Skip to content

Instantly share code, notes, and snippets.

@tanguylebarzic
Created March 25, 2012 17:31
Show Gist options
  • Star 7 You must be signed in to star a gist
  • Fork 3 You must be signed in to fork a gist
  • Save tanguylebarzic/2198497 to your computer and use it in GitHub Desktop.
Save tanguylebarzic/2198497 to your computer and use it in GitHub Desktop.
DKIM signing with Node.js
/*
Heavily inspired by the PHP implementation made by Ahmad Amarullah (available at http://code.google.com/p/php-mail-domain-signer/), with the help of http://phpjs.org/.
Setup:
In dkim-raw-email.js, change the location of your private key and the associatedDomain accordingly to your needs.
Example of use (using aws-lib, https://github.com/mirkok/aws-lib):
*/
var aws = require("aws-lib");
var sesCredentials = require("./../../config/credentials").ses;
var ses = aws.createSESClient(sesCredentials.AWSAccessKeyId, sesCredentials.AWSSecretKey);
var RawEmail = require('./dkim-raw-email');
function sendRawEmail(from, to, cc, subject, HTMLbody, Textbody, cb){
var senderEmail = {email: 'no-reply@dashlane.com', name: 'Dashlane'};
var rawEmail = new RawEmail();
rawEmail.setReturnPath('contact@dashlane.com');
rawEmail.setSender(senderEmail);
rawEmail.setSubject(subject);
rawEmail.setReceivers(to);
if(cc){
rawEmail.setCcReceivers(cc);
}
rawEmail.setText(Textbody);
rawEmail.setHtml(HTMLbody);
ses.call(
'SendRawEmail',
{
'RawMessage.Data' : rawEmail.getEncodedMessage(),
'Source' : rawEmail.getSource()
},
function(result) {
if (result.Error !== undefined) {
cb(result.Error);
} else {
cb(null, result);
}
}
);
}
var fs = require('fs');
var utils = require('./utils');
var MailDomainSigner = require('./MailDomainSigner');
var private_key = fs.readFileSync(__dirname + '/../../config/key.priv');
var associatedDomain = "dashlane.com";
var quoted_printable_encode = utils.quoted_printable_encode;
var trim = utils.trim;
function RawEmail() {
var headers = {};
headers.mimever = 'MIME-Version: 1.0';
headers.ctype = 'Content-Type: multipart/alternative; charset=UTF-8; boundary="' + boundary + '"';
var textBody = "";
var htmlBody = "";
function makeBoundary() {
var text = "";
var possible = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
for ( var i = 0; i < 60; i++)
text += possible.charAt(Math.floor(Math.random() * 62));
return text;
}
function getBody(){
var body = "";
body += '--' + boundary + "\n";
body += 'Content-Type: text/plain; charset=ISO-8859-1\n';
body += 'Content-Transfer-Encoding: quoted-printable' + "\n\n";
body += quoted_printable_encode(trim(textBody.replace(/\s+/g, ' '))) + "\n";
body += '--' + boundary + "\n";
body += 'Content-Type: text/html; charset=ISO-8859-1\n';
body += 'Content-Transfer-Encoding: quoted-printable' + "\n\n";
body += quoted_printable_encode(trim(htmlBody.replace(/\s+/g, ' '))) + "\n";
body += '--' + boundary + "--" + "\n";
return body;
}
var boundary = '-----=' + makeBoundary();
this.setReturnPath = function(returnPathAddress){
headers.returnPath = 'Return-Path: <' + returnPathAddress + '>';
};
this.setSender = function(sender) {
var fromHeader = "From: ";
if (sender.email && sender.name) {
fromHeader += sender.name + ' <' + sender.email + '>';
} else {
fromHeader += sender;
}
headers.from = fromHeader;
};
this.setReceivers = function(receivers) {
var toHeader = "To: ";
if(!Array.isArray(receivers)){
receivers = [receivers];
}
for ( var receiverIndex = 0; receiverIndex < receivers.length; receiverIndex++) {
var receiver = receivers[receiverIndex];
if (receiver.email && receiver.name) {
toHeader += receiver.name + ' <' + receiver.email + '>, ';
} else {
toHeader += receiver + ', ';
}
}
headers.to = toHeader.substring(0, toHeader.length - 2);
};
this.setCcReceivers = function(receivers) {
var toHeader = "Cc: ";
if(!Array.isArray(receivers)){
receivers = [receivers];
}
for ( var receiverIndex = 0; receiverIndex < receivers.length; receiverIndex++) {
var receiver = receivers[receiverIndex];
if (receiver.email && receiver.name) {
toHeader += '"' + receiver.name + '"' + ' <' + receiver.email + '>, ';
} else {
toHeader += receiver + ', ';
}
}
headers.cc = toHeader.substring(0, toHeader.length - 2);
};
this.setSubject = function(subject) {
subject = trim(subject.replace(/\s+/g, ' '));
subject = new Buffer(subject).toString('base64');
subject = '=?utf-8?B?' + subject + '?=';
headers.subject = "Subject: " + subject;
};
this.setText = function(text) {
textBody = text;
};
this.setHtml = function(html) {
htmlBody = html;
};
this.getEncodedMessage = function() {
var body = getBody();
var mailDomainSigner = new MailDomainSigner(private_key, associatedDomain, "dkim1");
var dkim_sign = mailDomainSigner.getDKIM("from:to:subject:mime-version:content-type:",
[headers.from, headers.to, headers.subject, headers.mimever, headers.ctype],
body);
var email = dkim_sign + "\r\n";
for (var header in headers) {
email += headers[header] + "\r\n";
}
email += "\r\n" + body;
return new Buffer(email).toString('base64');
};
this.getSource = function(){
var from = 'From: ';
var index = headers.from.indexOf(from);
if(index !== -1){
return headers.from.substring(index + from.length);
}
else {
return headers.from;
}
};
}
module.exports = RawEmail;
var crypto = require('crypto');
function MailDomainSigner(_pkid, _d, _s){
this.pkid = _pkid;
this.d = _d;
this.s = _s;
function trim(str) {
str += '';
var l = str.length;
var i = 0;
var whitespace = " \n\r\t\f\x0b\xa0\u2000\u2001\u2002\u2003\u2004\u2005\u2006\u2007\u2008\u2009\u200a\u200b\u2028\u2029\u3000";
for (i = 0; i < l; i++) {
if (whitespace.indexOf(str.charAt(i)) === -1) {
str = str.substring(i);
break;
}
}
l = str.length;
for (i = l - 1; i >= 0; i--) {
if (whitespace.indexOf(str.charAt(i)) === -1) {
str = str.substring(0, i + 1);
break;
}
}
return whitespace.indexOf(str.charAt(0)) === -1 ? str : '';
}
function rtrim (str) {
var charlist = '\r\n';
var re = new RegExp('[' + charlist + ']+$', 'g');
return (str + '').replace(re, '');
}
function wordwrap (str, int_width, str_break, cut) {
// Wraps buffer to selected number of characters using string break char
//
// version: 1109.2015
// discuss at: http://phpjs.org/functions/wordwrap
// + original by: Jonas Raoni Soares Silva (http://www.jsfromhell.com)
// + improved by: Nick Callen
// + revised by: Jonas Raoni Soares Silva (http://www.jsfromhell.com)
// + improved by: Kevin van Zonneveld (http://kevin.vanzonneveld.net)
// + improved by: Sakimori
// + bugfixed by: Michael Grier
// * example 1: wordwrap('Kevin van Zonneveld', 6, '|', true);
// * returns 1: 'Kevin |van |Zonnev|eld'
// * example 2: wordwrap('The quick brown fox jumped over the lazy dog.', 20, '\n');
// * returns 2: 'The quick brown fox \njumped over the lazy\n dog.'
// * example 3: wordwrap('Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat.');
// * returns 3: 'Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod \ntempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim \nveniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea \ncommodo consequat.'
// PHP Defaults
var m = ((arguments.length >= 2) ? arguments[1] : 75);
var b = ((arguments.length >= 3) ? arguments[2] : "\n");
var c = ((arguments.length >= 4) ? arguments[3] : false);
var i, j, l, s, r;
str += '';
if (m < 1) {
return str;
}
for (i = -1, l = (r = str.split(/\r\n|\n|\r/)).length; ++i < l; r[i] += s) {
for (s = r[i], r[i] = ""; s.length > m; r[i] += s.slice(0, j) + ((s = s.slice(j)).length ? b : "")) {
j = c == 2 || (j = s.slice(0, m + 1).match(/\S*(\s)?$/))[1] ? m : j.input.length - j[0].length || c == 1 && m || j.input.length + (j = s.slice(m).match(/^\S*/)).input.length;
}
}
return r.join("\n");
}
function chunk_split (body, chunklen, end) {
// Returns split line
//
// version: 1109.2015
// discuss at: http://phpjs.org/functions/chunk_split
// + original by: Paulo Freitas
// + input by: Brett Zamir (http://brett-zamir.me)
// + bugfixed by: Kevin van Zonneveld (http://kevin.vanzonneveld.net)
// + improved by: Theriault
// * example 1: chunk_split('Hello world!', 1, '*');
// * returns 1: 'H*e*l*l*o* *w*o*r*l*d*!*'
// * example 2: chunk_split('Hello world!', 10, '*');
// * returns 2: 'Hello worl*d!*'
chunklen = parseInt(chunklen, 10) || 76;
end = end || '\r\n';
if (chunklen < 1) {
return false;
}
return body.match(new RegExp(".{0," + chunklen + "}", "g")).join(end);
}
function headRelaxCanon(s){
s = s.replace(/\r\n\s+/g, " ");
var lines = s.split('\r\n');
for (var i = 0; i < lines.length; i++) {
var line = lines[i];
var firstColon = line.indexOf(':');
var heading = line.substring(0, firstColon);
var value = line.substring(firstColon + 1);
heading = heading.toLowerCase();
value = value.replace(/\s+/g, " ");
lines[i] = heading + ":" + trim(value);
}
s = lines.join('\r\n');
return s;
}
function bodyRelaxCanon(body){
if(body === ''){
return '\r\n';
}
body = body.replace(/\r\n/g, '\n');
body = body.replace(/\n/g, '\r\n');
while(body.substring(body.length - 2) === "\r\n"){
body = body.substring(0, body.length - 2);
}
return body + "\r\n";
}
/**
* DKIM-Signature Header Creator Function implementation according to RFC4871
*/
this.getDKIM = function(h, _h, body){
var _b = bodyRelaxCanon(body);
var _l = _b.length;
var shasum = crypto.createHash('sha1');
shasum.update(_b);
var _bh = shasum.digest('base64');
var _dkim = "DKIM-Signature: " +
"v=1; " + // DKIM Version
"a=rsa-sha1; " + // The algorithm used to generate the signature "rsa-sha1"
"s=" + this.s + "; " + // The selector subdividing the namespace for the "d=" (domain) tag
"d=" + this.d + "; " + // The domain of the signing entity
"l=" + _l + "; " + // Canonicalizated Body length count
"c=relaxed/relaxed; " + // Message (Headers/Body) Canonicalization "relaxed/relaxed"
"h=" + h + "; " + // Signed header fields
"bh=" + _bh + ";\r\n\t" + // The hash of the canonicalized body part of the message
"b="; // The signature data (Empty because we will calculate it later)
// Wrap DKIM Header
_dkim = wordwrap(_dkim, 76, "\r\n\t");
// Canonicalization Header Data
var _unsigned = headRelaxCanon(_h.join("\r\n") + "\r\n" + _dkim);
var signer = crypto.createSign("sha1");
signer.update(_unsigned);
var _signed = signer.sign(this.pkid, 'base64');
// Base64 encoded signed data
// Chunk Split it
// Then Append it $_dkim
_dkim += chunk_split(_signed,76,"\r\n\t");
// Return trimmed $_dkim
return trim(_dkim);
};
}
module.exports = MailDomainSigner;
module.exports = {
quoted_printable_encode: function(str) {
// + original by: Theriault
// + improved by: Brett Zamir (http://brett-zamir.me)
// + improved by: Theriault
// * example 1: quoted_printable_encode('a=b=c');
// * returns 1: 'a=3Db=3Dc'
// * example 2: quoted_printable_encode('abc \r\n123 \r\n');
// * returns 2: 'abc =20\r\n123 =20\r\n'
// * example 3: quoted_printable_encode('0123456789012345678901234567890123456789012345678901234567890123456789012345');
// * returns 3: '012345678901234567890123456789012345678901234567890123456789012345678901234=\r\n5'
// RFC 2045: 6.7.2: Octets with decimal values of 33 through 60 (bang to less-than) inclusive, and 62 through 126 (greater-than to tilde), inclusive, MAY be represented as the US-ASCII characters
// PHP does not encode any of the above; as does this function.
// RFC 2045: 6.7.3: Octets with values of 9 and 32 MAY be represented as US-ASCII TAB (HT) and SPACE characters, respectively, but MUST NOT be so represented at the end of an encoded line
// PHP does not encode spaces (octet 32) except before a CRLF sequence as stated above. PHP always encodes tabs (octet 9). This function replicates PHP.
// RFC 2045: 6.7.4: A line break in a text body, represented as a CRLF sequence in the text canonical form, must be represented by a (RFC 822) line break
// PHP does not encode a CRLF sequence, as does this function.
// RFC 2045: 6.7.5: The Quoted-Printable encoding REQUIRES that encoded lines be no more than 76 characters long. If longer lines are to be encoded with the Quoted-Printable encoding, "soft" line breaks must be used.
// PHP breaks lines greater than 76 characters; as does this function.
var hexChars = ['0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'A', 'B', 'C', 'D', 'E', 'F'],
RFC2045Encode1IN = / \r\n|\r\n|[^!-<>-~ ]/gm,
RFC2045Encode1OUT = function (sMatch) {
// Encode space before CRLF sequence to prevent spaces from being stripped
// Keep hard line breaks intact; CRLF sequences
if (sMatch.length > 1) {
return sMatch.replace(' ', '=20');
}
// Encode matching character
var chr = sMatch.charCodeAt(0);
return '=' + hexChars[((chr >>> 4) & 15)] + hexChars[(chr & 15)];
},
// Split lines to 75 characters; the reason it's 75 and not 76 is because softline breaks are preceeded by an equal sign; which would be the 76th character.
// However, if the last line/string was exactly 76 characters, then a softline would not be needed. PHP currently softbreaks anyway; so this function replicates PHP.
RFC2045Encode2IN = /.{1,72}(?!\r\n)[^=]{0,3}/g,
RFC2045Encode2OUT = function (sMatch) {
if (sMatch.substr(sMatch.length - 2) === '\r\n') {
return sMatch;
}
return sMatch + '=\r\n';
};
str = str.replace(RFC2045Encode1IN, RFC2045Encode1OUT).replace(RFC2045Encode2IN, RFC2045Encode2OUT);
// Strip last softline break
return str.substr(0, str.length - 3).replace(/\=19/g, "=27");
},
trim: function(str) {
str += '';
var l = str.length;
var i = 0;
var whitespace = " \n\r\t\f\x0b\xa0\u2000\u2001\u2002\u2003\u2004\u2005\u2006\u2007\u2008\u2009\u200a\u200b\u2028\u2029\u3000";
for (i = 0; i < l; i++) {
if (whitespace.indexOf(str.charAt(i)) === -1) {
str = str.substring(i);
break;
}
}
l = str.length;
for (i = l - 1; i >= 0; i--) {
if (whitespace.indexOf(str.charAt(i)) === -1) {
str = str.substring(0, i + 1);
break;
}
}
return whitespace.indexOf(str.charAt(0)) === -1 ? str : '';
}
};
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment