Vsevolod Stakhov
5 years ago
2 changed files with 31 additions and 21 deletions
+ 2
- 1
lualib/lua_dkim_tools.lua
View File
| @@ -609,7 +609,8 @@ exports.sign_using_vault = function(N, task, settings, selectors, sign_func, err | |||
| local dkim_sign_data = { | |||
| rawkey = p.key, | |||
| selector = p.selector, | |||
| domain = p.domain or selectors.domain | |||
| domain = p.domain or selectors.domain, | |||
| alg = p.alg, | |||
| } | |||
| lua_util.debugm(N, task, 'found and parsed key for %s:%s in Vault', | |||
| dkim_sign_data.domain, dkim_sign_data.selector) | |||
+ 29
- 20
src/plugins/lua/arc.lua
View File
| @@ -509,7 +509,33 @@ local function arc_sign_seal(task, params, header) | |||
| task:insert_result(settings.sign_symbol, 1.0, string.format('i=%d', cur_idx)) | |||
| end | |||
| local function prepare_arc_selector(task, sel) | |||
| local arc_seals = task:cache_get('arc-seals') | |||
| sel.arc_cv = 'none' | |||
| sel.arc_idx = 1 | |||
| sel.no_cache = true | |||
| sel.sign_type = 'arc-sign' | |||
| if arc_seals then | |||
| sel.arc_idx = #arc_seals + 1 | |||
| if task:has_symbol(arc_symbols.allow) then | |||
| sel.arc_cv = 'pass' | |||
| else | |||
| sel.arc_cv = 'fail' | |||
| end | |||
| end | |||
| end | |||
| local function do_sign(task, p) | |||
| if p.alg and p.alg ~= 'rsa' then | |||
| -- No support for ed25519 keys | |||
| return | |||
| end | |||
| prepare_arc_selector(task, p) | |||
| if settings.check_pubkey then | |||
| local resolve_name = p.selector .. "._domainkey." .. p.domain | |||
| task:get_resolver():resolve_txt({ | |||
| @@ -555,38 +581,21 @@ local function sign_error(task, msg) | |||
| end | |||
| local function arc_signing_cb(task) | |||
| local arc_seals = task:cache_get('arc-seals') | |||
| local ret, selectors = dkim_sign_tools.prepare_dkim_signing(N, task, settings) | |||
| if not ret then | |||
| return | |||
| end | |||
| -- TODO: support multiple signatures here | |||
| local p = selectors[1] | |||
| p.arc_cv = 'none' | |||
| p.arc_idx = 1 | |||
| p.no_cache = true | |||
| p.sign_type = 'arc-sign' | |||
| if arc_seals then | |||
| p.arc_idx = #arc_seals + 1 | |||
| if task:has_symbol(arc_symbols.allow) then | |||
| p.arc_cv = 'pass' | |||
| else | |||
| p.arc_cv = 'fail' | |||
| end | |||
| end | |||
| if settings.use_redis then | |||
| dkim_sign_tools.sign_using_redis(N, task, settings, selectors, do_sign, sign_error) | |||
| else | |||
| if selectors.vault then | |||
| dkim_sign_tools.sign_using_vault(N, task, settings, selectors, do_sign, sign_error) | |||
| else | |||
| -- TODO: no support for multiple sigs | |||
| local p = selectors[1] | |||
| prepare_arc_selector(task, p) | |||
| if ((p.key or p.rawkey) and p.selector) then | |||
| if p.key then | |||
| p.key = lua_util.template(p.key, { | |||
Loading…