From 462351f32fb753699019e1305ba38a0ed1e0efa0 Mon Sep 17 00:00:00 2001 From: Philippe Pittoli Date: Mon, 11 Mar 2024 01:29:24 +0100 Subject: [PATCH] WIP: DKIM: ban SHA1, code simplification, explanation of default values. --- src/App/DKIM.purs | 10 +++++----- src/App/Text/Explanations.purs | 16 +++++++++++++++- src/App/ZoneInterface.purs | 22 +++++++++++++--------- 3 files changed, 33 insertions(+), 15 deletions(-) diff --git a/src/App/DKIM.purs b/src/App/DKIM.purs index c0a8f62..ef80f2b 100644 --- a/src/App/DKIM.purs +++ b/src/App/DKIM.purs @@ -37,8 +37,8 @@ emptyDKIMRR = { v: Nothing, k: Just RSA, h: Just SHA256, p: "", n: Nothing } -- of "foo.bar", the DNS query will be for -- "foo.bar._domainkey.example.com". -data HashingAlgorithm = SHA1 | SHA256 -hash_algos = ["sha1", "sha256"] :: Array String +data HashingAlgorithm = {- SHA1 | -} SHA256 +hash_algos = [ {- "sha1", -} SHA256] :: Array HashingAlgorithm -- | Codec for just encoding a single value of type `HashingAlgorithm`. codecHashingAlgorithm :: CA.JsonCodec HashingAlgorithm @@ -46,17 +46,17 @@ codecHashingAlgorithm = CA.prismaticCodec "HashingAlgorithm" str_to_hashing_algo str_to_hashing_algorithm :: String -> Maybe HashingAlgorithm str_to_hashing_algorithm = case _ of - "sha1" -> Just SHA1 + -- "sha1" -> Just SHA1 "sha256" -> Just SHA256 _ -> Nothing show_hashing_algorithm :: HashingAlgorithm -> String show_hashing_algorithm = case _ of - SHA1 -> "sha1" + -- SHA1 -> "sha1" SHA256 -> "sha256" data SignatureAlgorithm = RSA -sign_algos = ["rsa"] :: Array String +sign_algos = [RSA] :: Array SignatureAlgorithm -- | Codec for just encoding a single value of type `SignatureAlgorithm`. codecSignatureAlgorithm :: CA.JsonCodec SignatureAlgorithm diff --git a/src/App/Text/Explanations.purs b/src/App/Text/Explanations.purs index f83ae3f..6b867d3 100644 --- a/src/App/Text/Explanations.purs +++ b/src/App/Text/Explanations.purs @@ -8,7 +8,21 @@ dkim_introduction = DKIM is a way to share a public signature key for the domain. This allows emails to be signed by the sender, and for the receiver to prove the origin of the mail. """ - , Bulma.p """ + , HH.p [] + [ HH.text """ + Default name is fine, change it only if you know what you are doing. + For the configuration of your mail server, remember that your + """ + , HH.u_ [HH.text "selector"] + , HH.text " is " + , Bulma.strong "default" + , HH.text "." + ] + ] + +dkim_default_algorithms :: forall w i. Array (HH.HTML w i) +dkim_default_algorithms = + [ Bulma.p """ Default values should be fine (RSA + SHA256), change them only if you know what you are doing. Just enter your public key. """ diff --git a/src/App/ZoneInterface.purs b/src/App/ZoneInterface.purs index 1974bd5..6ee83e3 100644 --- a/src/App/ZoneInterface.purs +++ b/src/App/ZoneInterface.purs @@ -465,13 +465,14 @@ render state (show state._currentRR.ttl) should_be_disabled , Bulma.hr + , Bulma.div_content [Bulma.explanation Explanations.dkim_default_algorithms] , Bulma.selection_field "idDKIMSignature" "Signature algo" DKIM_sign_algo - DKIM.sign_algos + (map DKIM.show_signature_algorithm DKIM.sign_algos) (DKIM.show_signature_algorithm $ fromMaybe DKIM.RSA state.dkim.k) , Bulma.selection_field "idDKIMHash" "Hash algo" DKIM_hash_algo - DKIM.hash_algos + (map DKIM.show_hashing_algorithm DKIM.hash_algos) (DKIM.show_hashing_algorithm $ fromMaybe DKIM.SHA256 state.dkim.h) , Bulma.box_input "pkDKIM" "Public Key" "Your public key, such as 'MIIBIjANBgqh...'" DKIM_pubkey state.dkim.p should_be_disabled @@ -560,6 +561,11 @@ handleAction = case _ of -- In case the `name` part of the resource record is empty, consider the name to be the domain itself. H.modify_ \s -> s { _currentRR = replace_name s._domain s._currentRR } + -- TODO: should the code design change? Would the code be simplified by working only on _currentRR.dkim? + _ <- case t of + DKIM -> H.modify_ \state -> state { _currentRR { dkim = Just state.dkim } } + _ -> pure unit + state <- H.get case Validation.validation state._currentRR of Left actual_errors -> do @@ -567,7 +573,7 @@ handleAction = case _ of -- loopE (\v -> H.raise $ Log $ ErrorLog $ "==> " <> show_error v) actual_errors H.modify_ _ { _currentRR_errors = actual_errors } Right newrr -> do - H.modify_ _ { _currentRR_errors = [] } + H.modify_ _ { _currentRR_errors = [], dkim = DKIM.emptyDKIMRR } handleAction $ AddRR t newrr handleAction CancelModal @@ -669,14 +675,12 @@ handleAction = case _ of v -> Just v H.modify_ _ { _currentRR { modifiers = new_value }} - DKIM_hash_algo v -> H.modify_ _ { dkim { h = mod_dkim_h v } } - DKIM_sign_algo v -> H.modify_ _ { dkim { k = mod_dkim_k v } } - DKIM_pubkey v -> H.modify_ _ { dkim { p = v } } - DKIM_note v -> H.modify_ _ { dkim { n = Just v } } + DKIM_hash_algo v -> H.modify_ _ { dkim { h = DKIM.hash_algos A.!! v } } + DKIM_sign_algo v -> H.modify_ _ { dkim { k = DKIM.sign_algos A.!! v } } + DKIM_pubkey v -> H.modify_ _ { dkim { p = v } } + DKIM_note v -> H.modify_ _ { dkim { n = Just v } } where - mod_dkim_h v = DKIM.str_to_hashing_algorithm $ fromMaybe "sha256" $ DKIM.hash_algos A.!! v - mod_dkim_k v = DKIM.str_to_signature_algorithm $ fromMaybe "rsa" $ DKIM.sign_algos A.!! v -- In case the `name` part of the resource record is empty replace it with the domain name. replace_name domain rr = case rr.name of "" -> rr { name = domain <> "." }