diff options
| author | Vsevolod Stakhov <vsevolod@highsecure.ru> | 2019-04-29 14:53:07 +0100 |
|---|---|---|
| committer | Vsevolod Stakhov <vsevolod@highsecure.ru> | 2019-04-29 14:53:07 +0100 |
| commit | 506e7cd0ab1a351e499920109f82f2510782ad6e (patch) | |
| tree | 1537679950b1a0c39f66a516636a2a455d54173a | |
| parent | 07f9ed4ebf00a615b1a5c7f5ca35d99c6b07bf3f (diff) | |
| download | rspamd-506e7cd0ab1a351e499920109f82f2510782ad6e.tar.gz rspamd-506e7cd0ab1a351e499920109f82f2510782ad6e.zip | |
[Project] Improve dkim keys generation for vault
| -rw-r--r-- | lualib/rspamadm/vault.lua | 37 |
1 files changed, 34 insertions, 3 deletions
diff --git a/lualib/rspamadm/vault.lua b/lualib/rspamadm/vault.lua index 2ee3e837d..98f0fef99 100644 --- a/lualib/rspamadm/vault.lua +++ b/lualib/rspamadm/vault.lua @@ -79,12 +79,16 @@ newkey:option "-A --algorithm" :convert { rsa = "rsa", ed25519 = "ed25519", + eddsa = "ed25519", } :default "rsa" newkey:option "-b --bits" :argname("<nbits>") :convert(tonumber) :default "1024" +newkey:option "-x --expire" + :argname("<days>") + :convert(tonumber) newkey:flag "-r --rewrite" @@ -138,6 +142,22 @@ local function maybe_print_vault_data(opts, data, func) end end +local function print_dkim_txt_record(b64, selector, alg) + local labels = {} + local prefix = string.format("v=DKIM1; k=%s; p=", alg) + b64 = prefix .. b64 + if #b64 < 255 then + labels = {'"' .. b64 .. '"'} + else + for sl=1,#b64,255 do + table.insert(labels, '"' .. b64:sub(sl, sl + 255) .. '"') + end + end + + printf("%s._domainkey IN TXT ( %s )", selector, + table.concat(labels, "\n\t")) +end + local function show_handler(opts, domain) local uri = vault_url(opts, domain) local err,data = rspamd_http.request{ @@ -218,7 +238,8 @@ local function newkey_handler(opts, domain) local uri = vault_url(opts, domain) if not opts.selector then - opts.selector = os.date("%Y%m%d") + opts.selector = string.format('%s-%s', opts.algorithm, + os.date("%Y%m%d")) end local err,data = rspamd_http.request{ @@ -241,11 +262,16 @@ local function newkey_handler(opts, domain) [1] = { selector = opts.selector, domain = domain, - key = tostring(sk) + key = tostring(sk), + alg = opts.algorithm, } } } + if opts.expire then + res.selectors[1].valid_end = os.time() + opts.expire * 3600 * 24 + end + err,data = rspamd_http.request{ config = rspamd_config, ev_base = rspamadm_ev_base, @@ -268,7 +294,12 @@ local function newkey_handler(opts, domain) else maybe_printf(opts,'stored key for: %s, selector: %s', domain, opts.selector) maybe_printf(opts, 'please place the corresponding public key as following:') - printf('%s', pk) + + if opts.silent then + printf('%s', pk) + else + print_dkim_txt_record(tostring(pk), opts.selector, opts.algorithm) + end end end end |