add dkimHeader struct
This commit is contained in:
Stéphane Depierrepont aka Toorop
182
dkimHeader.go
Normal file
182
dkimHeader.go
Normal file
@@ -0,0 +1,182 @@
|
||||
package dkim
|
||||
|
||||
import (
|
||||
"time"
|
||||
)
|
||||
|
||||
type DkimHeader struct {
|
||||
// Version This tag defines the version of DKIM
|
||||
// specification that applies to the signature record.
|
||||
// tag v
|
||||
Version string
|
||||
|
||||
// The algorithm used to generate the signature..
|
||||
// Verifiers MUST support "rsa-sha1" and "rsa-sha256";
|
||||
// Signers SHOULD sign using "rsa-sha256".
|
||||
// tag a
|
||||
Algorithm string
|
||||
|
||||
// The signature data (base64).
|
||||
// Whitespace is ignored in this value and MUST be
|
||||
// ignored when reassembling the original signature.
|
||||
// In particular, the signing process can safely insert
|
||||
// FWS in this value in arbitrary places to conform to line-length
|
||||
// limits.
|
||||
// tag b
|
||||
SignatureData string
|
||||
|
||||
// The hash of the canonicalized body part of the message as
|
||||
// limited by the "l=" tag (base64; REQUIRED).
|
||||
// Whitespace is ignored in this value and MUST be ignored when reassembling the original
|
||||
// signature. In particular, the signing process can safely insert
|
||||
// FWS in this value in arbitrary places to conform to line-length
|
||||
// limits.
|
||||
// tag bh
|
||||
BodyHash string
|
||||
|
||||
// Message canonicalization (plain-text; OPTIONAL, default is
|
||||
//"simple/simple"). This tag informs the Verifier of the type of
|
||||
// canonicalization used to prepare the message for signing. It
|
||||
// consists of two names separated by a "slash" (%d47) character,
|
||||
// corresponding to the header and body canonicalization algorithms,
|
||||
// respectively. These algorithms are described in Section 3.4. If
|
||||
// only one algorithm is named, that algorithm is used for the header
|
||||
// and "simple" is used for the body. For example, "c=relaxed" is
|
||||
// treated the same as "c=relaxed/simple".
|
||||
// tag c
|
||||
MessageCanonicalization string
|
||||
|
||||
// The SDID claiming responsibility for an introduction of a message
|
||||
// into the mail stream (plain-text; REQUIRED). Hence, the SDID
|
||||
// value is used to form the query for the public key. The SDID MUST
|
||||
// correspond to a valid DNS name under which the DKIM key record is
|
||||
// published. The conventions and semantics used by a Signer to
|
||||
// create and use a specific SDID are outside the scope of this
|
||||
// specification, as is any use of those conventions and semantics.
|
||||
// When presented with a signature that does not meet these
|
||||
// requirements, Verifiers MUST consider the signature invalid.
|
||||
// Internationalized domain names MUST be encoded as A-labels, as
|
||||
// described in Section 2.3 of [RFC5890].
|
||||
// tag d
|
||||
Domain string
|
||||
|
||||
// Signed header fields (plain-text, but see description; REQUIRED).
|
||||
// A colon-separated list of header field names that identify the
|
||||
// header fields presented to the signing algorithm. The field MUST
|
||||
// contain the complete list of header fields in the order presented
|
||||
// to the signing algorithm. The field MAY contain names of header
|
||||
// fields that do not exist when signed; nonexistent header fields do
|
||||
// not contribute to the signature computation (that is, they are
|
||||
// treated as the null input, including the header field name, the
|
||||
// separating colon, the header field value, and any CRLF
|
||||
// terminator). The field MAY contain multiple instances of a header
|
||||
// field name, meaning multiple occurrences of the corresponding
|
||||
// header field are included in the header hash. The field MUST NOT
|
||||
// include the DKIM-Signature header field that is being created or
|
||||
// verified but may include others. Folding whitespace (FWS) MAY be
|
||||
// included on either side of the colon separator. Header field
|
||||
// names MUST be compared against actual header field names in a
|
||||
// case-insensitive manner. This list MUST NOT be empty. See
|
||||
// Section 5.4 for a discussion of choosing header fields to sign and
|
||||
// Section 5.4.2 for requirements when signing multiple instances of
|
||||
// a single field.
|
||||
// tag h
|
||||
Headers []string
|
||||
|
||||
// The Agent or User Identifier (AUID) on behalf of which the SDID is
|
||||
// taking responsibility (dkim-quoted-printable; OPTIONAL, default is
|
||||
// an empty local-part followed by an "@" followed by the domain from
|
||||
// the "d=" tag).
|
||||
// The syntax is a standard email address where the local-part MAY be
|
||||
// omitted. The domain part of the address MUST be the same as, or a
|
||||
// subdomain of, the value of the "d=" tag.
|
||||
// Internationalized domain names MUST be encoded as A-labels, as
|
||||
// described in Section 2.3 of [RFC5890].
|
||||
// tag i
|
||||
Auid string
|
||||
|
||||
// Body length count (plain-text unsigned decimal integer; OPTIONAL,
|
||||
// default is entire body). This tag informs the Verifier of the
|
||||
// number of octets in the body of the email after canonicalization
|
||||
// included in the cryptographic hash, starting from 0 immediately
|
||||
// following the CRLF preceding the body. This value MUST NOT be
|
||||
// larger than the actual number of octets in the canonicalized
|
||||
// message body. See further discussion in Section 8.2.
|
||||
// tag l
|
||||
BodyLength uint
|
||||
|
||||
// A colon-separated list of query methods used to retrieve the
|
||||
// public key (plain-text; OPTIONAL, default is "dns/txt"). Each
|
||||
// query method is of the form "type[/options]", where the syntax and
|
||||
// semantics of the options depend on the type and specified options.
|
||||
// If there are multiple query mechanisms listed, the choice of query
|
||||
// mechanism MUST NOT change the interpretation of the signature.
|
||||
// Implementations MUST use the recognized query mechanisms in the
|
||||
// order presented. Unrecognized query mechanisms MUST be ignored.
|
||||
// Currently, the only valid value is "dns/txt", which defines the
|
||||
// DNS TXT resource record (RR) lookup algorithm described elsewhere
|
||||
// in this document. The only option defined for the "dns" query
|
||||
// type is "txt", which MUST be included. Verifiers and Signers MUST
|
||||
// support "dns/txt".
|
||||
// tag q
|
||||
QueryMethods []string
|
||||
|
||||
// The selector subdividing the namespace for the "d=" (domain) tag
|
||||
// (plain-text; REQUIRED).
|
||||
// Internationalized selector names MUST be encoded as A-labels, as
|
||||
// described in Section 2.3 of [RFC5890].
|
||||
// tag s
|
||||
Selector string
|
||||
|
||||
// Signature Timestamp (plain-text unsigned decimal integer;
|
||||
// RECOMMENDED, default is an unknown creation time). The time that
|
||||
// this signature was created. The format is the number of seconds
|
||||
// since 00:00:00 on January 1, 1970 in the UTC time zone. The value
|
||||
// is expressed as an unsigned integer in decimal ASCII. This value
|
||||
// is not constrained to fit into a 31- or 32-bit integer.
|
||||
// Implementations SHOULD be prepared to handle values up to at least
|
||||
// 10^12 (until approximately AD 200,000; this fits into 40 bits).
|
||||
// To avoid denial-of-service attacks, implementations MAY consider
|
||||
// any value longer than 12 digits to be infinite. Leap seconds are
|
||||
// not counted. Implementations MAY ignore signatures that have a
|
||||
// timestamp in the future.
|
||||
// tag t
|
||||
SignatureTimestamp time.Time
|
||||
|
||||
// Signature Expiration (plain-text unsigned decimal integer;
|
||||
// RECOMMENDED, default is no expiration). The format is the same as
|
||||
// in the "t=" tag, represented as an absolute date, not as a time
|
||||
// delta from the signing timestamp. The value is expressed as an
|
||||
// unsigned integer in decimal ASCII, with the same constraints on
|
||||
// the value in the "t=" tag. Signatures MAY be considered invalid
|
||||
// if the verification time at the Verifier is past the expiration
|
||||
// date. The verification time should be the time that the message
|
||||
// was first received at the administrative domain of the Verifier if
|
||||
// that time is reliably available; otherwise, the current time
|
||||
// should be used. The value of the "x=" tag MUST be greater than
|
||||
// the value of the "t=" tag if both are present.
|
||||
//tag x
|
||||
SignatureExpiration time.Time
|
||||
|
||||
// Copied header fields (dkim-quoted-printable, but see description;
|
||||
// OPTIONAL, default is null). A vertical-bar-separated list of
|
||||
// selected header fields present when the message was signed,
|
||||
// including both the field name and value. It is not required to
|
||||
// include all header fields present at the time of signing. This
|
||||
// field need not contain the same header fields listed in the "h="
|
||||
// tag. The header field text itself must encode the vertical bar
|
||||
// ("|", %x7C) character (i.e., vertical bars in the "z=" text are
|
||||
// meta-characters, and any actual vertical bar characters in a
|
||||
// copied header field must be encoded). Note that all whitespace
|
||||
// must be encoded, including whitespace between the colon and the
|
||||
// header field value. After encoding, FWS MAY be added at arbitrary
|
||||
// locations in order to avoid excessively long lines; such
|
||||
// whitespace is NOT part of the value of the header field and MUST
|
||||
// be removed before decoding.
|
||||
// The header fields referenced by the "h=" tag refer to the fields
|
||||
// in the [RFC5322] header of the message, not to any copied fields
|
||||
// in the "z=" tag. Copied header field values are for diagnostic
|
||||
// use.
|
||||
// tag z
|
||||
CopiedHeaderFileds []string
|
||||
}
|
||||
Reference in New Issue
Block a user