WIP: DKIM: ban SHA1, code simplification, explanation of default values.
This commit is contained in:
parent
682746141a
commit
462351f32f
@ -37,8 +37,8 @@ emptyDKIMRR = { v: Nothing, k: Just RSA, h: Just SHA256, p: "", n: Nothing }
|
|||||||
-- of "foo.bar", the DNS query will be for
|
-- of "foo.bar", the DNS query will be for
|
||||||
-- "foo.bar._domainkey.example.com".
|
-- "foo.bar._domainkey.example.com".
|
||||||
|
|
||||||
data HashingAlgorithm = SHA1 | SHA256
|
data HashingAlgorithm = {- SHA1 | -} SHA256
|
||||||
hash_algos = ["sha1", "sha256"] :: Array String
|
hash_algos = [ {- "sha1", -} SHA256] :: Array HashingAlgorithm
|
||||||
|
|
||||||
-- | Codec for just encoding a single value of type `HashingAlgorithm`.
|
-- | Codec for just encoding a single value of type `HashingAlgorithm`.
|
||||||
codecHashingAlgorithm :: CA.JsonCodec HashingAlgorithm
|
codecHashingAlgorithm :: CA.JsonCodec HashingAlgorithm
|
||||||
@ -46,17 +46,17 @@ codecHashingAlgorithm = CA.prismaticCodec "HashingAlgorithm" str_to_hashing_algo
|
|||||||
|
|
||||||
str_to_hashing_algorithm :: String -> Maybe HashingAlgorithm
|
str_to_hashing_algorithm :: String -> Maybe HashingAlgorithm
|
||||||
str_to_hashing_algorithm = case _ of
|
str_to_hashing_algorithm = case _ of
|
||||||
"sha1" -> Just SHA1
|
-- "sha1" -> Just SHA1
|
||||||
"sha256" -> Just SHA256
|
"sha256" -> Just SHA256
|
||||||
_ -> Nothing
|
_ -> Nothing
|
||||||
|
|
||||||
show_hashing_algorithm :: HashingAlgorithm -> String
|
show_hashing_algorithm :: HashingAlgorithm -> String
|
||||||
show_hashing_algorithm = case _ of
|
show_hashing_algorithm = case _ of
|
||||||
SHA1 -> "sha1"
|
-- SHA1 -> "sha1"
|
||||||
SHA256 -> "sha256"
|
SHA256 -> "sha256"
|
||||||
|
|
||||||
data SignatureAlgorithm = RSA
|
data SignatureAlgorithm = RSA
|
||||||
sign_algos = ["rsa"] :: Array String
|
sign_algos = [RSA] :: Array SignatureAlgorithm
|
||||||
|
|
||||||
-- | Codec for just encoding a single value of type `SignatureAlgorithm`.
|
-- | Codec for just encoding a single value of type `SignatureAlgorithm`.
|
||||||
codecSignatureAlgorithm :: CA.JsonCodec SignatureAlgorithm
|
codecSignatureAlgorithm :: CA.JsonCodec SignatureAlgorithm
|
||||||
|
|||||||
@ -8,7 +8,21 @@ dkim_introduction =
|
|||||||
DKIM is a way to share a public signature key for the domain.
|
DKIM is a way to share a public signature key for the domain.
|
||||||
This allows emails to be signed by the sender, and for the receiver to prove the origin of the mail.
|
This allows emails to be signed by the sender, and for the receiver to prove the origin of the mail.
|
||||||
"""
|
"""
|
||||||
, Bulma.p """
|
, HH.p []
|
||||||
|
[ HH.text """
|
||||||
|
Default name is fine, change it only if you know what you are doing.
|
||||||
|
For the configuration of your mail server, remember that your
|
||||||
|
"""
|
||||||
|
, HH.u_ [HH.text "selector"]
|
||||||
|
, HH.text " is "
|
||||||
|
, Bulma.strong "default"
|
||||||
|
, HH.text "."
|
||||||
|
]
|
||||||
|
]
|
||||||
|
|
||||||
|
dkim_default_algorithms :: forall w i. Array (HH.HTML w i)
|
||||||
|
dkim_default_algorithms =
|
||||||
|
[ Bulma.p """
|
||||||
Default values should be fine (RSA + SHA256), change them only if you know what you are doing.
|
Default values should be fine (RSA + SHA256), change them only if you know what you are doing.
|
||||||
Just enter your public key.
|
Just enter your public key.
|
||||||
"""
|
"""
|
||||||
|
|||||||
@ -465,13 +465,14 @@ render state
|
|||||||
(show state._currentRR.ttl)
|
(show state._currentRR.ttl)
|
||||||
should_be_disabled
|
should_be_disabled
|
||||||
, Bulma.hr
|
, Bulma.hr
|
||||||
|
, Bulma.div_content [Bulma.explanation Explanations.dkim_default_algorithms]
|
||||||
, Bulma.selection_field "idDKIMSignature" "Signature algo"
|
, Bulma.selection_field "idDKIMSignature" "Signature algo"
|
||||||
DKIM_sign_algo
|
DKIM_sign_algo
|
||||||
DKIM.sign_algos
|
(map DKIM.show_signature_algorithm DKIM.sign_algos)
|
||||||
(DKIM.show_signature_algorithm $ fromMaybe DKIM.RSA state.dkim.k)
|
(DKIM.show_signature_algorithm $ fromMaybe DKIM.RSA state.dkim.k)
|
||||||
, Bulma.selection_field "idDKIMHash" "Hash algo"
|
, Bulma.selection_field "idDKIMHash" "Hash algo"
|
||||||
DKIM_hash_algo
|
DKIM_hash_algo
|
||||||
DKIM.hash_algos
|
(map DKIM.show_hashing_algorithm DKIM.hash_algos)
|
||||||
(DKIM.show_hashing_algorithm $ fromMaybe DKIM.SHA256 state.dkim.h)
|
(DKIM.show_hashing_algorithm $ fromMaybe DKIM.SHA256 state.dkim.h)
|
||||||
, Bulma.box_input "pkDKIM" "Public Key" "Your public key, such as 'MIIBIjANBgqh...'"
|
, Bulma.box_input "pkDKIM" "Public Key" "Your public key, such as 'MIIBIjANBgqh...'"
|
||||||
DKIM_pubkey state.dkim.p should_be_disabled
|
DKIM_pubkey state.dkim.p should_be_disabled
|
||||||
@ -560,6 +561,11 @@ handleAction = case _ of
|
|||||||
-- In case the `name` part of the resource record is empty, consider the name to be the domain itself.
|
-- In case the `name` part of the resource record is empty, consider the name to be the domain itself.
|
||||||
H.modify_ \s -> s { _currentRR = replace_name s._domain s._currentRR }
|
H.modify_ \s -> s { _currentRR = replace_name s._domain s._currentRR }
|
||||||
|
|
||||||
|
-- TODO: should the code design change? Would the code be simplified by working only on _currentRR.dkim?
|
||||||
|
_ <- case t of
|
||||||
|
DKIM -> H.modify_ \state -> state { _currentRR { dkim = Just state.dkim } }
|
||||||
|
_ -> pure unit
|
||||||
|
|
||||||
state <- H.get
|
state <- H.get
|
||||||
case Validation.validation state._currentRR of
|
case Validation.validation state._currentRR of
|
||||||
Left actual_errors -> do
|
Left actual_errors -> do
|
||||||
@ -567,7 +573,7 @@ handleAction = case _ of
|
|||||||
-- loopE (\v -> H.raise $ Log $ ErrorLog $ "==> " <> show_error v) actual_errors
|
-- loopE (\v -> H.raise $ Log $ ErrorLog $ "==> " <> show_error v) actual_errors
|
||||||
H.modify_ _ { _currentRR_errors = actual_errors }
|
H.modify_ _ { _currentRR_errors = actual_errors }
|
||||||
Right newrr -> do
|
Right newrr -> do
|
||||||
H.modify_ _ { _currentRR_errors = [] }
|
H.modify_ _ { _currentRR_errors = [], dkim = DKIM.emptyDKIMRR }
|
||||||
handleAction $ AddRR t newrr
|
handleAction $ AddRR t newrr
|
||||||
handleAction CancelModal
|
handleAction CancelModal
|
||||||
|
|
||||||
@ -669,14 +675,12 @@ handleAction = case _ of
|
|||||||
v -> Just v
|
v -> Just v
|
||||||
H.modify_ _ { _currentRR { modifiers = new_value }}
|
H.modify_ _ { _currentRR { modifiers = new_value }}
|
||||||
|
|
||||||
DKIM_hash_algo v -> H.modify_ _ { dkim { h = mod_dkim_h v } }
|
DKIM_hash_algo v -> H.modify_ _ { dkim { h = DKIM.hash_algos A.!! v } }
|
||||||
DKIM_sign_algo v -> H.modify_ _ { dkim { k = mod_dkim_k v } }
|
DKIM_sign_algo v -> H.modify_ _ { dkim { k = DKIM.sign_algos A.!! v } }
|
||||||
DKIM_pubkey v -> H.modify_ _ { dkim { p = v } }
|
DKIM_pubkey v -> H.modify_ _ { dkim { p = v } }
|
||||||
DKIM_note v -> H.modify_ _ { dkim { n = Just v } }
|
DKIM_note v -> H.modify_ _ { dkim { n = Just v } }
|
||||||
|
|
||||||
where
|
where
|
||||||
mod_dkim_h v = DKIM.str_to_hashing_algorithm $ fromMaybe "sha256" $ DKIM.hash_algos A.!! v
|
|
||||||
mod_dkim_k v = DKIM.str_to_signature_algorithm $ fromMaybe "rsa" $ DKIM.sign_algos A.!! v
|
|
||||||
-- In case the `name` part of the resource record is empty replace it with the domain name.
|
-- In case the `name` part of the resource record is empty replace it with the domain name.
|
||||||
replace_name domain rr = case rr.name of
|
replace_name domain rr = case rr.name of
|
||||||
"" -> rr { name = domain <> "." }
|
"" -> rr { name = domain <> "." }
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user