aboutsummaryrefslogtreecommitdiffstats
path: root/lualib/lua_dkim_tools.lua
diff options
context:
space:
mode:
authorVsevolod Stakhov <vsevolod@highsecure.ru>2019-04-23 12:50:10 +0100
committerVsevolod Stakhov <vsevolod@highsecure.ru>2019-04-23 12:50:10 +0100
commit27235fe7067c26ab3a4322ab6d607103e7e51535 (patch)
treed76e67249404c29ef187048cf90eea251cc59a47 /lualib/lua_dkim_tools.lua
parentab20b88431482d42353ab791d7f5a076a18dfc42 (diff)
downloadrspamd-27235fe7067c26ab3a4322ab6d607103e7e51535.tar.gz
rspamd-27235fe7067c26ab3a4322ab6d607103e7e51535.zip
[Minor] Add support of validity checks in the vault
Diffstat (limited to 'lualib/lua_dkim_tools.lua')
-rw-r--r--lualib/lua_dkim_tools.lua28
1 files changed, 25 insertions, 3 deletions
diff --git a/lualib/lua_dkim_tools.lua b/lualib/lua_dkim_tools.lua
index ea84d58de..2e5856d3c 100644
--- a/lualib/lua_dkim_tools.lua
+++ b/lualib/lua_dkim_tools.lua
@@ -21,6 +21,7 @@ local E = {}
local lua_util = require "lua_util"
local rspamd_util = require "rspamd_util"
local logger = require "rspamd_logger"
+local fun = require "fun"
local function check_violation(N, task, domain)
-- Check for DKIM_REJECT
@@ -576,16 +577,37 @@ exports.sign_using_vault = function(N, task, settings, selectors, sign_func, err
else
local elts = obj.data.selectors or {}
- for _,p in ipairs(elts) do
+ -- Filter selectors by time/sanity
+ local function is_selector_valid(p)
+ if not p.key or not p.selector then
+ return false
+ end
+
+ if p.valid_start then
+ -- Check start time
+ if rspamd_util.get_time() < tonumber(p.valid_start) then
+ return false
+ end
+ end
+
+ if p.valid_end then
+ if rspamd_util.get_time() >= tonumber(p.valid_end) then
+ return false
+ end
+ end
+
+ return true
+ end
+ fun.each(function(p)
local dkim_sign_data = {
rawkey = p.key,
selector = p.selector,
- domain = selectors.domain
+ domain = p.domain or selectors.domain
}
lua_util.debugm(N, task, 'found and parsed key for %s:%s in Vault',
dkim_sign_data.domain, dkim_sign_data.selector)
sign_func(task, dkim_sign_data)
- end
+ end, fun.filter(is_selector_valid, elts))
end
end
end