diff options
| author | Vsevolod Stakhov <vsevolod@highsecure.ru> | 2019-04-22 14:28:40 +0100 |
|---|---|---|
| committer | Vsevolod Stakhov <vsevolod@highsecure.ru> | 2019-04-22 14:28:40 +0100 |
| commit | 02f24b232c96cefa456c7b0823f05fb38480a613 (patch) | |
| tree | 7794496a69cd7bbcf9f83d00dedb92e304e37a8a /src/plugins/lua | |
| parent | d2e75d56b0328553638f214a874988ea5b1ebd42 (diff) | |
| download | rspamd-02f24b232c96cefa456c7b0823f05fb38480a613.tar.gz rspamd-02f24b232c96cefa456c7b0823f05fb38480a613.zip | |
[Project] Add vault support for dkim and arc signing
Diffstat (limited to 'src/plugins/lua')
| -rw-r--r-- | src/plugins/lua/arc.lua | 46 | ||||
| -rw-r--r-- | src/plugins/lua/dkim_signing.lua | 34 |
2 files changed, 44 insertions, 36 deletions
diff --git a/src/plugins/lua/arc.lua b/src/plugins/lua/arc.lua index 764a6e5a0..0bdaf5e14 100644 --- a/src/plugins/lua/arc.lua +++ b/src/plugins/lua/arc.lua @@ -582,31 +582,35 @@ local function arc_signing_cb(task) if settings.use_redis then dkim_sign_tools.sign_using_redis(N, task, settings, selectors, do_sign, sign_error) else - if ((p.key or p.rawkey) and p.selector) then - if p.key then - p.key = lua_util.template(p.key, { - domain = p.domain, - selector = p.selector - }) - - local exists,err = rspamd_util.file_exists(p.key) - if not exists then - if err and err == 'No such file or directory' then - lua_util.debugm(N, task, 'cannot read key from %s: %s', p.key, err) - else - rspamd_logger.warnx(task, 'cannot read key from %s: %s', p.key, err) + if selectors.vault then + dkim_sign_tools.sign_using_vault(N, task, settings, selectors, do_sign, sign_error) + else + if ((p.key or p.rawkey) and p.selector) then + if p.key then + p.key = lua_util.template(p.key, { + domain = p.domain, + selector = p.selector + }) + + local exists,err = rspamd_util.file_exists(p.key) + if not exists then + if err and err == 'No such file or directory' then + lua_util.debugm(N, task, 'cannot read key from %s: %s', p.key, err) + else + rspamd_logger.warnx(task, 'cannot read key from %s: %s', p.key, err) + end + return false end - return false end - end - local dret, hdr = dkim_sign(task, p) - if dret then - return arc_sign_seal(task, p, hdr) + local dret, hdr = dkim_sign(task, p) + if dret then + return arc_sign_seal(task, p, hdr) + end + else + rspamd_logger.infox(task, 'key path or dkim selector unconfigured; no signing') + return false end - else - rspamd_logger.infox(task, 'key path or dkim selector unconfigured; no signing') - return false end end end diff --git a/src/plugins/lua/dkim_signing.lua b/src/plugins/lua/dkim_signing.lua index 2a3930b4b..035c58492 100644 --- a/src/plugins/lua/dkim_signing.lua +++ b/src/plugins/lua/dkim_signing.lua @@ -99,23 +99,27 @@ local function dkim_signing_cb(task) if settings.use_redis then dkim_sign_tools.sign_using_redis(N, task, settings, selectors, do_sign, sign_error) else - if #selectors > 0 then - for _, k in ipairs(selectors) do - -- templates - if k.key then - k.key = lua_util.template(k.key, { - domain = k.domain, - selector = k.selector - }) - lua_util.debugm(N, task, 'using key "%s", use selector "%s" for domain "%s"', - k.key, k.selector, k.domain) + if selectors.vault then + dkim_sign_tools.sign_using_vault(N, task, settings, selectors, do_sign, sign_error) + else + if #selectors > 0 then + for _, k in ipairs(selectors) do + -- templates + if k.key then + k.key = lua_util.template(k.key, { + domain = k.domain, + selector = k.selector + }) + lua_util.debugm(N, task, 'using key "%s", use selector "%s" for domain "%s"', + k.key, k.selector, k.domain) + end + + do_sign(task, k) end - - do_sign(task, k) + else + rspamd_logger.infox(task, 'key path or dkim selector unconfigured; no signing') + return false end - else - rspamd_logger.infox(task, 'key path or dkim selector unconfigured; no signing') - return false end end end |