mailauth 4.0.1 → 4.1.0

package/lib/dkim/body/relaxed.js

@@ -31,7 +31,7 @@ class RelaxedHash {
         this.bodyHashedBytes = 0;
         this.maxBodyLength = maxBodyLength;
 
-        this.maxSizeReached = false;
+        this.maxSizeReached = maxBodyLength === 0;
 
         this.emptyLinesQueue = [];
     }

package/lib/dkim/body/simple.js

@@ -21,12 +21,18 @@ class SimpleHash {
         this.byteLength = 0;
 
         this.bodyHashedBytes = 0;
+
         this.maxBodyLength = maxBodyLength;
+        this.maxSizeReached = maxBodyLength === 0;
 
         this.lastNewline = false;
     }
 
     _updateBodyHash(chunk) {
+        if (this.maxSizeReached) {
+            return;
+        }
+
         // the following is needed for l= option
         if (
             typeof this.maxBodyLength === 'number' &&
@@ -34,10 +40,12 @@ class SimpleHash {
             this.maxBodyLength >= 0 &&
             this.bodyHashedBytes + chunk.length > this.maxBodyLength
         ) {
+            this.maxSizeReached = true;
             if (this.bodyHashedBytes >= this.maxBodyLength) {
                 // nothing to do here, skip entire chunk
                 return;
             }
+
             // only use allowed size of bytes
             chunk = chunk.slice(0, this.maxBodyLength - this.bodyHashedBytes);
         }
@@ -49,6 +57,11 @@ class SimpleHash {
     }
 
     update(chunk) {
+        this.byteLength += (chunk && chunk.length) || 0;
+        if (this.maxSizeReached) {
+            return;
+        }
+
         if (this.remainder.length) {
             // see if we can release the last remainder
             for (let i = 0; i < chunk.length; i++) {

package/lib/dkim/dkim-signer.js

@@ -10,14 +10,16 @@ class DkimSigner extends MessageParser {
     constructor(options) {
         super();
 
-        let { canonicalization, algorithm, signTime, headerList, signatureData, arc, bodyHash, headers, getARChain } = options || {};
+        let { canonicalization, algorithm, signTime, headerList, signatureData, arc, bodyHash, headers, getARChain, expires } = options || {};
 
         this.algorithm = algorithm || false;
         this.canonicalization = canonicalization || 'relaxed/relaxed';
 
         this.errors = [];
 
+        this.expires = expires;
         this.signTime = signTime;
+
         this.headerList = headerList;
 
         this.signatureData = [].concat(signatureData || []).map(entry => {
@@ -243,7 +245,10 @@ class DkimSigner extends MessageParser {
                         instance: this.arc?.instance, // ARC only
                         algorithm,
                         canonicalization: this.getCanonicalization(signatureData).canonicalization,
+
                         signTime: this.signTime,
+                        expires: this.expires,
+
                         bodyHash: this.bodyHashes.has(hashKey) ? this.bodyHashes.get(hashKey).hash : null
                     },
 

package/lib/dkim/dkim-verifier.js

@@ -1,6 +1,6 @@
 'use strict';
 
-const { getSigningHeaderLines, getPublicKey, parseDkimHeaders, formatAuthHeaderRow, getAlignment } = require('../../lib/tools');
+const { getSigningHeaderLines, getPublicKey, parseDkimHeaders, formatAuthHeaderRow, getAlignment, getCurTime } = require('../../lib/tools');
 const { MessageParser } = require('./message-parser');
 const { dkimBody } = require('./body');
 const { generateCanonicalizedHeader } = require('./header');
@@ -16,6 +16,8 @@ class DkimVerifier extends MessageParser {
         this.resolver = this.options.resolver;
         this.minBitLength = this.options.minBitLength;
 
+        this.curTime = getCurTime(this.options.curTime);
+
         this.results = [];
 
         this.signatureHeaders = [];
@@ -114,6 +116,12 @@ class DkimVerifier extends MessageParser {
             signatureHeader.signingDomain = signatureHeader.parsed?.d?.value || '';
             signatureHeader.selector = signatureHeader.parsed?.s?.value || '';
 
+            signatureHeader.timestamp =
+                signatureHeader.parsed?.t && !isNaN(signatureHeader.parsed?.t?.value) ? new Date(signatureHeader.parsed?.t?.value * 1000) : null;
+
+            signatureHeader.expiration =
+                signatureHeader.parsed?.x && !isNaN(signatureHeader.parsed?.x?.value) ? new Date(signatureHeader.parsed?.x?.value * 1000) : null;
+
             signatureHeader.maxBodyLength =
                 signatureHeader.parsed?.l?.value && !isNaN(signatureHeader.parsed?.l?.value) ? signatureHeader.parsed?.l?.value : '';
 
@@ -228,6 +236,18 @@ class DkimVerifier extends MessageParser {
                             if (status.result === 'fail') {
                                 status.comment = 'bad signature';
                             }
+
+                            if (status.result === 'pass') {
+                                if (signatureHeader.expiration && signatureHeader.timestamp && signatureHeader.expiration < signatureHeader.timestamp) {
+                                    status.result = 'neutral';
+                                    status.comment = 'invalid expiration';
+                                }
+
+                                if (signatureHeader.expiration && signatureHeader.expiration < this.curTime) {
+                                    status.result = 'neutral';
+                                    status.comment = 'expired';
+                                }
+                            }
                         } catch (err) {
                             status.result = 'neutral';
                             status.comment = err.message;

package/lib/dkim/header/relaxed.js

@@ -1,10 +1,11 @@
 'use strict';
 
-const { formatSignatureHeaderLine, formatRelaxedLine } = require('../../../lib/tools');
+const { formatSignatureHeaderLine, formatRelaxedLine, getCurTime } = require('../../../lib/tools');
 
 // generate headers for signing
 const relaxedHeaders = (type, signingHeaderLines, options) => {
-    let { signatureHeaderLine, signingDomain, selector, algorithm, canonicalization, bodyHash, signTime, signature, instance, bodyHashedBytes } = options || {};
+    let { signatureHeaderLine, signingDomain, selector, algorithm, canonicalization, bodyHash, signTime, signature, instance, bodyHashedBytes, expires } =
+        options || {};
     let chunks = [];
 
     for (let signedHeaderLine of signingHeaderLines.headers) {
@@ -33,15 +34,11 @@ const relaxedHeaders = (type, signingHeaderLines, options) => {
         }
 
         if (signTime) {
-            if (typeof signTime === 'string' || typeof signTime === 'number') {
-                signTime = new Date(signTime);
-            }
+            opts.t = Math.floor(getCurTime(signTime).getTime() / 1000);
+        }
 
-            if (Object.prototype.toString.call(signTime) === '[object Date]' && signTime.toString() !== 'Invalid Date') {
-                // we need a unix timestamp value
-                signTime = Math.round(signTime.getTime() / 1000);
-                opts.t = signTime;
-            }
+        if (expires) {
+            opts.x = Math.floor(getCurTime(expires).getTime() / 1000);
         }
 
         signatureHeaderLine = formatSignatureHeaderLine(

package/lib/dkim/header/simple.js

@@ -1,12 +1,13 @@
 'use strict';
 
-const { formatSignatureHeaderLine } = require('../../../lib/tools');
+const { formatSignatureHeaderLine, getCurTime } = require('../../../lib/tools');
 
 const formatSimpleLine = (line, suffix) => Buffer.from(line.toString('binary') + (suffix ? suffix : ''), 'binary');
 
 // generate headers for signing
 const simpleHeaders = (type, signingHeaderLines, options) => {
-    let { signatureHeaderLine, signingDomain, selector, algorithm, canonicalization, bodyHash, signTime, signature, instance, bodyHashedBytes } = options || {};
+    let { signatureHeaderLine, signingDomain, selector, algorithm, canonicalization, bodyHash, signTime, signature, instance, bodyHashedBytes, expires } =
+        options || {};
     let chunks = [];
 
     for (let signedHeaderLine of signingHeaderLines.headers) {
@@ -35,15 +36,11 @@ const simpleHeaders = (type, signingHeaderLines, options) => {
         }
 
         if (signTime) {
-            if (typeof signTime === 'string' || typeof signTime === 'number') {
-                signTime = new Date(signTime);
-            }
+            opts.t = Math.floor(getCurTime(signTime).getTime() / 1000);
+        }
 
-            if (Object.prototype.toString.call(signTime) === '[object Date]' && signTime.toString() !== 'Invalid Date') {
-                // we need a unix timestamp value
-                signTime = Math.round(signTime.getTime() / 1000);
-                opts.t = signTime;
-            }
+        if (expires) {
+            opts.x = Math.floor(getCurTime(expires).getTime() / 1000);
         }
 
         signatureHeaderLine = formatSignatureHeaderLine(

package/lib/parse-dkim-headers.js

@@ -245,7 +245,7 @@ const headerParser = buf => {
             } else if (['bh', 'b', 'p', 'h'].includes(parts[i].key)) {
                 // remove unneeded whitespace
                 parts[i].value = parts[i].value.replace(/\s+/g, '');
-            } else if (['l', 'v', 't'].includes(parts[i].key) && !isNaN(parts[i].value)) {
+            } else if (['l', 'v', 't', 'x'].includes(parts[i].key) && !isNaN(parts[i].value)) {
                 parts[i].value = Number(parts[i].value);
             } else if (parts[i].key === 'i' && /^arc-/i.test(headerKey)) {
                 parts[i].value = Number(parts[i].value);

package/lib/tools.js

@@ -10,7 +10,6 @@ const https = require('https');
 const packageData = require('../package');
 const parseDkimHeaders = require('./parse-dkim-headers');
 const psl = require('psl');
-const pki = require('node-forge').pki;
 const Joi = require('joi');
 const base64Schema = Joi.string().base64({ paddingRequired: false });
 
@@ -288,14 +287,7 @@ const getPublicKey = async (type, name, minBitLength, resolver) => {
             throw err;
         }
 
-        let modulusLength;
-        if (publicKeyObj.asymmetricKeyDetails) {
-            modulusLength = publicKeyObj.asymmetricKeyDetails.modulusLength;
-        } else {
-            // fall back to node-forge
-            const pubKeyData = pki.publicKeyFromPem(publicKeyPem.toString());
-            modulusLength = pubKeyData.n.bitLength();
-        }
+        let modulusLength = publicKeyObj.asymmetricKeyDetails.modulusLength;
 
         if (keyType === 'rsa' && modulusLength < 1024) {
             let err = new Error('RSA key too short');
@@ -485,6 +477,29 @@ const getPtrHostname = parsedAddr => {
     }
 };
 
+function getCurTime(timeValue) {
+    if (timeValue) {
+        if (typeof timeValue === 'object' && typeof timeValue.toISOString === 'function') {
+            return timeValue;
+        }
+
+        if (typeof timeValue === 'number' || !isNaN(timeValue)) {
+            let timestamp = Number(timeValue);
+            let curTime = new Date(timestamp);
+            if (curTime.toString !== 'Invalid Date') {
+                return curTime;
+            }
+        } else if (typeof timeValue === 'string') {
+            let curTime = new Date(timeValue);
+            if (curTime.toString !== 'Invalid Date') {
+                return curTime;
+            }
+        }
+    }
+
+    return new Date();
+}
+
 module.exports = {
     writeToStream,
     parseHeaders,
@@ -508,5 +523,7 @@ module.exports = {
     formatRelaxedLine,
     formatDomain,
 
-    getPtrHostname
+    getPtrHostname,
+
+    getCurTime
 };

package/licenses.txt

@@ -1,12 +1,12 @@
 name             license type               link                                                            installed version  author
 ----             ------------               ----                                                            -----------------  ------
-@postalsys/vmc   MIT                        https://registry.npmjs.org/@postalsys/vmc/-/vmc-1.0.5.tgz       1.0.5              Postal Systems OÜ
-fast-xml-parser  MIT                        git+https://github.com/NaturalIntelligence/fast-xml-parser.git  4.0.9              Amit Gupta (https://amitkumargupta.work/)
+@postalsys/vmc   MIT                        https://registry.npmjs.org/@postalsys/vmc/-/vmc-1.0.6.tgz       1.0.6              Postal Systems OÜ
+fast-xml-parser  MIT                        git+https://github.com/NaturalIntelligence/fast-xml-parser.git  4.0.10             Amit Gupta (https://amitkumargupta.work/)
 ipaddr.js        MIT                        git://github.com/whitequark/ipaddr.js.git                       2.0.1              whitequark <whitequark@whitequark.org>
-joi              BSD-3-Clause               git://github.com/sideway/joi.git                                17.6.0             n/a
+joi              BSD-3-Clause               git://github.com/hapijs/joi.git                                 17.6.1             n/a
 libmime          MIT                        git://github.com/andris9/libmime.git                            5.1.0              Andris Reinman <andris@kreata.ee>
 node-forge       (BSD-3-Clause OR GPL-2.0)  git+https://github.com/digitalbazaar/forge.git                  1.3.1              Digital Bazaar, Inc. support@digitalbazaar.com http://digitalbazaar.com/
-nodemailer       MIT                        git+https://github.com/nodemailer/nodemailer.git                6.7.7              Andris Reinman
+nodemailer       MIT                        git+https://github.com/nodemailer/nodemailer.git                6.7.8              Andris Reinman
 psl              MIT                        git+ssh://git@github.com/lupomontero/psl.git                    1.9.0              Lupo Montero <lupomontero@gmail.com> (https://lupomontero.com/)
 punycode         MIT                        git+https://github.com/bestiejs/punycode.js.git                 2.1.1              Mathias Bynens https://mathiasbynens.be/
 yargs            MIT                        git+https://github.com/yargs/yargs.git                          17.5.1             n/a

package/man/mailauth.1

@@ -1,4 +1,4 @@
-.TH "MAILAUTH" "1" "August 2022" "v4.0.1" "Mailauth Help"
+.TH "MAILAUTH" "1" "January 2023" "v4.0.2" "Mailauth Help"
 .SH "NAME"
 \fBmailauth\fR
 .QP

package/package.json

@@ -1,6 +1,6 @@
 {
     "name": "mailauth",
-    "version": "4.0.1",
+    "version": "4.1.0",
     "description": "Email authentication library for Node.js",
     "main": "lib/mailauth.js",
     "scripts": {
@@ -32,29 +32,28 @@
     },
     "homepage": "https://github.com/postalsys/mailauth",
     "devDependencies": {
-        "chai": "4.3.6",
-        "eslint": "8.22.0",
+        "chai": "4.3.7",
+        "eslint": "8.32.0",
         "eslint-config-nodemailer": "1.2.0",
-        "eslint-config-prettier": "8.5.0",
+        "eslint-config-prettier": "8.6.0",
         "js-yaml": "4.1.0",
-        "license-report": "6.0.0",
+        "license-report": "6.3.0",
         "marked": "0.7.0",
         "marked-man": "0.7.0",
         "mbox-reader": "1.1.5",
-        "mocha": "10.0.0",
+        "mocha": "10.2.0",
         "pkg": "5.8.0"
     },
     "dependencies": {
         "@postalsys/vmc": "1.0.6",
-        "fast-xml-parser": "4.0.9",
+        "fast-xml-parser": "4.0.15",
         "ipaddr.js": "2.0.1",
-        "joi": "17.6.0",
-        "libmime": "5.1.0",
-        "node-forge": "1.3.1",
-        "nodemailer": "6.7.8",
+        "joi": "17.7.0",
+        "libmime": "5.2.0",
+        "nodemailer": "6.9.0",
         "psl": "1.9.0",
-        "punycode": "2.1.1",
-        "yargs": "17.5.1"
+        "punycode": "2.3.0",
+        "yargs": "17.6.2"
     },
     "engines": {
         "node": ">=16.0.0"