Skip to content
Permalink
Browse files

bug #875 Update dkim (Rotzbua)

This PR was squashed before being merged into the 5.x branch (closes #875).

Discussion
----------

Update dkim

As suggested in #870.

Changes:
 - use sha256 as default
 - old php 5.3 use sha1 still as default, because sha256 is missing
 - test adjusted

Commits
-------

0e40c0e Update dkim
  • Loading branch information...
fabpot committed Feb 13, 2017
2 parents 3de2857 + 0e40c0e commit 1023ed33f10ad14b728ed49a8243bfb5a2bbaf77
Showing with 34 additions and 17 deletions.
  1. +31 −15 lib/classes/Swift/Signers/DKIMSigner.php
  2. +3 −2 tests/unit/Swift/Signers/DKIMSignerTest.php
@@ -39,9 +39,11 @@ class Swift_Signers_DKIMSigner implements Swift_Signers_HeaderSigner
/**
* Hash algorithm used.
*
* @see RFC6376 3.3: Signers MUST implement and SHOULD sign using rsa-sha256.
*
* @var string
*/
protected $_hashAlgorithm = 'rsa-sha1';
protected $_hashAlgorithm = 'rsa-sha256';
/**
* Body canon method.
@@ -174,6 +176,11 @@ public function __construct($privateKey, $domainName, $selector)
$this->_domainName = $domainName;
$this->_signerIdentity = '@'.$domainName;
$this->_selector = $selector;
// keep fallback hash algorithm sha1, if php version is lower than 5.4.8
if (version_compare(phpversion(), '5.4.8', '<')) {
$this->_hashAlgorithm = 'rsa-sha1';
}
}
/**
@@ -223,6 +230,7 @@ public function reset()
*
* @return int
*/
// TODO fix return
public function write($bytes)
{
$this->_canonicalizeBody($bytes);
@@ -234,8 +242,6 @@ public function write($bytes)
/**
* For any bytes that are currently buffered inside the stream, force them
* off the buffer.
*
* @throws Swift_IoException
*/
public function commit()
{
@@ -276,8 +282,6 @@ public function unbind(Swift_InputByteStream $is)
return;
}
}
return;
}
/**
@@ -292,19 +296,28 @@ public function flushBuffers()
}
/**
* Set hash_algorithm, must be one of rsa-sha256 | rsa-sha1 defaults to rsa-sha256.
* Set hash_algorithm, must be one of rsa-sha256 | rsa-sha1.
*
* @param string $hash 'rsa-sha1' or 'rsa-sha256'
*
* @param string $hash
* @throws Swift_SwiftException
*
* @return Swift_Signers_DKIMSigner
*/
public function setHashAlgorithm($hash)
{
// Unable to sign with rsa-sha256
if ($hash == 'rsa-sha1') {
$this->_hashAlgorithm = 'rsa-sha1';
} else {
$this->_hashAlgorithm = 'rsa-sha256';
switch ($hash) {
case 'rsa-sha1':
$this->_hashAlgorithm = 'rsa-sha1';
break;
case 'rsa-sha256':
$this->_hashAlgorithm = 'rsa-sha256';
if (!defined('OPENSSL_ALGO_SHA256')) {
throw new Swift_SwiftException('Unable to set sha256, not offered by openssl');
}
break;
default:
throw new Swift_SwiftException('Unable to set hash algorithm');
}
return $this;
@@ -432,12 +445,12 @@ public function startBody()
{
// Init
switch ($this->_hashAlgorithm) {
case 'rsa-sha256':
$this->_bodyHashHandler = hash_init('sha256');
break;
case 'rsa-sha1':
$this->_bodyHashHandler = hash_init('sha1');
break;
case 'rsa-sha256':
$this->_bodyHashHandler = hash_init('sha256');
break;
}
$this->_bodyCanonLine = '';
}
@@ -678,13 +691,16 @@ private function _addToHeaderHash($header)
private function _getEncryptedHash()
{
$signature = '';
switch ($this->_hashAlgorithm) {
case 'rsa-sha1':
$algorithm = OPENSSL_ALGO_SHA1;
break;
case 'rsa-sha256':
$algorithm = OPENSSL_ALGO_SHA256;
break;
default:
throw new Swift_SwiftException('Unable to set hash algorithm');
}
$pkeyId = openssl_get_privatekey($this->_privateKey);
if (!$pkeyId) {
@@ -29,12 +29,13 @@ public function testBasicSigningHeaderManipulation()
$signer->addSignature($headers);
}
// Default Signing
public function testSigningDefaults()
// SHA1 Signing
public function testSigningSHA1()
{
$headerSet = $this->_createHeaderSet();
$messageContent = 'Hello World';
$signer = new Swift_Signers_DKIMSigner(file_get_contents(dirname(dirname(dirname(__DIR__))).'/_samples/dkim/dkim.test.priv'), 'dummy.nxdomain.be', 'dummySelector');
$signer->setHashAlgorithm('rsa-sha1');
$signer->setSignatureTimestamp('1299879181');
$altered = $signer->getAlteredHeaders();
$this->assertEquals(array('DKIM-Signature'), $altered);

0 comments on commit 1023ed3

Please sign in to comment.
You can’t perform that action at this time.