#499: Expose finer-grained DKIM configuration through the builder api and disable 'l-param' by default

Author: bbottema

modules/core-module/src/main/java/org/simplejavamail/api/email/EmailPopulatingBuilder.java

@@ -1228,6 +1228,8 @@ public interface EmailPopulatingBuilder {
 	 * Primes this email for signing with a DKIM domain key. Actual signing is done when sending using a <code>Mailer</code>.
 	 * <p>
 	 * <strong>Note:</strong> this only works in combination with the {@value org.simplejavamail.internal.modules.DKIMModule#NAME}.
+	 * <p>
+	 * <strong>Note:</strong> for more fine-grained control over the DKIM signing process, use {@link #signWithDomainKey(DkimConfig)} instead.
 	 *
 	 * @param dkimPrivateKey                            De key content used to sign for the sending party.
 	 * @param signingDomain                             The domain being authorized to send.
@@ -1245,6 +1247,10 @@ public interface EmailPopulatingBuilder {
 	EmailPopulatingBuilder signWithDomainKey(byte@NotNull[] dkimPrivateKey, @NotNull String signingDomain, @NotNull String dkimSelector, @Nullable Set<String> excludedHeadersFromDkimDefaultSigningList);
 
 	/**
+	 * Allows for more customization of the DKIM signing process by providing a {@link DkimConfig} instance. Added config includes: <em>useLengthParam</em>,
+	 * <em>signingAlgorithm</em>, <em>headerCanonicalization</em> and <em>bodyCanonicalizationAlgorithm</em>.
+	 *
+	 * @see DkimConfig
 	 * @see #signWithDomainKey(byte[], String, String, Set)
 	 */
 	@Cli.ExcludeApi(reason = "delegated method is an identical api from CLI point of view")

modules/core-module/src/main/java/org/simplejavamail/api/email/config/DkimConfig.java

@@ -3,6 +3,7 @@
 import org.jetbrains.annotations.NotNull;
 import org.jetbrains.annotations.Nullable;
 import org.simplejavamail.api.email.ContentTransferEncoding;
+import org.simplejavamail.api.email.config.DkimConfig;
 import org.simplejavamail.api.mailer.config.LoadBalancingStrategy;
 import org.simplejavamail.api.mailer.config.TransportStrategy;
 import org.simplejavamail.internal.util.SimpleConversions;
@@ -85,7 +86,11 @@
  * <li>simplejavamail.dkim.signing.private_key_file_or_data</li>
  * <li>simplejavamail.dkim.signing.selector</li>
  * <li>simplejavamail.dkim.signing.signing_domain</li>
+ * <li>simplejavamail.dkim.signing.use_length_param</li>
  * <li>simplejavamail.dkim.signing.excluded_headers_from_default_signing_list</li>
+ * <li>simplejavamail.dkim.signing.header_canonicalization</li>
+ * <li>simplejavamail.dkim.signing.body_canonicalization</li>
+ * <li>simplejavamail.dkim.signing.algorithm</li>
  * <li>simplejavamail.embeddedimages.dynamicresolution.enable.dir</li>
  * <li>simplejavamail.embeddedimages.dynamicresolution.enable.url</li>
  * <li>simplejavamail.embeddedimages.dynamicresolution.enable.classpath</li>
@@ -184,7 +189,11 @@ public enum Property {
 		DKIM_PRIVATE_KEY_FILE_OR_DATA("simplejavamail.dkim.signing.private_key_file_or_data"),
 		DKIM_SELECTOR("simplejavamail.dkim.signing.selector"),
 		DKIM_SIGNING_DOMAIN("simplejavamail.dkim.signing.signing_domain"),
+		DKIM_SIGNING_USE_LENGTH_PARAM("simplejavamail.dkim.signing.use_length_param"),
 		DKIM_EXCLUDED_HEADERS_FROM_DEFAULT_SIGNING_LIST("simplejavamail.dkim.signing.excluded_headers_from_default_signing_list"),
+		DKIM_SIGNING_HEADER_CANONICALIZATION("simplejavamail.dkim.signing.header_canonicalization"),
+		DKIM_SIGNING_BODY_CANONICALIZATION("simplejavamail.dkim.signing.body_canonicalization"),
+		DKIM_SIGNING_ALGORITHM("simplejavamail.dkim.signing.algorithm"),
 		SMIME_ENCRYPTION_CERTIFICATE("simplejavamail.smime.encryption.certificate"),
 		EMBEDDEDIMAGES_DYNAMICRESOLUTION_ENABLE_DIR("simplejavamail.embeddedimages.dynamicresolution.enable.dir"),
 		EMBEDDEDIMAGES_DYNAMICRESOLUTION_ENABLE_CLASSPATH("simplejavamail.embeddedimages.dynamicresolution.enable.classpath"),
@@ -471,6 +480,12 @@ static Object parsePropertyValue(final @Nullable String propertyValue) {
 		} catch (final IllegalArgumentException nfe2) {
 			// ok, so not a ContentTransferEncoding either
 		}
+		// read ContentTransferEncoding value
+		try {
+			return DkimConfig.Canonicalization.valueOf(propertyValue);
+		} catch (final IllegalArgumentException nfe2) {
+			// ok, so not a Canonicalization either
+		}
 		// read LoadBalancingStrategy value
 		try {
 			return LoadBalancingStrategy.valueOf(propertyValue);

modules/core-module/src/main/java/org/simplejavamail/config/ConfigLoader.java

@@ -8,7 +8,6 @@
 import org.simplejavamail.api.email.config.DkimConfig;
 import org.simplejavamail.internal.modules.DKIMModule;
 import org.simplejavamail.utils.mail.dkim.Canonicalization;
-import org.simplejavamail.utils.mail.dkim.DkimMessage;
 import org.simplejavamail.utils.mail.dkim.DkimSigner;
 import org.simplejavamail.utils.mail.dkim.SigningAlgorithm;
 import org.slf4j.Logger;
@@ -21,6 +20,9 @@
 import java.util.Collections;
 
 import static org.simplejavamail.internal.util.MiscUtil.defaultTo;
+import static org.simplejavamail.utils.mail.dkim.Canonicalization.RELAXED;
+import static org.simplejavamail.utils.mail.dkim.Canonicalization.SIMPLE;
+import static org.simplejavamail.utils.mail.dkim.SigningAlgorithm.SHA256_WITH_RSA;
 
 /**
  * This class only serves to hide the DKIM implementation behind an easy-to-load-with-reflection class.
@@ -41,10 +43,10 @@ public MimeMessage signMessageWithDKIM(@NotNull Email email, @NotNull final Mime
 			defaultTo(dkimConfig.getExcludedHeadersFromDkimDefaultSigningList(), Collections.<String>emptySet())
 					.forEach(dkimSigner::removeHeaderToSign);
 			dkimSigner.setIdentity(fromRecipient.getAddress());
-			dkimSigner.setHeaderCanonicalization(Canonicalization.RELAXED);
-			dkimSigner.setBodyCanonicalization(Canonicalization.RELAXED);
-			dkimSigner.setSigningAlgorithm(SigningAlgorithm.SHA256_WITH_RSA);
-			dkimSigner.setLengthParam(true);
+			dkimSigner.setHeaderCanonicalization(mapToNativeCanonicalization(defaultTo(dkimConfig.getHeaderCanonicalization(), DkimConfig.Canonicalization.RELAXED)));
+			dkimSigner.setBodyCanonicalization(mapToNativeCanonicalization(defaultTo(dkimConfig.getBodyCanonicalization(), DkimConfig.Canonicalization.RELAXED)));
+			dkimSigner.setSigningAlgorithm(SigningAlgorithm.valueOf(defaultTo(dkimConfig.getSigningAlgorithm(), SHA256_WITH_RSA.name())));
+			dkimSigner.setLengthParam(defaultTo(dkimConfig.getUseLengthParam(), false));
 			dkimSigner.setZParam(false);
 
 			// during our junit tests, we don't want to actually connect to the internet to check the domain key
@@ -58,6 +60,10 @@ public MimeMessage signMessageWithDKIM(@NotNull Email email, @NotNull final Mime
 		}
 	}
 
+	private static Canonicalization mapToNativeCanonicalization(DkimConfig.Canonicalization canonicalization) {
+		return canonicalization == DkimConfig.Canonicalization.SIMPLE ? SIMPLE : RELAXED;
+	}
+
 	@Override
 	public boolean isMessageIdFixingMessage(MimeMessage message) {
 		return message instanceof DkimMessageIdFixingMimeMessage;

modules/dkim-module/src/main/java/org/simplejavamail/internal/dkimsupport/DKIMSigner.java

@@ -48,7 +48,11 @@
 import static org.simplejavamail.config.ConfigLoader.Property.DKIM_EXCLUDED_HEADERS_FROM_DEFAULT_SIGNING_LIST;
 import static org.simplejavamail.config.ConfigLoader.Property.DKIM_PRIVATE_KEY_FILE_OR_DATA;
 import static org.simplejavamail.config.ConfigLoader.Property.DKIM_SELECTOR;
+import static org.simplejavamail.config.ConfigLoader.Property.DKIM_SIGNING_ALGORITHM;
+import static org.simplejavamail.config.ConfigLoader.Property.DKIM_SIGNING_BODY_CANONICALIZATION;
 import static org.simplejavamail.config.ConfigLoader.Property.DKIM_SIGNING_DOMAIN;
+import static org.simplejavamail.config.ConfigLoader.Property.DKIM_SIGNING_HEADER_CANONICALIZATION;
+import static org.simplejavamail.config.ConfigLoader.Property.DKIM_SIGNING_USE_LENGTH_PARAM;
 import static org.simplejavamail.config.ConfigLoader.Property.SMIME_ENCRYPTION_CERTIFICATE;
 import static org.simplejavamail.config.ConfigLoader.Property.SMIME_ENCRYPTION_CIPHER;
 import static org.simplejavamail.config.ConfigLoader.Property.SMIME_ENCRYPTION_KEY_ENCAPSULATION_ALGORITHM;
@@ -57,6 +61,7 @@
 import static org.simplejavamail.config.ConfigLoader.Property.SMIME_SIGNING_KEYSTORE_PASSWORD;
 import static org.simplejavamail.config.ConfigLoader.Property.SMIME_SIGNING_KEY_ALIAS;
 import static org.simplejavamail.config.ConfigLoader.Property.SMIME_SIGNING_KEY_PASSWORD;
+import static org.simplejavamail.config.ConfigLoader.getBooleanProperty;
 import static org.simplejavamail.config.ConfigLoader.getProperty;
 import static org.simplejavamail.config.ConfigLoader.getStringProperty;
 import static org.simplejavamail.config.ConfigLoader.hasProperty;
@@ -184,7 +189,11 @@ private Email newDefaultsEmailWithDefaultDefaults() {
 			val dkimConfigBuilder = DkimConfig.builder()
 					.dkimSelector(verifyNonnullOrEmpty(getStringProperty(DKIM_SELECTOR)))
 					.dkimSigningDomain(verifyNonnullOrEmpty(getStringProperty(DKIM_SIGNING_DOMAIN)))
-					.excludedHeadersFromDkimDefaultSigningList(verifyNonnullOrEmpty(getStringProperty(DKIM_EXCLUDED_HEADERS_FROM_DEFAULT_SIGNING_LIST)));
+					.useLengthParam(hasProperty(DKIM_SIGNING_USE_LENGTH_PARAM) ? getBooleanProperty(DKIM_SIGNING_USE_LENGTH_PARAM) : null)
+					.excludedHeadersFromDkimDefaultSigningList(verifyNonnullOrEmpty(getStringProperty(DKIM_EXCLUDED_HEADERS_FROM_DEFAULT_SIGNING_LIST)))
+					.headerCanonicalization(hasProperty(DKIM_SIGNING_HEADER_CANONICALIZATION) ? getProperty(DKIM_SIGNING_HEADER_CANONICALIZATION) : null)
+					.bodyCanonicalization(hasProperty(DKIM_SIGNING_BODY_CANONICALIZATION) ? getProperty(DKIM_SIGNING_BODY_CANONICALIZATION) : null)
+					.signingAlgorithm(hasProperty(DKIM_SIGNING_ALGORITHM) ? getStringProperty(DKIM_SIGNING_ALGORITHM) : null);
 			val dkimPrivateKeyFileOrData = verifyNonnullOrEmpty(getStringProperty(DKIM_PRIVATE_KEY_FILE_OR_DATA));
 			if (new File(dkimPrivateKeyFileOrData).exists()) {
 				dkimConfigBuilder.dkimPrivateKeyPath(dkimPrivateKeyFileOrData);

modules/simple-java-mail/src/main/java/org/simplejavamail/mailer/internal/EmailGovernanceImpl.java

@@ -116,7 +116,7 @@ public void testToStringFull() {
 				+ "	contentTransferEncoding='quoted-printable',\n"
 				+ "	subject='hey',\n"
 				+ "	recipients=[Recipient{name='C.Cane', address='[email protected]', type=To}],\n"
-				+ "	dkimConfig=DkimConfig(dkimSigningDomain=dkim_domain, dkimSelector=dkim_selector, excludedHeadersFromDkimDefaultSigningList=null),\n"
+				+ "	dkimConfig=DkimConfig(dkimSigningDomain=dkim_domain, dkimSelector=dkim_selector, useLengthParam=null, excludedHeadersFromDkimDefaultSigningList=null, headerCanonicalization=null, bodyCanonicalization=null, signingAlgorithm=null),\n"
 				+ "	useDispositionNotificationTo=true,\n"
 				+ "		dispositionNotificationTo=Recipient{name='dispo to', address='[email protected]', type=null},\n"
 				+ "	useReturnReceiptTo=true,\n"

modules/simple-java-mail/src/test/java/org/simplejavamail/api/email/EmailTest.java

@@ -37,7 +37,11 @@ simplejavamail.smime.encryption.cipher=
 simplejavamail.dkim.signing.private_key_file_or_data=
 simplejavamail.dkim.signing.selector=
 simplejavamail.dkim.signing.signing_domain=
+simplejavamail.dkim.signing.use_length_param=
 simplejavamail.dkim.signing.excluded_headers_from_default_signing_list=
+simplejavamail.dkim.signing.header_canonicalization=
+simplejavamail.dkim.signing.body_canonicalization=
+simplejavamail.dkim.signing.algorithm=
 simplejavamail.embeddedimages.dynamicresolution.enable.dir=
 simplejavamail.embeddedimages.dynamicresolution.enable.url=
 simplejavamail.embeddedimages.dynamicresolution.enable.classpath=

modules/simple-java-mail/src/test/resources/simplejavamail.properties

@@ -83,8 +83,12 @@
  * <li>simplejavamail.dkim.signing.selector</li>
  * <li>simplejavamail.dkim.signing.signing_domain</li>
  * <li>simplejavamail.dkim.signing.signing-domain</li>
+ * <li>simplejavamail.dkim.signing.use_length_param</li>
  * <li>simplejavamail.dkim.signing.excluded_headers_from_default_signing_list</li>
  * <li>simplejavamail.dkim.signing.excluded-headers-from-default-signing-list</li>
+ * <li>simplejavamail.dkim.signing.header_canonicalization</li>
+ * <li>simplejavamail.dkim.signing.body_canonicalization</li>
+ * <li>simplejavamail.dkim.signing.algorithm</li>
  * <li>simplejavamail.embeddedimages.dynamicresolution.enable.dir</li>
  * <li>simplejavamail.embeddedimages.dynamicresolution.enable.url</li>
  * <li>simplejavamail.embeddedimages.dynamicresolution.enable.classpath</li>
@@ -169,8 +173,12 @@ public MailerGenericBuilder<?> loadGlobalConfigAndCreateDefaultMailer(
 			@Nullable @Value("${simplejavamail.dkim.signing.selector:#{null}}") final String dkimSigningSelector,
 			@Nullable @Value("${simplejavamail.dkim.signing.signing_domain:#{null}}") final String dkimSigningDomain,
 			@Nullable @Value("${simplejavamail.dkim.signing.signing-domain:#{null}}") final String dkimSigningDomainSpringBoot,
+			@Nullable @Value("${simplejavamail.dkim.signing.use_length_param:#{null}}") final String dkimSigningUseLengthParam,
 			@Nullable @Value("${simplejavamail.dkim.signing.excluded_headers_from_default_signing_list:#{null}}") final String dkimSigningExcludedHeadersFromDefaultSigningList,
 			@Nullable @Value("${simplejavamail.dkim.signing.excluded-headers-from-default-signing-list:#{null}}") final String dkimSigningExcludedHeadersFromDefaultSigningListSpringBoot,
+			@Nullable @Value("${simplejavamail.dkim.signing.header_canonicalization:#{null}}") final String dkimSigningHeaderCanonicalization,
+			@Nullable @Value("${simplejavamail.dkim.signing.body_canonicalization:#{null}}") final String dkimSigningBodyCanonicalization,
+			@Nullable @Value("${simplejavamail.dkim.signing.algorithm:#{null}}") final String dkimSigningAlgorithm,
 			@Nullable @Value("${simplejavamail.embeddedimages.dynamicresolution.enable.dir:#{null}}") final String embeddedimagesDynamicresolutionEnableDir,
 			@Nullable @Value("${simplejavamail.embeddedimages.dynamicresolution.enable.url:#{null}}") final String embeddedimagesDynamicresolutionEnableUrl,
 			@Nullable @Value("${simplejavamail.embeddedimages.dynamicresolution.enable.classpath:#{null}}") final String embeddedimagesDynamicresolutionEnableClassPath,
@@ -247,15 +255,9 @@ public MailerGenericBuilder<?> loadGlobalConfigAndCreateDefaultMailer(
 		} else {
 			setNullableProperty(emailProperties, Property.SMIME_SIGNING_KEY_PASSWORD.key(), smimeSigningKeyPasswordSpringBoot);
 		}
-		if (smimeSigningAlgorithm != null) {
-			setNullableProperty(emailProperties, Property.SMIME_SIGNING_ALGORITHM.key(), smimeSigningAlgorithm);
-		}
-		if (smimeEncryptionKeyEncapsulationAlgorithm != null) {
-			setNullableProperty(emailProperties, Property.SMIME_ENCRYPTION_KEY_ENCAPSULATION_ALGORITHM.key(), smimeEncryptionKeyEncapsulationAlgorithm);
-		}
-		if (smimeEncryptionCipher != null) {
-			setNullableProperty(emailProperties, Property.SMIME_ENCRYPTION_CIPHER.key(), smimeEncryptionCipher);
-		}
+		setNullableProperty(emailProperties, Property.SMIME_SIGNING_ALGORITHM.key(), smimeSigningAlgorithm);
+		setNullableProperty(emailProperties, Property.SMIME_ENCRYPTION_KEY_ENCAPSULATION_ALGORITHM.key(), smimeEncryptionKeyEncapsulationAlgorithm);
+		setNullableProperty(emailProperties, Property.SMIME_ENCRYPTION_CIPHER.key(), smimeEncryptionCipher);
 		setNullableProperty(emailProperties, Property.SMIME_ENCRYPTION_CERTIFICATE.key(), smimeEncryptionCertificate);
 		if (dkimSigningPrivateKeyFileOrData != null) {
 			setNullableProperty(emailProperties, Property.DKIM_PRIVATE_KEY_FILE_OR_DATA.key(), dkimSigningPrivateKeyFileOrData);
@@ -268,11 +270,15 @@ public MailerGenericBuilder<?> loadGlobalConfigAndCreateDefaultMailer(
 		} else {
 			setNullableProperty(emailProperties, Property.DKIM_SIGNING_DOMAIN.key(), dkimSigningDomainSpringBoot);
 		}
+		setNullableProperty(emailProperties, Property.DKIM_SIGNING_USE_LENGTH_PARAM.key(), dkimSigningUseLengthParam);
 		if (dkimSigningExcludedHeadersFromDefaultSigningList != null) {
 			setNullableProperty(emailProperties, Property.DKIM_EXCLUDED_HEADERS_FROM_DEFAULT_SIGNING_LIST.key(), dkimSigningExcludedHeadersFromDefaultSigningList);
 		} else {
 			setNullableProperty(emailProperties, Property.DKIM_EXCLUDED_HEADERS_FROM_DEFAULT_SIGNING_LIST.key(), dkimSigningExcludedHeadersFromDefaultSigningListSpringBoot);
 		}
+		setNullableProperty(emailProperties, Property.DKIM_SIGNING_HEADER_CANONICALIZATION.key(), dkimSigningHeaderCanonicalization);
+		setNullableProperty(emailProperties, Property.DKIM_SIGNING_BODY_CANONICALIZATION.key(), dkimSigningBodyCanonicalization);
+		setNullableProperty(emailProperties, Property.DKIM_SIGNING_ALGORITHM.key(), dkimSigningAlgorithm);
 		setNullableProperty(emailProperties, Property.EMBEDDEDIMAGES_DYNAMICRESOLUTION_ENABLE_DIR.key(), embeddedimagesDynamicresolutionEnableDir);
 		setNullableProperty(emailProperties, Property.EMBEDDEDIMAGES_DYNAMICRESOLUTION_ENABLE_CLASSPATH.key(), embeddedimagesDynamicresolutionEnableClassPath);
 		setNullableProperty(emailProperties, Property.EMBEDDEDIMAGES_DYNAMICRESOLUTION_ENABLE_URL.key(), embeddedimagesDynamicresolutionEnableUrl);

modules/spring-module/src/main/java/org/simplejavamail/springsupport/SimpleJavaMailSpringSupport.java

@@ -37,7 +37,11 @@ simplejavamail.smime.encryption.cipher=
 simplejavamail.dkim.signing.private_key_file_or_data=
 simplejavamail.dkim.signing.selector=
 simplejavamail.dkim.signing.signing_domain=
+simplejavamail.dkim.signing.use_length_param=
 simplejavamail.dkim.signing.excluded_headers_from_default_signing_list=
+simplejavamail.dkim.signing.header_canonicalization=
+simplejavamail.dkim.signing.body_canonicalization=
+simplejavamail.dkim.signing.algorithm=
 simplejavamail.embeddedimages.dynamicresolution.enable.dir=
 simplejavamail.embeddedimages.dynamicresolution.enable.url=
 simplejavamail.embeddedimages.dynamicresolution.enable.classpath=