From d6b0acb10114a48037100b386c6f7795db1c1549 Mon Sep 17 00:00:00 2001
From: Scott Kitterman <scott@kitterman.com>
Date: Tue, 22 Oct 2019 19:45:18 -0400
Subject: [PATCH] Refactor signing domain determination into
 get_identities_sign function and add support for passing i= when signing in
 prepartation for parsing the signing table

---
 dkimpy_milter/__init__.py | 31 ++++++++++++++++++-------------
 1 file changed, 18 insertions(+), 13 deletions(-)

diff --git a/dkimpy_milter/__init__.py b/dkimpy_milter/__init__.py
index 5db637f..f466eda 100644
--- a/dkimpy_milter/__init__.py
+++ b/dkimpy_milter/__init__.py
@@ -54,6 +54,7 @@ class dkimMilter(Milter.Base):
         self.conf = milterconfig
         self.fp = None
         self.fdomain = ''
+        self.iequals = None
 
     @Milter.noreply
     def connect(self, hostname, unused, hostaddr):
@@ -188,13 +189,8 @@ class dkimMilter(Milter.Base):
         # Check and/or sign DKIM
         self.fp.seek(0)
         txt = self.fp.read()
-        if self.conf.get('Domain'):
-            domain = self.conf.get('Domain')
-        else:
-            domain = ''
-        if self.conf.get('SubDomains'):
-            self.fdomain = _get_parent_domain(self.fdomain, domain)
-        if ((self.fdomain in domain) and not self.conf.get('Mode') == 'v'
+        self.get_identities_sign()
+        if ((self.fdomain in self.domain) and not self.conf.get('Mode') == 'v'
                 and not self.external_connection):
             self.sign_dkim(txt)
         if ((self.has_dkim) and (not self.internal_connection) and
@@ -213,6 +209,16 @@ class dkimMilter(Milter.Base):
             self.addheader(name, val, 0)
         return Milter.CONTINUE
 
+    def get_identities_sign(self):
+        """Determine d= and i= identiies for signature"""
+        if self.conf.get('Domain'):
+            self.domain = self.conf.get('Domain')
+        else:
+            self.domain = ''
+        if self.conf.get('SubDomains'):
+            self.fdomain = _get_parent_domain(self.fdomain, self.domain)
+
+
     def sign_dkim(self, txt):
         canon = codecs.encode(self.conf.get('Canonicalization'), 'ascii')
         canonicalize = []
@@ -234,9 +240,8 @@ class dkimMilter(Milter.Base):
                 d = dkim.DKIM(txt)
                 h = d.sign(codecs.encode(self.conf.get('Selector'), 'ascii'), codecs.encode(self.fdomain, 'ascii'),
                            codecs.encode(self.conf.get('privateRSA'), 'ascii'),
-                           canonicalize=(canonicalize[0],
-                                         canonicalize[1]),
-                           include_headers=sign_headers)
+                           canonicalize=(canonicalize[0], canonicalize[1]),
+                           identity=self.iequals, include_headers=sign_headers)
                 name, val = h.split(b': ', 1)
                 self.addheader(codecs.decode(name, 'ascii'), codecs.decode(val, 'ascii').strip().replace('\r\n', '\n'), 0)
                 if (self.conf.get('Syslog') and
@@ -250,9 +255,9 @@ class dkimMilter(Milter.Base):
             if self.conf.get('privateEd25519'):
                 d = dkim.DKIM(txt)
                 h = d.sign(codecs.encode(self.conf.get('SelectorEd25519'), 'ascii'), codecs.encode(self.fdomain, 'ascii'),
-                           self.conf.get('privateEd25519'), canonicalize=(canonicalize[0],
-                                                         canonicalize[1]),
-                           include_headers=sign_headers,
+                           self.conf.get('privateEd25519'),
+                           canonicalize=(canonicalize[0], canonicalize[1]),
+                           identity=self.iequals, include_headers=sign_headers,
                            signature_algorithm=b'ed25519-sha256')
                 name, val = h.split(b': ', 1)
                 self.addheader(codecs.decode(name, 'ascii'), codecs.decode(val, 'ascii').strip().replace('\r\n', '\n'), 0)