From a4de9b2ebb9aa47ebff0c71fb980daf4eb5ca0cc Mon Sep 17 00:00:00 2001
From: Vsevolod Stakhov <vsevolod@rspamd.com>
Date: Sat, 9 Mar 2024 14:50:47 +0000
Subject: [PATCH] [Rework] Another rework of the dkim signing logic

---
 lualib/lua_dkim_tools.lua        |  8 +++----
 src/plugins/lua/dkim_signing.lua | 39 +++++++++++++++-----------------
 2 files changed, 22 insertions(+), 25 deletions(-)

diff --git a/lualib/lua_dkim_tools.lua b/lualib/lua_dkim_tools.lua
index ad780c0f0..b7f520fae 100644
--- a/lualib/lua_dkim_tools.lua
+++ b/lualib/lua_dkim_tools.lua
@@ -614,12 +614,12 @@ exports.sign_using_redis = function(N, task, settings, selectors, sign_func, err
   end
 end
 
-exports.sign_using_vault = function(N, task, settings, selectors, sign_func, err_func)
+exports.sign_using_vault = function(N, task, settings, selector, sign_func, err_func)
   local http = require "rspamd_http"
   local ucl = require "ucl"
 
   local full_url = string.format('%s/v1/%s/%s',
-      settings.vault_url, settings.vault_path or 'dkim', selectors.domain)
+      settings.vault_url, settings.vault_path or 'dkim', selector.domain)
   local upstream_list = lua_util.http_upstreams_by_url(rspamd_config:get_mempool(), settings.vault_url)
 
   local function vault_callback(err, code, body, _)
@@ -671,7 +671,7 @@ exports.sign_using_vault = function(N, task, settings, selectors, sign_func, err
             local dkim_sign_data = {
               rawkey = p.key,
               selector = p.selector,
-              domain = p.domain or selectors.domain,
+              domain = p.domain or selector.domain,
               alg = p.alg,
             }
             lua_util.debugm(N, task, 'found and parsed key for %s:%s in Vault',
@@ -707,7 +707,7 @@ exports.sign_using_vault = function(N, task, settings, selectors, sign_func, err
 
   if not ret then
     err_func(task, string.format("cannot make HTTP request to load DKIM data domain %s",
-        selectors.domain))
+        selector.domain))
   end
 end
 
diff --git a/src/plugins/lua/dkim_signing.lua b/src/plugins/lua/dkim_signing.lua
index 4d16bdf37..326ebab51 100644
--- a/src/plugins/lua/dkim_signing.lua
+++ b/src/plugins/lua/dkim_signing.lua
@@ -111,31 +111,28 @@ local function dkim_signing_cb(task)
   if not ret or #selectors == 0 then
     return
   end
-
   if settings.use_redis then
+    -- Use only redis stuff here
     dkim_sign_tools.sign_using_redis(N, task, settings, selectors, do_sign, sign_error)
-  else
-    if selectors.vault then
-      dkim_sign_tools.sign_using_vault(N, task, settings, selectors, do_sign, sign_error)
+    return
+  end
+
+  for _, k in ipairs(selectors) do
+    if k.vault then
+      dkim_sign_tools.sign_using_vault(N, task, settings, k, do_sign, sign_error)
     else
-      if #selectors > 0 then
-        for _, k in ipairs(selectors) do
-          -- templates
-          if k.key then
-            k.key = lua_util.template(k.key, {
-              domain = k.domain,
-              selector = k.selector
-            })
-            lua_util.debugm(N, task, 'using key "%s", use selector "%s" for domain "%s"',
-                k.key, k.selector, k.domain)
-          end
-
-          do_sign(task, k)
-        end
-      else
-        rspamd_logger.infox(task, 'key path or dkim selector unconfigured; no signing')
-        return false
+      -- templates
+      if k.key then
+        k.key = lua_util.template(k.key, {
+          domain = k.domain,
+          selector = k.selector
+        })
+        lua_util.debugm(N, task, 'using key "%s", use selector "%s" for domain "%s"',
+            k.key, k.selector, k.domain)
       end
+
+      do_sign(task, k)
+
     end
   end
 end
-- 
2.39.5