Mail::DKIM::Algorithm::Base - base class for DKIM "algorithms"

Mail-DKIM documentation Contained in the Mail-DKIM distribution.

Index

Code Index:

NAME

Top

Mail::DKIM::Algorithm::Base - base class for DKIM "algorithms"

SYNOPSIS

Top

  my $algorithm = new Mail::DKIM::Algorithm::rsa_sha1(
                      Signature => $dkim_signature
                  );

  # add headers
  $algorithm->add_header("Subject: this is the subject\015\012");
  $algorithm->finish_header;

  # add body
  $algorithm->add_body("This is the body.\015\012");
  $algorithm->add_body("Another line of the body.\015\012");
  $algorithm->finish_body;

  # now sign or verify...
  # TODO...

CONSTRUCTOR

Top

You should not create an object of this class directly. Instead, use one of the DKIM algorithm implementation classes, such as rsa_sha1:

  my $algorithm = new Mail::DKIM::Algorithm::rsa_sha1(
                      Signature => $dkim_signature
                  );

METHODS

Top

add_body() - feeds part of the body into the algorithm/canonicalization

  $algorithm->add_body("This is the body.\015\012");
  $algorithm->add_body("Another line of the body.\015\012");

The body should be fed one "line" at a time.

add_header() - feeds a header field into the algorithm/canonicalization

  $algorithm->add_header("Subject: this is the subject\015\012");

The header must start with the header field name and continue through any folded lines (including the embedded <CRLF> sequences). It terminates with the <CRLF> at the end of the header field.

finish_body() - signals the end of the message body

  $algorithm->finish_body

Call this method when all lines from the body have been submitted. After calling this method, use sign() or verify() to get the results from the algorithm.

finish_header() - signals the end of the header field block

  $algorithm->finish_header;

Call this method when all the headers have been submitted.

sign() - generates a signature using a private key

  $base64 = $algorithm->sign($private_key);

signature() - get/set the signature worked on by this algorithm

  my $old_signature = $algorithm->signature;
  $algorithm->signature($new_signature);

verify() - verifies a signature

  $result = $algorithm->verify();

Must be called after finish_body().

The result is a true/false value: true indicates the signature data is valid, false indicates it is invalid.

For an invalid signature, details may be obtained from $algorithm->{verification_details} or $@.

SEE ALSO

Top

Mail::DKIM

AUTHOR

Top

Jason Long, <jlong@messiah.edu>

COPYRIGHT AND LICENSE

Top

Copyright (C) 2005-2007 by Messiah College

This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself, either Perl version 5.8.6 or, at your option, any later version of Perl 5 you may have available.

Mail-DKIM documentation Contained in the Mail-DKIM distribution. 
#!/usr/bin/perl

# Copyright 2005-2007 Messiah College. All rights reserved.
# Jason Long <jlong@messiah.edu>

# Copyright (c) 2004 Anthony D. Urso. All rights reserved.
# This program is free software; you can redistribute it and/or
# modify it under the same terms as Perl itself.

use strict;
use warnings;

use Mail::DKIM::Canonicalization::nowsp;
use Mail::DKIM::Canonicalization::relaxed;
use Mail::DKIM::Canonicalization::simple;

package Mail::DKIM::Algorithm::Base;
use Carp;
use MIME::Base64;

sub new
{
	my $class = shift;
	my %args = @_;
	my $self = bless \%args, $class;
	$self->init;
	return $self;
}

sub init
{
	my $self = shift;

	croak "no signature" unless $self->{Signature};

	$self->{mode} = $self->{Signature}->signature ? "verify" : "sign";

	# allows subclasses to set the header_digest and body_digest
	# properties
	$self->init_digests;

	my ($header_method, $body_method)
		= $self->{Signature}->canonicalization;

	my $header_class = $self->get_canonicalization_class($header_method);
	my $body_class = $self->get_canonicalization_class($body_method);
	$self->{canon} = $header_class->new(
			output_digest => $self->{header_digest},
			Signature => $self->{Signature},
			Debug_Canonicalization => $self->{Debug_Canonicalization});
	$self->{body_canon} = $body_class->new(
			output_digest => $self->{body_digest},
			Signature => $self->{Signature},
			Debug_Canonicalization => $self->{Debug_Canonicalization});
}

# override this method, please...
# this method should set the "header_digest" and "body_digest" properties
sub init_digests
{
	die "not implemented";
}

# private method - DKIM-specific
sub get_canonicalization_class
{
	my $self = shift;
	croak "wrong number of arguments" unless (@_ == 1);
	my ($method) = @_;

	my $class = $method eq "nowsp" ? "Mail::DKIM::Canonicalization::nowsp" :
			$method eq "relaxed" ? "Mail::DKIM::Canonicalization::relaxed" :
			$method eq "simple" ? "Mail::DKIM::Canonicalization::simple" :
		die "unknown method $method\n";
	return $class;
}


sub add_body
{
	my $self = shift;
	my $canon = $self->{body_canon} || $self->{canon};
	$canon->add_body(@_);
}


sub add_header
{
	my $self = shift;
	$self->{canon}->add_header(@_);
}


sub finish_body
{
	my $self = shift;
	my $body_canon = $self->{body_canon} || $self->{canon};
	$body_canon->finish_body;
	$self->finish_message;
}


sub finish_header
{
	my $self = shift;
	$self->{canon}->finish_header(@_);
}

# checks the bh= tag of the signature to see if it has the same body
# hash as computed by canonicalizing/digesting the actual message body.
# If it doesn't match, a false value is returned, and the
# verification_details property is set to "body has been altered"
sub check_body_hash
{
	my $self = shift;

	# The body_hash value is set in finish_message(), if we're operating
	# from a version of the DKIM spec that uses the bh= tag. Otherwise,
	# the signature shouldn't have a bh= tag to check.

	if ($self->{body_hash})
	{
		my $body_hash = $self->{body_hash};
		my $expected = decode_base64($self->{Signature}->body_hash);
		if ($body_hash ne $expected)
		{
			$self->{verification_details} = "body has been altered";
	#		print STDERR "I calculated  "
	#			. encode_base64($body_hash, "") . "\n";
	#		print STDERR "signature has "
	#			. encode_base64($expected, "") . "\n";
			return;
		}
	}
	return 1;
}

sub finish_message
{
	my $self = shift;

	# DKIM requires the signature itself to be committed into the digest.
	# But first, we need to set the bh= tag on the signature, then
	# "prettify" it.

	$self->{body_hash} = $self->{body_digest}->digest;
	if ($self->{mode} eq "sign")
	{
		$self->{Signature}->body_hash(
				encode_base64($self->{body_hash}, ""));
	}

	if ($self->{mode} eq "sign")
	{
		$self->{Signature}->prettify;
	}

	my $sig_line = $self->{Signature}->as_string_without_data;
	my $canonicalized = $self->{canon}->canonicalize_header($sig_line);

	$self->{canon}->output($canonicalized);
}


# override this method, please...
sub sign
{
	die "Not implemented";
}


sub signature
{
	my $self = shift;
	@_ and
		$self->{Signature} = shift;
	return $self->{Signature};
}


# override this method, please...
sub verify
{
	die "Not implemented";
}

1;

__END__