WIP: DKIM: ban SHA1, code simplification, explanation of default values.
parent
682746141a
commit
462351f32f
|
|
@ -37,8 +37,8 @@ emptyDKIMRR = { v: Nothing, k: Just RSA, h: Just SHA256, p: "", n: Nothing }
|
|||
-- of "foo.bar", the DNS query will be for
|
||||
-- "foo.bar._domainkey.example.com".
|
||||
|
||||
data HashingAlgorithm = SHA1 | SHA256
|
||||
hash_algos = ["sha1", "sha256"] :: Array String
|
||||
data HashingAlgorithm = {- SHA1 | -} SHA256
|
||||
hash_algos = [ {- "sha1", -} SHA256] :: Array HashingAlgorithm
|
||||
|
||||
-- | Codec for just encoding a single value of type `HashingAlgorithm`.
|
||||
codecHashingAlgorithm :: CA.JsonCodec HashingAlgorithm
|
||||
|
|
@ -46,17 +46,17 @@ codecHashingAlgorithm = CA.prismaticCodec "HashingAlgorithm" str_to_hashing_algo
|
|||
|
||||
str_to_hashing_algorithm :: String -> Maybe HashingAlgorithm
|
||||
str_to_hashing_algorithm = case _ of
|
||||
"sha1" -> Just SHA1
|
||||
-- "sha1" -> Just SHA1
|
||||
"sha256" -> Just SHA256
|
||||
_ -> Nothing
|
||||
|
||||
show_hashing_algorithm :: HashingAlgorithm -> String
|
||||
show_hashing_algorithm = case _ of
|
||||
SHA1 -> "sha1"
|
||||
-- SHA1 -> "sha1"
|
||||
SHA256 -> "sha256"
|
||||
|
||||
data SignatureAlgorithm = RSA
|
||||
sign_algos = ["rsa"] :: Array String
|
||||
sign_algos = [RSA] :: Array SignatureAlgorithm
|
||||
|
||||
-- | Codec for just encoding a single value of type `SignatureAlgorithm`.
|
||||
codecSignatureAlgorithm :: CA.JsonCodec SignatureAlgorithm
|
||||
|
|
|
|||
|
|
@ -8,7 +8,21 @@ dkim_introduction =
|
|||
DKIM is a way to share a public signature key for the domain.
|
||||
This allows emails to be signed by the sender, and for the receiver to prove the origin of the mail.
|
||||
"""
|
||||
, Bulma.p """
|
||||
, HH.p []
|
||||
[ HH.text """
|
||||
Default name is fine, change it only if you know what you are doing.
|
||||
For the configuration of your mail server, remember that your
|
||||
"""
|
||||
, HH.u_ [HH.text "selector"]
|
||||
, HH.text " is "
|
||||
, Bulma.strong "default"
|
||||
, HH.text "."
|
||||
]
|
||||
]
|
||||
|
||||
dkim_default_algorithms :: forall w i. Array (HH.HTML w i)
|
||||
dkim_default_algorithms =
|
||||
[ Bulma.p """
|
||||
Default values should be fine (RSA + SHA256), change them only if you know what you are doing.
|
||||
Just enter your public key.
|
||||
"""
|
||||
|
|
|
|||
|
|
@ -465,13 +465,14 @@ render state
|
|||
(show state._currentRR.ttl)
|
||||
should_be_disabled
|
||||
, Bulma.hr
|
||||
, Bulma.div_content [Bulma.explanation Explanations.dkim_default_algorithms]
|
||||
, Bulma.selection_field "idDKIMSignature" "Signature algo"
|
||||
DKIM_sign_algo
|
||||
DKIM.sign_algos
|
||||
(map DKIM.show_signature_algorithm DKIM.sign_algos)
|
||||
(DKIM.show_signature_algorithm $ fromMaybe DKIM.RSA state.dkim.k)
|
||||
, Bulma.selection_field "idDKIMHash" "Hash algo"
|
||||
DKIM_hash_algo
|
||||
DKIM.hash_algos
|
||||
(map DKIM.show_hashing_algorithm DKIM.hash_algos)
|
||||
(DKIM.show_hashing_algorithm $ fromMaybe DKIM.SHA256 state.dkim.h)
|
||||
, Bulma.box_input "pkDKIM" "Public Key" "Your public key, such as 'MIIBIjANBgqh...'"
|
||||
DKIM_pubkey state.dkim.p should_be_disabled
|
||||
|
|
@ -560,6 +561,11 @@ handleAction = case _ of
|
|||
-- In case the `name` part of the resource record is empty, consider the name to be the domain itself.
|
||||
H.modify_ \s -> s { _currentRR = replace_name s._domain s._currentRR }
|
||||
|
||||
-- TODO: should the code design change? Would the code be simplified by working only on _currentRR.dkim?
|
||||
_ <- case t of
|
||||
DKIM -> H.modify_ \state -> state { _currentRR { dkim = Just state.dkim } }
|
||||
_ -> pure unit
|
||||
|
||||
state <- H.get
|
||||
case Validation.validation state._currentRR of
|
||||
Left actual_errors -> do
|
||||
|
|
@ -567,7 +573,7 @@ handleAction = case _ of
|
|||
-- loopE (\v -> H.raise $ Log $ ErrorLog $ "==> " <> show_error v) actual_errors
|
||||
H.modify_ _ { _currentRR_errors = actual_errors }
|
||||
Right newrr -> do
|
||||
H.modify_ _ { _currentRR_errors = [] }
|
||||
H.modify_ _ { _currentRR_errors = [], dkim = DKIM.emptyDKIMRR }
|
||||
handleAction $ AddRR t newrr
|
||||
handleAction CancelModal
|
||||
|
||||
|
|
@ -669,14 +675,12 @@ handleAction = case _ of
|
|||
v -> Just v
|
||||
H.modify_ _ { _currentRR { modifiers = new_value }}
|
||||
|
||||
DKIM_hash_algo v -> H.modify_ _ { dkim { h = mod_dkim_h v } }
|
||||
DKIM_sign_algo v -> H.modify_ _ { dkim { k = mod_dkim_k v } }
|
||||
DKIM_pubkey v -> H.modify_ _ { dkim { p = v } }
|
||||
DKIM_note v -> H.modify_ _ { dkim { n = Just v } }
|
||||
DKIM_hash_algo v -> H.modify_ _ { dkim { h = DKIM.hash_algos A.!! v } }
|
||||
DKIM_sign_algo v -> H.modify_ _ { dkim { k = DKIM.sign_algos A.!! v } }
|
||||
DKIM_pubkey v -> H.modify_ _ { dkim { p = v } }
|
||||
DKIM_note v -> H.modify_ _ { dkim { n = Just v } }
|
||||
|
||||
where
|
||||
mod_dkim_h v = DKIM.str_to_hashing_algorithm $ fromMaybe "sha256" $ DKIM.hash_algos A.!! v
|
||||
mod_dkim_k v = DKIM.str_to_signature_algorithm $ fromMaybe "rsa" $ DKIM.sign_algos A.!! v
|
||||
-- In case the `name` part of the resource record is empty replace it with the domain name.
|
||||
replace_name domain rr = case rr.name of
|
||||
"" -> rr { name = domain <> "." }
|
||||
|
|
|
|||
Loading…
Reference in New Issue