From d6b6c30cc43c136adf8cb5cb777ff28c9bc79959 Mon Sep 17 00:00:00 2001
From: Vsevolod Stakhov <vsevolod@highsecure.ru>
Date: Tue, 14 May 2019 09:05:37 +0100
Subject: [PATCH] [Fix] Arc: More arc signing fixes

---
 lualib/lua_dkim_tools.lua |  3 ++-
 src/plugins/lua/arc.lua   | 49 +++++++++++++++++++++++----------------
 2 files changed, 31 insertions(+), 21 deletions(-)

diff --git a/lualib/lua_dkim_tools.lua b/lualib/lua_dkim_tools.lua
index d98ed10f9..772af07b2 100644
--- a/lualib/lua_dkim_tools.lua
+++ b/lualib/lua_dkim_tools.lua
@@ -609,7 +609,8 @@ exports.sign_using_vault = function(N, task, settings, selectors, sign_func, err
             local dkim_sign_data = {
               rawkey = p.key,
               selector = p.selector,
-              domain = p.domain or selectors.domain
+              domain = p.domain or selectors.domain,
+              alg = p.alg,
             }
             lua_util.debugm(N, task, 'found and parsed key for %s:%s in Vault',
                 dkim_sign_data.domain, dkim_sign_data.selector)
diff --git a/src/plugins/lua/arc.lua b/src/plugins/lua/arc.lua
index 05f92e5dd..9e6cf1cac 100644
--- a/src/plugins/lua/arc.lua
+++ b/src/plugins/lua/arc.lua
@@ -509,7 +509,33 @@ local function arc_sign_seal(task, params, header)
   task:insert_result(settings.sign_symbol, 1.0, string.format('i=%d', cur_idx))
 end
 
+local function prepare_arc_selector(task, sel)
+  local arc_seals = task:cache_get('arc-seals')
+
+  sel.arc_cv = 'none'
+  sel.arc_idx = 1
+  sel.no_cache = true
+  sel.sign_type = 'arc-sign'
+
+  if arc_seals then
+    sel.arc_idx = #arc_seals + 1
+
+    if task:has_symbol(arc_symbols.allow) then
+      sel.arc_cv = 'pass'
+    else
+      sel.arc_cv = 'fail'
+    end
+  end
+end
+
 local function do_sign(task, p)
+  if p.alg and p.alg ~= 'rsa' then
+    -- No support for ed25519 keys
+    return
+  end
+
+  prepare_arc_selector(task, p)
+
   if settings.check_pubkey then
     local resolve_name = p.selector .. "._domainkey." .. p.domain
     task:get_resolver():resolve_txt({
@@ -555,38 +581,21 @@ local function sign_error(task, msg)
 end
 
 local function arc_signing_cb(task)
-  local arc_seals = task:cache_get('arc-seals')
-
   local ret, selectors = dkim_sign_tools.prepare_dkim_signing(N, task, settings)
 
   if not ret then
     return
   end
 
-  -- TODO: support multiple signatures here
-  local p = selectors[1]
-
-  p.arc_cv = 'none'
-  p.arc_idx = 1
-  p.no_cache = true
-  p.sign_type = 'arc-sign'
-
-  if arc_seals then
-    p.arc_idx = #arc_seals + 1
-
-    if task:has_symbol(arc_symbols.allow) then
-      p.arc_cv = 'pass'
-    else
-      p.arc_cv = 'fail'
-    end
-  end
-
   if settings.use_redis then
     dkim_sign_tools.sign_using_redis(N, task, settings, selectors, do_sign, sign_error)
   else
     if selectors.vault then
       dkim_sign_tools.sign_using_vault(N, task, settings, selectors, do_sign, sign_error)
     else
+      -- TODO: no support for multiple sigs
+      local p = selectors[1]
+      prepare_arc_selector(task, p)
       if ((p.key or p.rawkey) and p.selector) then
         if p.key then
           p.key = lua_util.template(p.key, {
-- 
2.39.5