npm - mailauth - Versions diffs - 4.4.1 → 4.5.0 - Mend

mailauth 4.4.1 → 4.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (13) hide show

package/bin/mailauth.js CHANGED Viewed

@@ -12,6 +12,7 @@ const commandSign = require('../lib/commands/sign');
 const commandSeal = require('../lib/commands/seal');
 const commandSpf = require('../lib/commands/spf');
 const commandVmc = require('../lib/commands/vmc');
+const commandBodyhash = require('../lib/commands/bodyhash');
 const fs = require('fs');
 const pathlib = require('path');
@@ -100,6 +101,12 @@ const argv = yargs(hideBin(process.argv))
                     description: 'Key selector for signing  (s= tag)',
                     demandOption: true
                 })
+                .option('algo', {
+                    alias: 'a',
+                    type: 'string',
+                    description: 'Signing algorithm. Defaults either to rsa-sha256 or ed25519-sha256 depending on the private key format.',
+                    default: 'rsa-sha256'
+                })
                 .option('canonicalization', {
                     alias: 'c',
                     type: 'string',
@@ -344,6 +351,50 @@ const argv = yargs(hideBin(process.argv))
                 });
         }
     )
+    .command(
+        ['bodyhash [email]'],
+        'Generate a signature body hash for an email',
+        yargs => {
+            yargs
+                .option('algo', {
+                    alias: 'a',
+                    type: 'string',
+                    description: 'Hashing algorithm. Defaults to sha256.',
+                    default: 'sha256'
+                })
+                .option('canonicalization', {
+                    alias: 'c',
+                    type: 'string',
+                    description: 'Canonicalization algorithm  (c= tag)',
+                    default: 'relaxed'
+                })
+                .option('body-length', {
+                    alias: 'l',
+                    type: 'number',
+                    description: 'Maximum length of canonicalizated body to sign (l= tag)'
+                });
+            yargs.positional('email', {
+                describe: 'Path to the email message file in EML format. If not specified then content is read from stdin'
+            });
+        },
+        argv => {
+            commandBodyhash(argv)
+                .then(() => {
+                    process.exit();
+                })
+                .catch(err => {
+                    if (!err.suppress) {
+                        console.error('Failed to calculate body hash for the input message');
+                        console.error(err);
+                    }
+                    process.exit(1);
+                });
+        }
+    )
     .command(
         ['license'],
         'Show license information',

package/cli.md CHANGED Viewed

@@ -14,6 +14,7 @@ Command line utility and a [Node.js library](README.md) for email authentication
     -   [seal](#seal) - to seal an email with ARC
     -   [spf](#spf) - to validate SPF for an IP address and an email address
     -   [vmc](#vmc) - to validate BIMI VMC logo files
+    -   [bodyhash](#bodyhash) - to generate the signature body hash value for an email
     -   [license](#license) - display licenses for `mailauth` and included modules
 -   [DNS cache file](#dns-cache-file)
@@ -320,6 +321,35 @@ $ mailauth vmc -p /path/to/vmc-with-invalid-svg.pem
 }
 ```
+### bodyhash
+`bodyhash` command takes an email message and calculates the body hash value for it
+```
+$ mailauth bodyhash [options] [email]
+```
+Where
+-   **options** are option flags and arguments
+-   **email** is the path to EML formatted email message file. If not provided then email message is read from standard input
+**Options**
+-   `--algo sha256` or `-a sha256` is the signing algorithm. Defaults to "sha256". Can also use the a= tag format ("rsa-sha256").
+-   `--canonicalization algo` or `-c algo` is the body canonicalization algorithm, defaults to "relaxed". Can also use the c= tag format ("relaxed/relaxed").
+-   `--body-length 12345` or `-l 12345` is the maximum length of canonicalizated body to sign (l= tag)
+**Example**
+```
+$ mailauth bodyhash /path/message.eml -a sha1 --verbose
+Hashing algorithm:               sha1
+Body canonicalization algorithm: relaxed
+--------
+j+dD7whKXS1yDmyoWtvClYSyYiQ=
+```
 ### license
 Display licenses for `mailauth` and included modules.

package/lib/bimi/index.js CHANGED Viewed

@@ -14,6 +14,8 @@ const http = require('http');
 const { vmc } = require('@postalsys/vmc');
 const { validateSvg } = require('./validate-svg');
+const HTTP_REQUEST_TIMEOUT = 15 * 1000;
 const lookup = async data => {
     let { dmarc, headers, resolver, bimiWithAlignedDkim } = data;
     let headerRows = (headers && headers.parsed) || [];
@@ -197,7 +199,9 @@ const downloadPromise = (url, cachedFile) => {
         port: 443,
         path: parsedUrl.pathname,
         method: 'GET',
-        rejectUnauthorized: true
+        rejectUnauthorized: true,
+        timeout: HTTP_REQUEST_TIMEOUT
     };
     return new Promise((resolve, reject) => {
@@ -240,6 +244,13 @@ const downloadPromise = (url, cachedFile) => {
             res.on('error', err => reject(err));
         });
+        req.on('timeout', () => {
+            req.destroy(); // cancel request
+            let error = new Error(`Request timeout for ${parsedUrl.href}`);
+            error.code = 'HTTP_SOCKET_TIMEOUT';
+            reject(error);
+        });
         req.on('error', err => {
             reject(err);
         });

package/lib/commands/bodyhash.js ADDED Viewed

@@ -0,0 +1,66 @@
+'use strict';
+const { DkimSigner } = require('../dkim/dkim-signer');
+const { writeToStream } = require('../tools');
+const fs = require('fs');
+const cmd = async argv => {
+    let source = argv.email;
+    let useStdin = false;
+    let stream;
+    if (!source) {
+        useStdin = true;
+        source = 'standard input';
+    }
+    if (argv.verbose) {
+        console.error(`Reading email message from ${source}`);
+    }
+    if (useStdin) {
+        stream = process.stdin;
+    } else {
+        stream = fs.createReadStream(source);
+    }
+    if (isNaN(argv.bodyLength) || argv.bodyLength < 0) {
+        argv.bodyLength = null;
+    }
+    let signatureOpts = {
+        type: 'DKIM',
+        privateKey: true, // force hash calculation
+        canonicalization: argv.canonicalization && (argv.canonicalization.includes('/') ? argv.canonicalization : `/${argv.canonicalization}`),
+        algorithm: argv.algo,
+        maxBodyLength: argv.bodyLength
+    };
+    let dkimSigner = new DkimSigner({ signatureData: [signatureOpts] });
+    let { hashAlgo } = dkimSigner.getAlgorithm(signatureOpts);
+    let { bodyCanon } = dkimSigner.getCanonicalization(signatureOpts);
+    if (argv.verbose) {
+        if (hashAlgo) {
+            console.error(`Hashing algorithm:               ${hashAlgo}`);
+        }
+        if (bodyCanon) {
+            console.error(`Body canonicalization algorithm: ${bodyCanon}`);
+        }
+        if (signatureOpts.maxBodyLength) {
+            console.error(`Maximum body length:             ${signatureOpts.maxBodyLength}`);
+        }
+        console.error('--------');
+    }
+    await writeToStream(dkimSigner, stream);
+    let hashKey = `${bodyCanon}:${hashAlgo}:${typeof argv.bodyLength === 'number' ? argv.bodyLength : ''}`;
+    const bodyHash = dkimSigner.bodyHashes.get(hashKey)?.hash;
+    if (bodyHash) {
+        process.stdout.write(bodyHash);
+    }
+};
+module.exports = cmd;

package/lib/commands/sign.js CHANGED Viewed

@@ -48,12 +48,12 @@ const cmd = async argv => {
         if (signatureOpts.selector) {
             console.error(`Key selector:               ${signatureOpts.selector}`);
         }
-        if (signatureOpts.canonicalization) {
-            console.error(`Canonicalization algorithm: ${signatureOpts.canonicalization}`);
-        }
         if (signatureOpts.algorithm) {
             console.error(`Hashing algorithm:          ${signatureOpts.algorithm}`);
         }
+        if (signatureOpts.canonicalization) {
+            console.error(`Canonicalization algorithm: ${signatureOpts.canonicalization}`);
+        }
         if (signatureOpts.maxBodyLength) {
             console.error(`Maximum body length:        ${signatureOpts.maxBodyLength}`);
         }

package/lib/dkim/body/index.js CHANGED Viewed

@@ -10,8 +10,11 @@ const dkimBody = (canonicalization, ...options) => {
             return new SimpleHash(...options);
         case 'relaxed':
             return new RelaxedHash(...options);
-        default:
-            throw new Error('Unknown body canonicalization');
+        default: {
+            let error = new Error('Unknown body canonicalization');
+            error.canonicalization = canonicalization;
+            throw error;
+        }
     }
 };

package/lib/dkim/dkim-signer.js CHANGED Viewed

@@ -96,11 +96,15 @@ class DkimSigner extends MessageParser {
             let [header, body] = canonicalization.split('/');
             if (!['relaxed', 'simple'].includes(header)) {
-                throw new Error('Unknown header canonicalization: ' + header);
+                let error = new Error('Unknown header canonicalization');
+                error.canonicalization = header;
+                throw error;
             }
             if (!['relaxed', 'simple'].includes(body)) {
-                throw new Error('Unknown header canonicalization: ' + body);
+                let error = new Error('Unknown body canonicalization');
+                error.canonicalization = body;
+                throw error;
             }
         } catch (err) {
             err.code = 'EINVALIDCANON';

package/lib/dkim/header/index.js CHANGED Viewed

@@ -11,8 +11,11 @@ const generateCanonicalizedHeader = (type, signingHeaderLines, options) => {
             return simpleHeaders(type, signingHeaderLines, options);
         case 'relaxed':
             return relaxedHeaders(type, signingHeaderLines, options);
-        default:
-            throw new Error('Unknown header canonicalization');
+        default: {
+            let error = new Error('Unknown header canonicalization');
+            error.canonicalization = canonicalization;
+            throw error;
+        }
     }
 };

package/lib/mta-sts.js CHANGED Viewed

@@ -5,6 +5,8 @@ const dns = require('dns');
 const parseDkimHeaders = require('./parse-dkim-headers');
 const https = require('https');
+const HTTP_REQUEST_TIMEOUT = 15 * 1000;
 /**
  * Resolve MTA-STS policy ID
  * @param {String} address Either email address or a domain name
@@ -247,7 +249,9 @@ const fetchPolicy = async (domain, opts) => {
         port: 443,
         path,
         method: 'GET',
-        rejectUnauthorized: true
+        rejectUnauthorized: true,
+        timeout: HTTP_REQUEST_TIMEOUT
     };
     let data = await new Promise((resolve, reject) => {
@@ -273,6 +277,13 @@ const fetchPolicy = async (domain, opts) => {
             res.on('error', err => reject(err));
         });
+        req.on('timeout', () => {
+            req.destroy(); // cancel request
+            let error = new Error(`Request timeout for https://${servername}${path}`);
+            error.code = 'HTTP_SOCKET_TIMEOUT';
+            reject(error);
+        });
         req.on('error', err => {
             reject(err);
         });

package/lib/tools.js CHANGED Viewed

@@ -450,11 +450,15 @@ const validateAlgorithm = (algorithm, strict) => {
         let [signAlgo, hashAlgo] = algorithm.toLowerCase().split('-');
         if (!['rsa', 'ed25519'].includes(signAlgo)) {
-            throw new Error('Unknown signing algorithm: ' + signAlgo);
+            let error = new Error('Unknown signing algorithm');
+            error.signAlgo = signAlgo;
+            throw error;
         }
         if (!['sha256'].concat(!strict ? 'sha1' : []).includes(hashAlgo)) {
-            throw new Error('Unknown hashing algorithm: ' + hashAlgo);
+            let error = new Error('Unknown hashing algorithm');
+            error.hashAlgo = hashAlgo;
+            throw error;
         }
     } catch (err) {
         err.code = 'EINVALIDALGO';

package/licenses.txt CHANGED Viewed

@@ -1,11 +1,11 @@
 name             license type  link                                                            installed version  author
 ----             ------------  ----                                                            -----------------  ------
 @postalsys/vmc   MIT           https://registry.npmjs.org/@postalsys/vmc/-/vmc-1.0.6.tgz       1.0.6              Postal Systems OÜ
-fast-xml-parser  MIT           git+https://github.com/NaturalIntelligence/fast-xml-parser.git  4.2.4              Amit Gupta (https://amitkumargupta.work/)
+fast-xml-parser  MIT           git+https://github.com/NaturalIntelligence/fast-xml-parser.git  4.2.6              Amit Gupta (https://amitguptagwl.github.io)
 ipaddr.js        MIT           git://github.com/whitequark/ipaddr.js.git                       2.1.0              whitequark <whitequark@whitequark.org>
 joi              BSD-3-Clause  git://github.com/hapijs/joi.git                                 17.9.2             n/a
 libmime          MIT           git://github.com/andris9/libmime.git                            5.2.1              Andris Reinman <andris@kreata.ee>
-nodemailer       MIT-0         git+https://github.com/nodemailer/nodemailer.git                6.9.3              Andris Reinman
+nodemailer       MIT-0         git+https://github.com/nodemailer/nodemailer.git                6.9.4              Andris Reinman
 psl              MIT           git+ssh://git@github.com/lupomontero/psl.git                    1.9.0              Lupo Montero <lupomontero@gmail.com> (https://lupomontero.com/)
 punycode         MIT           git+https://github.com/mathiasbynens/punycode.js.git            2.3.0              Mathias Bynens https://mathiasbynens.be/
 yargs            MIT           git+https://github.com/yargs/yargs.git                          17.7.2             n/a

package/man/mailauth.1 CHANGED Viewed

@@ -1,4 +1,4 @@
-.TH "MAILAUTH" "1" "July 2023" "v4.4.1" "Mailauth Help"
+.TH "MAILAUTH" "1" "July 2023" "v4.4.2" "Mailauth Help"
 .SH "NAME"
 \fBmailauth\fR
 .QP

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
     "name": "mailauth",
-    "version": "4.4.1",
+    "version": "4.5.0",
     "description": "Email authentication library for Node.js",
     "main": "lib/mailauth.js",
     "scripts": {
@@ -33,9 +33,9 @@
     "homepage": "https://github.com/postalsys/mailauth",
     "devDependencies": {
         "chai": "4.3.7",
-        "eslint": "8.45.0",
+        "eslint": "8.46.0",
         "eslint-config-nodemailer": "1.2.0",
-        "eslint-config-prettier": "8.8.0",
+        "eslint-config-prettier": "8.9.0",
         "js-yaml": "4.1.0",
         "license-report": "6.4.0",
         "marked": "0.7.0",
@@ -46,7 +46,7 @@
     },
     "dependencies": {
         "@postalsys/vmc": "1.0.6",
-        "fast-xml-parser": "4.2.6",
+        "fast-xml-parser": "4.2.7",
         "ipaddr.js": "2.1.0",
         "joi": "17.9.2",
         "libmime": "5.2.1",
@@ -71,10 +71,10 @@
             "LICENSE.txt"
         ],
         "targets": [
-            "node16-linux-x64",
-            "node16-macos-x64",
+            "node18-linux-x64",
+            "node18-macos-x64",
             "node18-macos-arm64",
-            "node16-win-x64"
+            "node18-win-x64"
         ],
         "outputPath": "ee-dist"
     }