mailauth 2.2.3 → 2.3.0

package/LICENSE.txt

@@ -1,4 +1,4 @@
-Copyright (c) 2020-2021 Postal Systems OÜ
+Copyright (c) 2020-2022 Postal Systems OÜ
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

package/README.md

@@ -442,6 +442,6 @@ const { authenticate } = require('mailauth');
 
 ## License
 
-© 2020-2021 Postal Systems OÜ
+© 2020-2022 Postal Systems OÜ
 
 Licensed under MIT license

package/cli.md

@@ -17,10 +17,12 @@
 Download `mailauth` for your platform:
 
 -   [MacOS](https://github.com/postalsys/mailauth/releases/latest/download/mailauth.pkg)
--   [Linux](https://github.com/postalsys/mailauth/releases/latest/download/mailauth.gz)
+-   [Linux](https://github.com/postalsys/mailauth/releases/latest/download/mailauth.tar.gz)
 -   [Windows](https://github.com/postalsys/mailauth/releases/latest/download/mailauth.exe)
 -   Or install from the NPM registry: `npm install -g mailauth`
 
+> **NB!** Downloadable files are quite large because these are packaged Node.js applications
+
 ## Help
 
 ```

package/lib/dkim/dkim-verifier.js

@@ -172,7 +172,12 @@ class DkimVerifier extends MessageParser {
                     instance: ['ARC', 'AS'].includes(signatureHeader.type) ? signatureHeader.parsed?.i?.value : false
                 });
 
-                let publicKey, rr;
+                let signingHeaders = {
+                    keys: signingHeaderLines.keys,
+                    headers: signingHeaderLines.headers.map(l => l.line.toString())
+                };
+
+                let publicKey, rr, modulusLength;
                 let status = {
                     result: 'neutral',
                     comment: false,
@@ -208,6 +213,7 @@ class DkimVerifier extends MessageParser {
 
                         publicKey = res?.publicKey;
                         rr = res?.rr;
+                        modulusLength = res?.modulusLength;
 
                         try {
                             status.result = crypto.verify(
@@ -283,6 +289,7 @@ class DkimVerifier extends MessageParser {
                     format: signatureHeader.parsed?.c?.value,
                     bodyHash,
                     bodyHashExpecting: signatureHeader.parsed?.bh?.value,
+                    signingHeaders,
                     status
                 };
 
@@ -298,6 +305,10 @@ class DkimVerifier extends MessageParser {
                     result.publicKey = publicKey.toString();
                 }
 
+                if (modulusLength) {
+                    result.modulusLength = modulusLength;
+                }
+
                 if (rr) {
                     result.rr = rr;
                 }

package/lib/tools.js

@@ -6,7 +6,6 @@ const punycode = require('punycode/');
 const libmime = require('libmime');
 const dns = require('dns').promises;
 const crypto = require('crypto');
-const pki = require('node-forge').pki;
 const https = require('https');
 const packageData = require('../package');
 const parseDkimHeaders = require('./parse-dkim-headers');
@@ -15,6 +14,9 @@ const { Certificate } = require('@fidm/x509');
 const zlib = require('zlib');
 const util = require('util');
 const gunzip = util.promisify(zlib.gunzip);
+const pki = require('node-forge').pki;
+const Joi = require('joi');
+const base64Schema = Joi.string().base64({ paddingRequired: false });
 
 const defaultDKIMFieldNames =
     'From:Sender:Reply-To:Subject:Date:Message-ID:To:' +
@@ -247,14 +249,23 @@ const getPublicKey = async (type, name, minBitLength, resolver) => {
         // prefix value for parsing as there is no default value
         let entry = parseDkimHeaders(`DNS: TXT;${rr}`);
 
-        let publicKey = entry?.parsed?.p?.value;
-        if (!publicKey) {
+        const publicKeyValue = entry?.parsed?.p?.value;
+        if (!publicKeyValue) {
             let err = new Error('Missing key value');
             err.code = 'EINVALIDVAL';
             err.rr = rr;
             throw err;
         }
 
+        let validation = base64Schema.validate(publicKeyValue);
+        if (validation.error) {
+            let err = new Error('Invalid base64 format for public key');
+            err.code = 'EINVALIDVAL';
+            err.rr = rr;
+            err.details = validation.error;
+            throw err;
+        }
+
         if (type === 'DKIM' && entry?.parsed?.v && (entry?.parsed?.v?.value || '').toString().toLowerCase().trim() !== 'dkim1') {
             let err = new Error('Unknown key version');
             err.code = 'EINVALIDVER';
@@ -262,28 +273,42 @@ const getPublicKey = async (type, name, minBitLength, resolver) => {
             throw err;
         }
 
-        publicKey = Buffer.from(`-----BEGIN PUBLIC KEY-----\n${publicKey}\n-----END PUBLIC KEY-----`);
-        let keyType = crypto.createPublicKey({ key: publicKey, format: 'pem' }).asymmetricKeyType;
+        const publicKeyPem = Buffer.from(`-----BEGIN PUBLIC KEY-----\n${publicKeyValue.replace(/.{64}/g, '$&\r\n')}\n-----END PUBLIC KEY-----`);
+        const publicKeyObj = crypto.createPublicKey({
+            key: publicKeyPem,
+            format: 'pem'
+        });
+
+        let keyType = publicKeyObj.asymmetricKeyType;
 
         if (!['rsa', 'ed25519'].includes(keyType) || (entry?.parsed?.k && entry?.parsed?.k?.value?.toLowerCase() !== keyType)) {
-            let err = new Error('Unknown key type');
+            let err = new Error('Unknown key type (${keyType})');
             err.code = 'EINVALIDTYPE';
             err.rr = rr;
             throw err;
         }
 
-        if (keyType === 'rsa') {
-            // check key length
-            const pubKeyData = pki.publicKeyFromPem(publicKey.toString());
-            if (pubKeyData.n.bitLength() < 1024) {
-                let err = new Error('Key too short');
-                err.code = 'ESHORTKEY';
-                err.rr = rr;
-                throw err;
-            }
+        let modulusLength;
+        if (publicKeyObj.asymmetricKeyDetails) {
+            modulusLength = publicKeyObj.asymmetricKeyDetails.modulusLength;
+        } else {
+            // fall back to node-forge
+            const pubKeyData = pki.publicKeyFromPem(publicKeyPem.toString());
+            modulusLength = pubKeyData.n.bitLength();
+        }
+
+        if (keyType === 'rsa' && modulusLength < 1024) {
+            let err = new Error('RSA key too short');
+            err.code = 'ESHORTKEY';
+            err.rr = rr;
+            throw err;
         }
 
-        return { publicKey, rr };
+        return {
+            publicKey: publicKeyPem,
+            rr,
+            modulusLength
+        };
     }
 
     let err = new Error('Missing key value');

package/licenses.txt

@@ -1,11 +1,11 @@
-name        license type               link                                              author
-----        ------------               ----                                              ------
-@fidm/x509  MIT                        git+ssh://git@github.com/fidm/x509.git            n/a
-ipaddr.js   MIT                        git://github.com/whitequark/ipaddr.js.git         whitequark
-joi         BSD-3-Clause               git://github.com/sideway/joi.git                  n/a
-libmime     MIT                        git://github.com/andris9/libmime.git              Andris Reinman
-node-forge  (BSD-3-Clause OR GPL-2.0)  git+https://github.com/digitalbazaar/forge.git    Digital Bazaar, Inc.
-nodemailer  MIT                        git+https://github.com/nodemailer/nodemailer.git  Andris Reinman
-psl         MIT                        git+ssh://git@github.com/lupomontero/psl.git      Lupo Montero
-punycode    MIT                        git+https://github.com/bestiejs/punycode.js.git   Mathias Bynens
-yargs       MIT                        git+https://github.com/yargs/yargs.git            n/a
+name        license type               link                                              installed version  author
+----        ------------               ----                                              -----------------  ------
+@fidm/x509  MIT                        git+ssh://git@github.com/fidm/x509.git            1.2.1              n/a
+ipaddr.js   MIT                        git://github.com/whitequark/ipaddr.js.git         2.0.1              whitequark
+joi         BSD-3-Clause               git://github.com/sideway/joi.git                  17.5.0             n/a
+libmime     MIT                        git://github.com/andris9/libmime.git              5.0.0              Andris Reinman
+node-forge  (BSD-3-Clause OR GPL-2.0)  git+https://github.com/digitalbazaar/forge.git    1.2.1              Digital Bazaar, Inc.
+nodemailer  MIT                        git+https://github.com/nodemailer/nodemailer.git  6.7.2              Andris Reinman
+psl         MIT                        git+ssh://git@github.com/lupomontero/psl.git      1.8.0              Lupo Montero
+punycode    MIT                        git+https://github.com/bestiejs/punycode.js.git   2.1.1              Mathias Bynens
+yargs       MIT                        git+https://github.com/yargs/yargs.git            17.3.1             n/a

package/man/mailauth.1

@@ -1,4 +1,4 @@
-.TH "MAILAUTH" "1" "October 2021" "v2.2.3" "Mailauth Help"
+.TH "MAILAUTH" "1" "January 2022" "v2.3.0" "Mailauth Help"
 .SH "NAME"
 \fBmailauth\fR
 .QP
@@ -33,9 +33,13 @@ Authenticates an email and seals it with an ARC digital signature
 \fBspf\fR
 .br
 Authenticates SPF for an IP address and email address
+.P
+\fBlicense\fR
+.br
+Display licenses for mailauth and included modules
 .SH Website
 .P
-\fIhttps://github\.com/andris9/mailauth\fR
+\fIhttps://github\.com/postalsys/mailauth\fR
 .SH EXAMPLES
 .P
 \fBnpm install mailauth \-g\fP
@@ -128,10 +132,10 @@ For cached DNS requests use the following JSON structure where main keys are dom
 Longer TXT strings can be split into multiple strings\. Unlike in real DNS there is no length limit, so you can put the entire public key into a single string\.
 .SH BUGS
 .P
-Please report any bugs to https://github\.com/andris9/mailauth/issues\.
+Please report any bugs to https://github\.com/postalsys/mailauth/issues\.
 .SH LICENSE
 .P
-Copyright (c) 2020, Andris Reinman (MIT)\.
+Copyright (c) 2020\-2022, Postal Systems (MIT)\.
 .SH SEE ALSO
 .P
 node\.js(1)

package/man/man.md

@@ -130,7 +130,7 @@ Please report any bugs to https://github.com/postalsys/mailauth/issues.
 
 ## LICENSE
 
-Copyright (c) 2020-2021, Postal Systems (MIT).
+Copyright (c) 2020-2022, Postal Systems (MIT).
 
 ## SEE ALSO
 

package/package.json

@@ -1,6 +1,6 @@
 {
     "name": "mailauth",
-    "version": "2.2.3",
+    "version": "2.3.0",
     "description": "Email authentication library for Node.js",
     "main": "lib/mailauth.js",
     "scripts": {
@@ -32,7 +32,7 @@
     "homepage": "https://github.com/postalsys/mailauth",
     "devDependencies": {
         "chai": "4.3.4",
-        "eslint": "8.0.0",
+        "eslint": "8.7.0",
         "eslint-config-nodemailer": "1.2.0",
         "eslint-config-prettier": "8.3.0",
         "js-yaml": "4.1.0",
@@ -40,19 +40,19 @@
         "marked": "0.7.0",
         "marked-man": "0.7.0",
         "mbox-reader": "1.1.5",
-        "mocha": "9.1.2",
-        "pkg": "5.3.3"
+        "mocha": "9.1.4",
+        "pkg": "5.5.2"
     },
     "dependencies": {
         "@fidm/x509": "1.2.1",
         "ipaddr.js": "2.0.1",
-        "joi": "17.4.2",
+        "joi": "17.5.0",
         "libmime": "5.0.0",
-        "node-forge": "0.10.0",
-        "nodemailer": "6.7.0",
+        "node-forge": "1.2.1",
+        "nodemailer": "6.7.2",
         "psl": "1.8.0",
         "punycode": "2.1.1",
-        "yargs": "17.2.1"
+        "yargs": "17.3.1"
     },
     "engines": {
         "node": ">=14.0.0"
@@ -69,7 +69,8 @@
         ],
         "assets": [
             "man/**/*",
-            "licenses.txt"
+            "licenses.txt",
+            "LICENSE.txt"
         ],
         "_targets": [
             "node16-macos-x64"