCertificate); err != nil { if err := m.SignWithSMime(keyPair); err != nil {
t.Errorf("failed to init smime configuration") t.Errorf("set of certificate was not successful")
} }
wbuf := bytes.Buffer{} wbuf := bytes.Buffer{}
@ -3345,12 +3345,12 @@ func TestNewMsgWithNoDefaultUserAgent(t *testing.T) {
// TestSignWithSMime_ValidKeyPair tests WithSMimeSinging with given key pair // TestSignWithSMime_ValidKeyPair tests WithSMimeSinging with given key pair
func TestSignWithSMime_ValidKeyPair(t *testing.T) { func TestSignWithSMime_ValidKeyPair(t *testing.T) {
privateKey, certificate, intermediateCertificate, err := getDummyCryptoMaterial() keyPair, err := getDummyCertificate()
if err != nil { if err != nil {
t.Errorf("failed to laod dummy crypto material. Cause: %v", err) t.Errorf("failed to load dummy certificate. Cause: %v", err)
} }
m := NewMsg() m := NewMsg()
if err := m.SignWithSMime(privateKey, certificate, intermediateCertificate); err != nil { if err := m.SignWithSMime(keyPair); err != nil {
t.Errorf("failed to set sMime. Cause: %v", err) t.Errorf("failed to set sMime. Cause: %v", err)
} }
if m.sMime.privateKey == nil { if m.sMime.privateKey == nil {
@ -3361,41 +3361,13 @@ func TestSignWithSMime_ValidKeyPair(t *testing.T) {
} }
} }
// TestSignWithSMime_InvalidPrivateKey tests WithSMimeSinging with given invalid private key // TestSignWithSMime_InvalidKeyPair tests WithSMimeSinging with given invalid key pair
func TestSignWithSMime_InvalidPrivateKey(t *testing.T) { func TestSignWithSMime_InvalidKeyPair(t *testing.T) {
m := NewMsg() m := NewMsg()
err := m.SignWithSMime(nil, nil, nil) err := m.SignWithSMime(nil)
if !errors.Is(err, ErrInvalidPrivateKey) { if !errors.Is(err, ErrInvalidKeyPair) {
t.Errorf("failed to pre-check SignWithSMime method values correctly: %s", err) t.Errorf("failed to check sMimeAuthConfig values correctly: %s", err)
}
}
// TestSignWithSMime_InvalidCertificate tests WithSMimeSinging with given invalid certificate
func TestSignWithSMime_InvalidCertificate(t *testing.T) {
privateKey, _, _, err := getDummyCryptoMaterial()
if err != nil {
t.Errorf("failed to laod dummy crypto material. Cause: %v", err)
}
m := NewMsg()
err = m.SignWithSMime(privateKey, nil, nil)
if !errors.Is(err, ErrInvalidCertificate) {
t.Errorf("failed to pre-check SignWithSMime method values correctly: %s", err)
}
}
// TestSignWithSMime_InvalidIntermediateCertificate tests WithSMimeSinging with given invalid intermediate certificate
func TestSignWithSMime_InvalidIntermediateCertificate(t *testing.T) {
privateKey, certificate, _, err := getDummyCryptoMaterial()
if err != nil {
t.Errorf("failed to laod dummy crypto material. Cause: %v", err)
}
m := NewMsg()
err = m.SignWithSMime(privateKey, certificate, nil)
if !errors.Is(err, ErrInvalidIntermediateCertificate) {
t.Errorf("failed to pre-check SignWithSMime method values correctly: %s", err)
} }
} }
@ -3429,13 +3401,13 @@ func FuzzMsg_From(f *testing.F) {
// TestMsg_createSignaturePart tests the Msg.createSignaturePart method // TestMsg_createSignaturePart tests the Msg.createSignaturePart method
func TestMsg_createSignaturePart(t *testing.T) { func TestMsg_createSignaturePart(t *testing.T) {
privateKey, certificate, intermediateCertificate, err := getDummyCryptoMaterial() keyPair, err := getDummyCertificate()
if err != nil { if err != nil {
t.Errorf("failed to laod dummy crypto material. Cause: %v", err) t.Errorf("failed to load dummy certificate. Cause: %v", err)
} }
m := NewMsg() m := NewMsg()
if err := m.SignWithSMime(privateKey, certificate, intermediateCertificate); err != nil { if err := m.SignWithSMime(keyPair); err != nil {
t.Errorf("failed to init smime configuration") t.Errorf("set of certificate was not successful")
} }
body := []byte("This is the body") body := []byte("This is the body")
part, err := m.createSignaturePart(EncodingQP, TypeTextPlain, CharsetUTF7, body) part, err := m.createSignaturePart(EncodingQP, TypeTextPlain, CharsetUTF7, body)
@ -3459,15 +3431,15 @@ func TestMsg_createSignaturePart(t *testing.T) {
// TestMsg_signMessage tests the Msg.signMessage method // TestMsg_signMessage tests the Msg.signMessage method
func TestMsg_signMessage(t *testing.T) { func TestMsg_signMessage(t *testing.T) {
privateKey, certificate, intermediateCertificate, err := getDummyCryptoMaterial() keyPair, err := getDummyCertificate()
if err != nil { if err != nil {
t.Errorf("failed to laod dummy crypto material. Cause: %v", err) t.Errorf("failed to load dummy certificate. Cause: %v", err)
} }
body := []byte("This is the body") body := []byte("This is the body")
m := NewMsg() m := NewMsg()
m.SetBodyString(TypeTextPlain, string(body)) m.SetBodyString(TypeTextPlain, string(body))
if err := m.SignWithSMime(privateKey, certificate, intermediateCertificate); err != nil { if err := m.SignWithSMime(keyPair); err != nil {
t.Errorf("failed to init smime configuration") t.Errorf("set of certificate was not successful")
} }
msg, err := m.signMessage(m) msg, err := m.signMessage(m)
if err != nil { if err != nil {

View file

@ -157,14 +157,14 @@ func TestMsgWriter_writeMsg_PGP(t *testing.T) {
// TestMsgWriter_writeMsg_SMime tests the writeMsg method of the msgWriter with S/MIME types set // TestMsgWriter_writeMsg_SMime tests the writeMsg method of the msgWriter with S/MIME types set
func TestMsgWriter_writeMsg_SMime(t *testing.T) { func TestMsgWriter_writeMsg_SMime(t *testing.T) {
privateKey, certificate, intermediateCertificate, err := getDummyCryptoMaterial() keyPair, err := getDummyCertificate()
if err != nil { if err != nil {
t.Errorf("failed to laod dummy crypto material. Cause: %v", err) t.Errorf("failed to load dummy certificate. Cause: %v", err)
} }
m := NewMsg() m := NewMsg()
if err := m.SignWithSMime(privateKey, certificate, intermediateCertificate); err != nil { if err := m.SignWithSMime(keyPair); err != nil {
t.Errorf("failed to init smime configuration") t.Errorf("set of certificate was not successful")
} }
_ = m.From(`"Toni Tester" <test@example.com>`) _ = m.From(`"Toni Tester" <test@example.com>`)
_ = m.To(`"Toni Receiver" <receiver@example.com>`) _ = m.To(`"Toni Receiver" <receiver@example.com>`)

View file

@ -152,6 +152,7 @@ func (p *Part) SetDescription(description string) {
p.description = description p.description = description
} }
// SetIsSMimeSigned sets the flag for signing the Part with S/MIME // SetIsSMimeSigned sets the flag for signing the Part with S/MIME
func (p *Part) SetIsSMimeSigned(smime bool) { func (p *Part) SetIsSMimeSigned(smime bool) {
p.smime = smime p.smime = smime

View file

@ -1,30 +1,20 @@
// SPDX-FileCopyrightText: 2022-2023 The go-mail Authors
//
// SPDX-License-Identifier: MIT
package mail package mail
import ( import (
"bytes" "bytes"
"crypto/rsa" "crypto/rsa"
"crypto/tls"
"crypto/x509" "crypto/x509"
"encoding/pem" "encoding/pem"
"errors" "errors"
"fmt" "fmt"
"strings"
"go.mozilla.org/pkcs7" "go.mozilla.org/pkcs7"
"strings"
) )
var ( var (
// ErrInvalidPrivateKey should be used if private key is invalid // ErrInvalidKeyPair should be used if key pair is invalid
ErrInvalidPrivateKey = errors.New("invalid private key") ErrInvalidKeyPair = errors.New("invalid key pair")
// ErrInvalidCertificate should be used if the certificate is invalid
ErrInvalidCertificate = errors.New("invalid certificate")
// ErrInvalidIntermediateCertificate should be used if the intermediate certificate is invalid
ErrInvalidIntermediateCertificate = errors.New("invalid intermediate certificate")
// ErrCouldNotInitialize should be used if the signed data could not initialize // ErrCouldNotInitialize should be used if the signed data could not initialize
ErrCouldNotInitialize = errors.New("could not initialize signed data") ErrCouldNotInitialize = errors.New("could not initialize signed data")
@ -41,32 +31,19 @@ var (
// SMime is used to sign messages with S/MIME // SMime is used to sign messages with S/MIME
type SMime struct { type SMime struct {
privateKey *rsa.PrivateKey privateKey *rsa.PrivateKey
certificate *x509.Certificate certificate *x509.Certificate
intermediateCertificate *x509.Certificate
} }
// NewSMime construct a new instance of SMime with provided parameters // NewSMime construct a new instance of SMime with a provided *tls.Certificate
// privateKey as *rsa.PrivateKey func newSMime(keyPair *tls.Certificate) (*SMime, error) {
// certificate as *x509.Certificate if keyPair == nil {
// intermediateCertificate as *x509.Certificate return nil, ErrInvalidKeyPair
func newSMime(privateKey *rsa.PrivateKey, certificate *x509.Certificate, intermediateCertificate *x509.Certificate) (*SMime, error) {
if privateKey == nil {
return nil, ErrInvalidPrivateKey
}
if certificate == nil {
return nil, ErrInvalidCertificate
}
if intermediateCertificate == nil {
return nil, ErrInvalidIntermediateCertificate
} }
return &SMime{ return &SMime{
privateKey: privateKey, privateKey: keyPair.PrivateKey.(*rsa.PrivateKey),
certificate: certificate, certificate: keyPair.Leaf,
intermediateCertificate: intermediateCertificate,
}, nil }, nil
} }
@ -81,7 +58,7 @@ func (sm *SMime) signMessage(message string) (*string, error) {
return nil, ErrCouldNotInitialize return nil, ErrCouldNotInitialize
} }
if err = signedData.AddSignerChain(sm.certificate, sm.privateKey, []*x509.Certificate{sm.intermediateCertificate}, pkcs7.SignerInfoConfig{}); err != nil { if err = signedData.AddSigner(sm.certificate, sm.privateKey, pkcs7.SignerInfoConfig{}); err != nil {
return nil, ErrCouldNotAddSigner return nil, ErrCouldNotAddSigner
} }

View file

@ -1,7 +1,3 @@
// SPDX-FileCopyrightText: 2022-2023 The go-mail Authors
//
// SPDX-License-Identifier: MIT
package mail package mail
import ( import (
@ -14,35 +10,32 @@ import (
// TestNewSMime tests the newSMime method // TestNewSMime tests the newSMime method
func TestNewSMime(t *testing.T) { func TestNewSMime(t *testing.T) {
privateKey, certificate, intermediateCertificate, err := getDummyCryptoMaterial() keyPair, err := getDummyCertificate()
if err != nil { if err != nil {
t.Errorf("Error getting dummy crypto material: %s", err) t.Errorf("Error getting dummy certificate: %s", err)
} }
sMime, err := newSMime(privateKey, certificate, intermediateCertificate) sMime, err := newSMime(keyPair)
if err != nil { if err != nil {
t.Errorf("Error creating new SMime from keyPair: %s", err) t.Errorf("Error creating new SMime from keyPair: %s", err)
} }
if sMime.privateKey != privateKey { if sMime.privateKey != keyPair.PrivateKey {
t.Errorf("NewSMime() did not return the same private key") t.Errorf("NewSMime() did not return the same private key")
} }
if sMime.certificate != certificate { if sMime.certificate != keyPair.Leaf {
t.Errorf("NewSMime() did not return the same certificate") t.Errorf("NewSMime() did not return the same leaf certificate")
}
if sMime.intermediateCertificate != intermediateCertificate {
t.Errorf("NewSMime() did not return the same intermedidate certificate")
} }
} }
// TestSign tests the sign method // TestSign tests the sign method
func TestSign(t *testing.T) { func TestSign(t *testing.T) {
privateKey, certificate, intermediateCertificate, err := getDummyCryptoMaterial() keyPair, err := getDummyCertificate()
if err != nil { if err != nil {
t.Errorf("Error getting dummy crypto material: %s", err) t.Errorf("Error getting dummy certificate: %s", err)
} }
sMime, err := newSMime(privateKey, certificate, intermediateCertificate) sMime, err := newSMime(keyPair)
if err != nil { if err != nil {
t.Errorf("Error creating new SMime from keyPair: %s", err) t.Errorf("Error creating new SMime from keyPair: %s", err)
} }
@ -60,12 +53,12 @@ func TestSign(t *testing.T) {
// TestPrepareMessage tests the createMessage method // TestPrepareMessage tests the createMessage method
func TestPrepareMessage(t *testing.T) { func TestPrepareMessage(t *testing.T) {
privateKey, certificate, intermediateCertificate, err := getDummyCryptoMaterial() keyPair, err := getDummyCertificate()
if err != nil { if err != nil {
t.Errorf("Error getting dummy crypto material: %s", err) t.Errorf("Error getting dummy certificate: %s", err)
} }
sMime, err := newSMime(privateKey, certificate, intermediateCertificate) sMime, err := newSMime(keyPair)
if err != nil { if err != nil {
t.Errorf("Error creating new SMime from keyPair: %s", err) t.Errorf("Error creating new SMime from keyPair: %s", err)
} }

View file

@ -1,11 +1,6 @@
// SPDX-FileCopyrightText: 2022-2023 The go-mail Authors
//
// SPDX-License-Identifier: MIT
package mail package mail
import ( import (
"crypto/rsa"
"crypto/tls" "crypto/tls"
"crypto/x509" "crypto/x509"
) )
@ -15,24 +10,14 @@ const (
keyFilePath = "dummy-child-key.pem" keyFilePath = "dummy-child-key.pem"
) )
// getDummyCryptoMaterial loads a certificate and a private key form local disk for testing purposes // getDummyCertificate loads a certificate and a private key form local disk for testing purposes
func getDummyCryptoMaterial() (*rsa.PrivateKey, *x509.Certificate, *x509.Certificate, error) { func getDummyCertificate() (*tls.Certificate, error) {
keyPair, err := tls.LoadX509KeyPair(certFilePath, keyFilePath) keyPair, err := tls.LoadX509KeyPair(certFilePath, keyFilePath)
if err != nil { if err != nil {
return nil, nil, nil, err return nil, err
} }
privateKey := keyPair.PrivateKey.(*rsa.PrivateKey) keyPair.Leaf, err = x509.ParseCertificate(keyPair.Certificate[0])
certificate, err := x509.ParseCertificate(keyPair.Certificate[0]) return &keyPair, nil
if err != nil {
return nil, nil, nil, err
}
intermediateCertificate, err := x509.ParseCertificate(keyPair.Certificate[1])
if err != nil {
return nil, nil, nil, err
}
return privateKey, certificate, intermediateCertificate, nil
} }