Merge 894936092e into d3bea90761

client.go

@@ -127,9 +127,6 @@ type Client struct {
 	// smtpAuthType represents the authentication type for SMTP AUTH
 	smtpAuthType SMTPAuthType
 
-	// SMimeAuthConfig represents the authentication type for s/mime crypto key material
-	sMimeAuthConfig *SMimeAuthConfig
-
 	// smtpClient is the smtp.Client that is set up when using the Dial*() methods
 	smtpClient *smtp.Client
 
@@ -171,9 +168,6 @@ var (
 	// ErrInvalidTLSConfig should be used if an empty tls.Config is provided
 	ErrInvalidTLSConfig = errors.New("invalid TLS config")
 
-	// ErrInvalidSMimeAuthConfig should be used if the values in the struct SMimeAuthConfig are empty
-	ErrInvalidSMimeAuthConfig = errors.New("invalid S/MIME authentication config")
-
 	// ErrNoHostname should be used if a Client has no hostname set
 	ErrNoHostname = errors.New("hostname for client cannot be empty")
 
@@ -465,17 +459,6 @@ func WithDialContextFunc(dialCtxFunc DialContextFunc) Option {
 	}
 }
 
-// WithSMimeConfig tells the client to use the provided SMIMEAuth for s/mime crypto key material authentication
-func WithSMimeConfig(sMimeAuthConfig *SMimeAuthConfig) Option {
-	return func(c *Client) error {
-		if sMimeAuthConfig.Certificate == nil && sMimeAuthConfig.PrivateKey == nil {
-			return ErrInvalidSMimeAuthConfig
-		}
-		c.sMimeAuthConfig = sMimeAuthConfig
-		return nil
-	}
-}
-
 // TLSPolicy returns the currently set TLSPolicy as string
 func (c *Client) TLSPolicy() string {
 	return c.tlspolicy.String()

client_test.go

@@ -6,15 +6,10 @@ package mail
 
 import (
 	"context"
-	"crypto/rand"
-	"crypto/rsa"
 	"crypto/tls"
-	"crypto/x509"
-	"crypto/x509/pkix"
 	"errors"
 	"fmt"
 	"io"
-	"math/big"
 	"net"
 	"os"
 	"strconv"
@@ -122,7 +117,7 @@ func TestNewClientWithOptions(t *testing.T) {
 		{"WithDialContextFunc()", WithDialContextFunc(func(ctx context.Context, network, address string) (net.Conn, error) {
 			return nil, nil
 		}), false},
-		{"WithSMimeConfig()", WithSMimeConfig(&SMimeAuthConfig{}), true},
+
 		{
 			"WithDSNRcptNotifyType() NEVER combination",
 			WithDSNRcptNotifyType(DSNRcptNotifySuccess, DSNRcptNotifyNever), true,
@@ -761,43 +756,6 @@ func TestClient_DialWithContextInvalidAuth(t *testing.T) {
 	}
 }
 
-// TestWithSMime tests the WithSMime method with invalid SMimeAuthConfig for the Client object
-func TestWithSMime_InvalidConfig(t *testing.T) {
-	_, err := NewClient(DefaultHost, WithSMimeConfig(&SMimeAuthConfig{}))
-	if !errors.Is(err, ErrInvalidSMimeAuthConfig) {
-		t.Errorf("failed to check sMimeAuthConfig values correctly: %s", err)
-	}
-}
-
-// TestWithSMime tests the WithSMime method with valid SMimeAuthConfig that is loaded from dummy certificate for the Client object
-func TestWithSMime_ValidConfig(t *testing.T) {
-	privateKey, err := getDummyPrivateKey()
-	if err != nil {
-		t.Errorf("failed to load dummy private key: %s", err)
-	}
-
-	certificate, err := getDummyCertificate(privateKey)
-	if err != nil {
-		t.Errorf("failed to load dummy certificate: %s", err)
-	}
-
-	sMimeAuthConfig := &SMimeAuthConfig{PrivateKey: privateKey, Certificate: certificate}
-	c, err := NewClient(DefaultHost, WithSMimeConfig(sMimeAuthConfig))
-	if err != nil {
-		t.Errorf("failed to create new client: %s", err)
-	}
-
-	if c.sMimeAuthConfig != sMimeAuthConfig {
-		t.Errorf("failed to set smeAuthConfig. Expected %v, got: %v", sMimeAuthConfig, c.sMimeAuthConfig)
-	}
-	if c.sMimeAuthConfig.PrivateKey != sMimeAuthConfig.PrivateKey {
-		t.Errorf("failed to set smeAuthConfig.PrivateKey Expected %v, got: %v", sMimeAuthConfig, c.sMimeAuthConfig)
-	}
-	if c.sMimeAuthConfig.Certificate != sMimeAuthConfig.Certificate {
-		t.Errorf("failed to set smeAuthConfig.Certificate Expected %v, got: %v", sMimeAuthConfig, c.sMimeAuthConfig)
-	}
-}
-
 // TestClient_checkConn tests the checkConn method with intentional breaking for the Client object
 func TestClient_checkConn(t *testing.T) {
 	c, err := getTestConnection(true)
@@ -1526,37 +1484,6 @@ func getFakeDialFunc(conn net.Conn) DialContextFunc {
 	}
 }
 
-func getDummyPrivateKey() (*rsa.PrivateKey, error) {
-	privateKey, err := rsa.GenerateKey(rand.Reader, 2048)
-	if err != nil {
-		return nil, err
-	}
-	return privateKey, nil
-}
-
-func getDummyCertificate(privateKey *rsa.PrivateKey) (*x509.Certificate, error) {
-	template := &x509.Certificate{
-		SerialNumber: big.NewInt(1234),
-		Subject:      pkix.Name{Organization: []string{"My Organization"}},
-		NotBefore:    time.Now(),
-		NotAfter:     time.Now().AddDate(1, 0, 0),
-		KeyUsage:     x509.KeyUsageDigitalSignature,
-		ExtKeyUsage:  []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},
-	}
-
-	certDER, err := x509.CreateCertificate(rand.Reader, template, template, &privateKey.PublicKey, privateKey)
-	if err != nil {
-		return nil, err
-	}
-
-	cert, err := x509.ParseCertificate(certDER)
-	if err != nil {
-		return nil, err
-	}
-
-	return cert, nil
-}
-
 type faker struct {
 	io.ReadWriter
 }

encoding.go

@@ -19,6 +19,9 @@ type MIMEVersion string
 // MIMEType represents the MIME type for the mail
 type MIMEType string
 
+// Disposition represents a content disposition for the Msg
+type Disposition string
+
 // List of supported encodings
 const (
 	// EncodingB64 represents the Base64 encoding as specified in RFC 2045.
@@ -149,6 +152,7 @@ const (
 	TypePGPEncrypted         ContentType = "application/pgp-encrypted"
 	TypeTextHTML             ContentType = "text/html"
 	TypeTextPlain            ContentType = "text/plain"
+	typeSMimeSigned          ContentType = `application/pkcs7-signature; name="smime.p7s"`
 )
 
 // List of MIMETypes
@@ -156,6 +160,12 @@ const (
 	MIMEAlternative MIMEType = "alternative"
 	MIMEMixed       MIMEType = "mixed"
 	MIMERelated     MIMEType = "related"
+	MIMESMime       MIMEType = `signed; protocol="application/pkcs7-signature"; micalg=sha256`
+)
+
+// List of common content disposition
+const (
+	DispositionSMime Disposition = `attachment; filename="smime.p7s"`
 )
 
 // String is a standard method to convert an Charset into a printable format
@@ -172,3 +182,8 @@ func (c ContentType) String() string {
 func (e Encoding) String() string {
 	return string(e)
 }
+
+// String is a standard method to convert an Disposition into a printable format
+func (d Disposition) String() string {
+	return string(d)
+}

encoding_test.go

@@ -61,6 +61,11 @@ func TestContentType_String(t *testing.T) {
 			"ContentType: application/pgp-encrypted", TypePGPEncrypted,
 			"application/pgp-encrypted",
 		},
+
+		{
+			"ContentType: pkcs7-signature", typeSMimeSigned,
+			`application/pkcs7-signature; name="smime.p7s"`,
+		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
@@ -121,3 +126,22 @@ func TestCharset_String(t *testing.T) {
 		})
 	}
 }
+
+// TestDisposition_String tests the string method of the Disposition object
+func TestDisposition_String(t *testing.T) {
+	tests := []struct {
+		name string
+		d    Disposition
+		want string
+	}{
+		{"Disposition: S/Mime", DispositionSMime, `attachment; filename="smime.p7s"`},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			if tt.d.String() != tt.want {
+				t.Errorf("wrong string for Disposition returned. Expected: %s, got: %s",
+					tt.want, tt.d.String())
+			}
+		})
+	}
+}

go.mod

@@ -5,3 +5,5 @@
 module github.com/wneessen/go-mail
 
 go 1.16
+
+require go.mozilla.org/pkcs7 v0.9.0

go.sum

@@ -0,0 +1,2 @@
+go.mozilla.org/pkcs7 v0.9.0 h1:yM4/HS9dYv7ri2biPtxt8ikvB37a980dg69/pKmS+eI=
+go.mozilla.org/pkcs7 v0.9.0/go.mod h1:SNgMg+EgDFwmvSmLRTNKC5fegJjB7v23qTQ0XLGUNHk=

msg.go

@@ -7,6 +7,8 @@ package mail
 import (
 	"bytes"
 	"context"
+	"crypto/rsa"
+	"crypto/x509"
 	"embed"
 	"errors"
 	"fmt"
@@ -121,8 +123,8 @@ type Msg struct {
 	// noDefaultUserAgent indicates whether the default User Agent will be excluded for the Msg when it's sent.
 	noDefaultUserAgent bool
 
-	// sMimeSinging indicates whether the message should be singed with S/MIME when it's sent.
+	// SMime represents a middleware used to sign messages with S/MIME
-	sMimeSinging bool
+	sMime *SMime
 }
 
 // SendmailPath is the default system path to the sendmail binary
@@ -205,11 +207,14 @@ func WithNoDefaultUserAgent() MsgOption {
 	}
 }
 
-// WithSMimeSinging configures the Msg to be S/MIME singed sent.
+// SignWithSMime configures the Msg to be signed with S/MIME
-func WithSMimeSinging() MsgOption {
+func (m *Msg) SignWithSMime(privateKey *rsa.PrivateKey, certificate *x509.Certificate) error {
-	return func(m *Msg) {
+	sMime, err := NewSMime(privateKey, certificate)
-		m.sMimeSinging = true
+	if err != nil {
+		return err
 	}
+	m.sMime = sMime
+	return nil
 }
 
 // SetCharset sets the encoding charset of the Msg
@@ -978,10 +983,47 @@ func (m *Msg) applyMiddlewares(msg *Msg) *Msg {
 	return msg
 }
 
+// signMessage sign the Msg with S/MIME
+func (m *Msg) signMessage(msg *Msg) (*Msg, error) {
+	currentPart := m.GetParts()[0]
+	currentPart.SetEncoding(EncodingUSASCII)
+	currentPart.SetContentType(TypeTextPlain)
+	content, err := currentPart.GetContent()
+	if err != nil {
+		return nil, errors.New("failed to extract content from part")
+	}
+
+	signedContent, err := m.sMime.Sign(content)
+	if err != nil {
+		return nil, errors.New("failed to sign message")
+	}
+
+	signedPart := msg.newPart(
+		typeSMimeSigned,
+		WithPartEncoding(EncodingB64),
+		WithContentDisposition(DispositionSMime),
+	)
+	signedPart.SetContent(*signedContent)
+	msg.parts = append(msg.parts, signedPart)
+
+	return msg, nil
+}
+
 // WriteTo writes the formated Msg into a give io.Writer and satisfies the io.WriteTo interface
 func (m *Msg) WriteTo(writer io.Writer) (int64, error) {
 	mw := &msgWriter{writer: writer, charset: m.charset, encoder: m.encoder}
-	mw.writeMsg(m.applyMiddlewares(m))
+	msg := m.applyMiddlewares(m)
+
+	if m.sMime != nil {
+		signedMsg, err := m.signMessage(msg)
+		if err != nil {
+			return 0, err
+		}
+		msg = signedMsg
+	}
+
+	mw.writeMsg(msg)
+
 	return mw.bytesWritten, mw.err
 }
 
@@ -1176,6 +1218,11 @@ func (m *Msg) hasMixed() bool {
 	return m.pgptype == 0 && ((len(m.parts) > 0 && len(m.attachments) > 0) || len(m.attachments) > 1)
 }
 
+// hasSMime returns true if the Msg has should be signed with S/MIME
+func (m *Msg) hasSMime() bool {
+	return m.sMime != nil
+}
+
 // hasRelated returns true if the Msg has related parts
 func (m *Msg) hasRelated() bool {
 	return m.pgptype == 0 && ((len(m.parts) > 0 && len(m.embeds) > 0) || len(m.embeds) > 1)

msg_test.go

@@ -3233,11 +3233,33 @@ func TestNewMsgWithNoDefaultUserAgent(t *testing.T) {
 	}
 }
 
-// TestWithSMimeSinging tests WithSMimeSinging
+// TestWithSMimeSinging_ValidPrivateKey tests WithSMimeSinging with given privateKey
-func TestWithSMimeSinging(t *testing.T) {
+func TestWithSMimeSinging_ValidPrivateKey(t *testing.T) {
-	m := NewMsg(WithSMimeSinging())
+	privateKey, err := getDummyPrivateKey()
-	if m.sMimeSinging != true {
+	if err != nil {
-		t.Errorf("WithSMimeSinging() failed. Expected: %t, got: %t", true, false)
+		t.Errorf("failed to load dummy private key: %s", err)
+	}
+	certificate, err := getDummyCertificate(privateKey)
+	if err != nil {
+		t.Errorf("failed to load dummy certificate: %s", err)
+	}
+
+	m := NewMsg()
+	if err := m.SignWithSMime(privateKey, certificate); err != nil {
+		t.Errorf("failed to set sMime. Cause: %v", err)
+	}
+	if m.sMime.privateKey != privateKey {
+		t.Errorf("WithSMimeSinging. Expected %v, got: %v", privateKey, m.sMime.privateKey)
+	}
+}
+
+// TestWithSMimeSinging_InvalidPrivateKey tests WithSMimeSinging with given invalid privateKey
+func TestWithSMimeSinging_InvalidPrivateKey(t *testing.T) {
+	m := NewMsg()
+
+	err := m.SignWithSMime(nil, nil)
+	if !errors.Is(err, ErrInvalidPrivateKey) {
+		t.Errorf("failed to check sMimeAuthConfig values correctly: %s", err)
 	}
 }
 

msgwriter.go

@@ -88,6 +88,10 @@ func (mw *msgWriter) writeMsg(msg *Msg) {
 		}
 	}
 
+	if msg.hasSMime() {
+		mw.startMP(MIMESMime, msg.boundary)
+		mw.writeString(DoubleNewLine)
+	}
 	if msg.hasMixed() {
 		mw.startMP(MIMEMixed, msg.boundary)
 		mw.writeString(DoubleNewLine)
@@ -96,7 +100,7 @@ func (mw *msgWriter) writeMsg(msg *Msg) {
 		mw.startMP(MIMERelated, msg.boundary)
 		mw.writeString(DoubleNewLine)
 	}
-	if msg.hasAlt() {
+	if msg.hasAlt() && !msg.hasSMime() {
 		mw.startMP(MIMEAlternative, msg.boundary)
 		mw.writeString(DoubleNewLine)
 	}
@@ -265,6 +269,9 @@ func (mw *msgWriter) writePart(part *Part, charset Charset) {
 		if part.description != "" {
 			mimeHeader.Add(string(HeaderContentDescription), part.description)
 		}
+		if part.disposition != "" {
+			mimeHeader.Add(string(HeaderContentDisposition), part.disposition.String())
+		}
 		mimeHeader.Add(string(HeaderContentType), contentType)
 		mimeHeader.Add(string(HeaderContentTransferEnc), contentTransferEnc)
 		mw.newPart(mimeHeader)

part.go

@@ -17,6 +17,7 @@ type Part struct {
 	contentType ContentType
 	charset     Charset
 	description string
+	disposition Disposition
 	encoding    Encoding
 	isDeleted   bool
 	writeFunc   func(io.Writer) (int64, error)
@@ -56,6 +57,11 @@ func (p *Part) GetDescription() string {
 	return p.description
 }
 
+// GetDisposition returns the currently set Content-Disposition of the Part
+func (p *Part) GetDisposition() Disposition {
+	return p.disposition
+}
+
 // SetContent overrides the content of the Part with the given string
 func (p *Part) SetContent(content string) {
 	buffer := bytes.NewBufferString(content)
@@ -82,6 +88,11 @@ func (p *Part) SetDescription(description string) {
 	p.description = description
 }
 
+// SetDisposition overrides the Content-Disposition of the Part
+func (p *Part) SetDisposition(disposition Disposition) {
+	p.disposition = disposition
+}
+
 // SetWriteFunc overrides the WriteFunc of the Part
 func (p *Part) SetWriteFunc(writeFunc func(io.Writer) (int64, error)) {
 	p.writeFunc = writeFunc
@@ -113,3 +124,10 @@ func WithPartContentDescription(description string) PartOption {
 		p.description = description
 	}
 }
+
+// WithContentDisposition overrides the default Part Content-Disposition
+func WithContentDisposition(disposition Disposition) PartOption {
+	return func(p *Part) {
+		p.disposition = disposition
+	}
+}

part_test.go

@@ -102,6 +102,35 @@ func TestPart_WithPartContentDescription(t *testing.T) {
 	}
 }
 
+// TestPart_withContentDisposition tests the WithContentDisposition method
+func TestPart_withContentDisposition(t *testing.T) {
+	tests := []struct {
+		name        string
+		disposition Disposition
+	}{
+		{"Part disposition: test", "test"},
+		{"Part disposition: empty", ""},
+	}
+	for _, tt := range tests {
+		m := NewMsg()
+		t.Run(tt.name, func(t *testing.T) {
+			part := m.newPart(TypeTextPlain, WithContentDisposition(tt.disposition), nil)
+			if part == nil {
+				t.Errorf("newPart() WithPartContentDescription() failed: no part returned")
+				return
+			}
+			if part.disposition != tt.disposition {
+				t.Errorf("newPart() WithContentDisposition() failed: expected: %s, got: %s", tt.disposition, part.description)
+			}
+			part.disposition = ""
+			part.SetDisposition(tt.disposition)
+			if part.disposition != tt.disposition {
+				t.Errorf("newPart() SetDisposition() failed: expected: %s, got: %s", tt.disposition, part.description)
+			}
+		})
+	}
+}
+
 // TestPartContentType tests Part.SetContentType
 func TestPart_SetContentType(t *testing.T) {
 	tests := []struct {
@@ -323,6 +352,31 @@ func TestPart_SetDescription(t *testing.T) {
 	}
 }
 
+// TestPart_SetDisposition tests Part.SetDisposition
+func TestPart_SetDisposition(t *testing.T) {
+	c := "This is a test"
+	d := Disposition("test-disposition")
+	m := NewMsg()
+	m.SetBodyString(TypeTextPlain, c)
+	pl, err := getPartList(m)
+	if err != nil {
+		t.Errorf("failed: %s", err)
+		return
+	}
+	pd := pl[0].GetDisposition()
+	if pd != "" {
+		t.Errorf("Part.GetDisposition failed. Expected empty description but got: %s", pd)
+	}
+	pl[0].SetDisposition(d)
+	if pl[0].disposition != d {
+		t.Errorf("Part.SetDisposition failed. Expected description to be: %s, got: %s", d, pd)
+	}
+	pd = pl[0].GetDisposition()
+	if pd != d {
+		t.Errorf("Part.GetDisposition failed. Expected: %s, got: %s", d, pd)
+	}
+}
+
 // TestPart_Delete tests Part.Delete
 func TestPart_Delete(t *testing.T) {
 	c := "This is a test with ümläutß"

sime.go

@@ -3,10 +3,68 @@ package mail
 import (
 	"crypto/rsa"
 	"crypto/x509"
+	"errors"
+	"go.mozilla.org/pkcs7"
 )
 
-// SMimeAuthConfig represents the authentication type for s/mime crypto key material
+var (
-type SMimeAuthConfig struct {
+	// ErrInvalidPrivateKey should be used if private key is invalid
-	Certificate *x509.Certificate
+	ErrInvalidPrivateKey = errors.New("invalid private key")
-	PrivateKey  *rsa.PrivateKey
+
+	// ErrInvalidCertificate should be used if certificate is invalid
+	ErrInvalidCertificate = errors.New("invalid certificate")
+
+	// ErrCouldNotInitialize should be used if the signed data could not initialize
+	ErrCouldNotInitialize = errors.New("could not initialize signed data")
+
+	// ErrCouldNotAddSigner should be used if the signer could not be added
+	ErrCouldNotAddSigner = errors.New("could not add signer message")
+
+	// ErrCouldNotFinishSigning should be used if the signing could not be finished
+	ErrCouldNotFinishSigning = errors.New("could not finish signing")
+)
+
+// SMime is used to sign messages with S/MIME
+type SMime struct {
+	privateKey  *rsa.PrivateKey
+	certificate *x509.Certificate
+}
+
+// NewSMime construct a new instance of SMime with a provided *rsa.PrivateKey
+func NewSMime(privateKey *rsa.PrivateKey, certificate *x509.Certificate) (*SMime, error) {
+	if privateKey == nil {
+		return nil, ErrInvalidPrivateKey
+	}
+
+	if certificate == nil {
+		return nil, ErrInvalidCertificate
+	}
+
+	return &SMime{
+		privateKey:  privateKey,
+		certificate: certificate,
+	}, nil
+}
+
+// Sign the content with the given privateKey of the method NewSMime
+func (sm *SMime) Sign(content []byte) (*string, error) {
+	toBeSigned, err := pkcs7.NewSignedData(content)
+
+	toBeSigned.SetDigestAlgorithm(pkcs7.OIDDigestAlgorithmSHA256)
+	if err != nil {
+		return nil, ErrCouldNotInitialize
+	}
+
+	if err = toBeSigned.AddSigner(sm.certificate, sm.privateKey, pkcs7.SignerInfoConfig{}); err != nil {
+		return nil, ErrCouldNotAddSigner
+	}
+
+	signed, err := toBeSigned.Finish()
+	if err != nil {
+		return nil, ErrCouldNotFinishSigning
+	}
+
+	signedData := string(signed)
+
+	return &signedData, nil
 }

util_test.go

@@ -0,0 +1,41 @@
+package mail
+
+import (
+	"crypto/rand"
+	"crypto/rsa"
+	"crypto/x509"
+	"crypto/x509/pkix"
+	"math/big"
+	"time"
+)
+
+func getDummyPrivateKey() (*rsa.PrivateKey, error) {
+	privateKey, err := rsa.GenerateKey(rand.Reader, 2048)
+	if err != nil {
+		return nil, err
+	}
+	return privateKey, nil
+}
+
+func getDummyCertificate(privateKey *rsa.PrivateKey) (*x509.Certificate, error) {
+	template := &x509.Certificate{
+		SerialNumber: big.NewInt(1234),
+		Subject:      pkix.Name{Organization: []string{"My Organization"}},
+		NotBefore:    time.Now(),
+		NotAfter:     time.Now().AddDate(1, 0, 0),
+		KeyUsage:     x509.KeyUsageDigitalSignature,
+		ExtKeyUsage:  []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},
+	}
+
+	certDER, err := x509.CreateCertificate(rand.Reader, template, template, &privateKey.PublicKey, privateKey)
+	if err != nil {
+		return nil, err
+	}
+
+	cert, err := x509.ParseCertificate(certDER)
+	if err != nil {
+		return nil, err
+	}
+
+	return cert, nil
+}