ARH: fixed missing reason on fail resulting in error

lieser · Feb 6, 2021 · 8e72417 · 8e72417
1 parent c32c8ae
commit 8e72417
Show file tree

Hide file tree

Showing 8 changed files with 234 additions and 79 deletions.
diff --git a/CHANGELOG.txt b/CHANGELOG.txt
@@ -5,6 +5,7 @@
  - removed option to show DKIM result in the statusbarpanel
  - Authentication-Results header: fixed parsing of version
  - Authentication-Results header: fixed parsing of quoted SDID and AUID (#229, #234)
+ - Authentication-Results header: fixed missing reason on fail resulting in error (#232)
  - libunbound resolver: Don't provide a default path
  - libunbound resolver: Improve options description
  - added about page in options

diff --git a/modules/AuthVerifier.mjs.js b/modules/AuthVerifier.mjs.js
@@ -268,6 +268,7 @@ async function getARHResult(message, headers, from, listId, account) {
 		spf: arhSPF,
 		dmarc: arhDMARC,
 	};
+	log.debug("ARH result:", savedAuthResult);
 	return savedAuthResult;
 }
 
@@ -528,86 +529,86 @@ function dkimSigResultV2_to_AuthResultDKIM(dkimSigResult) { // eslint-disable-li
 				authResultDKIM.res_num = 30;
 			}
 			let errorType = dkimSigResult.errorType;
-			if (!errorType) {
-				throw new Error("expected errorType on PERMFAIL result");
-			}
-			if (!prefs["error.detailedReasons"]) {
-				switch (errorType) {
-					case "DKIM_SIGERROR_ILLFORMED_TAGSPEC":
-					case "DKIM_SIGERROR_DUPLICATE_TAG":
-					case "DKIM_SIGERROR_MISSING_V":
-					case "DKIM_SIGERROR_ILLFORMED_V":
-					case "DKIM_SIGERROR_MISSING_A":
-					case "DKIM_SIGERROR_ILLFORMED_A":
-					case "DKIM_SIGERROR_MISSING_B":
-					case "DKIM_SIGERROR_ILLFORMED_B":
-					case "DKIM_SIGERROR_MISSING_BH":
-					case "DKIM_SIGERROR_ILLFORMED_BH":
-					case "DKIM_SIGERROR_ILLFORMED_C":
-					case "DKIM_SIGERROR_MISSING_D":
-					case "DKIM_SIGERROR_ILLFORMED_D":
-					case "DKIM_SIGERROR_MISSING_H":
-					case "DKIM_SIGERROR_ILLFORMED_H":
-					case "DKIM_SIGERROR_SUBDOMAIN_I":
-					case "DKIM_SIGERROR_DOMAIN_I":
-					case "DKIM_SIGERROR_ILLFORMED_I":
-					case "DKIM_SIGERROR_ILLFORMED_L":
-					case "DKIM_SIGERROR_ILLFORMED_Q":
-					case "DKIM_SIGERROR_MISSING_S":
-					case "DKIM_SIGERROR_ILLFORMED_S":
-					case "DKIM_SIGERROR_ILLFORMED_T":
-					case "DKIM_SIGERROR_TIMESTAMPS":
-					case "DKIM_SIGERROR_ILLFORMED_X":
-					case "DKIM_SIGERROR_ILLFORMED_Z":
-						errorType = "DKIM_SIGERROR_ILLFORMED";
-						break;
-					case "DKIM_SIGERROR_VERSION":
-					case "DKIM_SIGERROR_UNKNOWN_A":
-					case "DKIM_SIGERROR_UNKNOWN_C_H":
-					case "DKIM_SIGERROR_UNKNOWN_C_B":
-					case "DKIM_SIGERROR_UNKNOWN_Q":
-						errorType = "DKIM_SIGERROR_UNSUPPORTED";
-						break;
-					case "DKIM_SIGERROR_KEY_ILLFORMED_TAGSPEC":
-					case "DKIM_SIGERROR_KEY_DUPLICATE_TAG":
-					case "DKIM_SIGERROR_KEY_ILLFORMED_V":
-					case "DKIM_SIGERROR_KEY_ILLFORMED_H":
-					case "DKIM_SIGERROR_KEY_ILLFORMED_K":
-					case "DKIM_SIGERROR_KEY_ILLFORMED_N":
-					case "DKIM_SIGERROR_KEY_MISSING_P":
-					case "DKIM_SIGERROR_KEY_ILLFORMED_P":
-					case "DKIM_SIGERROR_KEY_ILLFORMED_S":
-					case "DKIM_SIGERROR_KEY_ILLFORMED_T":
-						errorType = "DKIM_SIGERROR_KEY_ILLFORMED";
-						break;
-					case "DKIM_SIGERROR_KEY_INVALID_V":
-					case "DKIM_SIGERROR_KEY_HASHNOTINCLUDED":
-					case "DKIM_SIGERROR_KEY_UNKNOWN_K":
-					case "DKIM_SIGERROR_KEY_HASHMISMATCH":
-					case "DKIM_SIGERROR_KEY_NOTEMAILKEY":
-					case "DKIM_SIGERROR_KEYDECODE":
-						errorType = "DKIM_SIGERROR_KEY_INVALID";
-						break;
-					case "DKIM_SIGERROR_BADSIG":
-					case "DKIM_SIGERROR_CORRUPT_BH":
-					case "DKIM_SIGERROR_MISSING_FROM":
-					case "DKIM_SIGERROR_TOOLARGE_L":
-					case "DKIM_SIGERROR_NOKEY":
-					case "DKIM_SIGERROR_KEY_REVOKED":
-					case "DKIM_SIGERROR_KEY_TESTMODE":
-					case "DKIM_POLICYERROR_MISSING_SIG":
-					case "DKIM_POLICYERROR_KEYMISMATCH":
-					case "DKIM_POLICYERROR_KEY_INSECURE":
-					case "DKIM_POLICYERROR_WRONG_SDID":
-						break;
-					default:
-						log.warn(`unknown errorType: ${errorType}`);
+			let errorMsg;
+			if (errorType) {
+				if (!prefs["error.detailedReasons"]) {
+					switch (errorType) {
+						case "DKIM_SIGERROR_ILLFORMED_TAGSPEC":
+						case "DKIM_SIGERROR_DUPLICATE_TAG":
+						case "DKIM_SIGERROR_MISSING_V":
+						case "DKIM_SIGERROR_ILLFORMED_V":
+						case "DKIM_SIGERROR_MISSING_A":
+						case "DKIM_SIGERROR_ILLFORMED_A":
+						case "DKIM_SIGERROR_MISSING_B":
+						case "DKIM_SIGERROR_ILLFORMED_B":
+						case "DKIM_SIGERROR_MISSING_BH":
+						case "DKIM_SIGERROR_ILLFORMED_BH":
+						case "DKIM_SIGERROR_ILLFORMED_C":
+						case "DKIM_SIGERROR_MISSING_D":
+						case "DKIM_SIGERROR_ILLFORMED_D":
+						case "DKIM_SIGERROR_MISSING_H":
+						case "DKIM_SIGERROR_ILLFORMED_H":
+						case "DKIM_SIGERROR_SUBDOMAIN_I":
+						case "DKIM_SIGERROR_DOMAIN_I":
+						case "DKIM_SIGERROR_ILLFORMED_I":
+						case "DKIM_SIGERROR_ILLFORMED_L":
+						case "DKIM_SIGERROR_ILLFORMED_Q":
+						case "DKIM_SIGERROR_MISSING_S":
+						case "DKIM_SIGERROR_ILLFORMED_S":
+						case "DKIM_SIGERROR_ILLFORMED_T":
+						case "DKIM_SIGERROR_TIMESTAMPS":
+						case "DKIM_SIGERROR_ILLFORMED_X":
+						case "DKIM_SIGERROR_ILLFORMED_Z":
+							errorType = "DKIM_SIGERROR_ILLFORMED";
+							break;
+						case "DKIM_SIGERROR_VERSION":
+						case "DKIM_SIGERROR_UNKNOWN_A":
+						case "DKIM_SIGERROR_UNKNOWN_C_H":
+						case "DKIM_SIGERROR_UNKNOWN_C_B":
+						case "DKIM_SIGERROR_UNKNOWN_Q":
+							errorType = "DKIM_SIGERROR_UNSUPPORTED";
+							break;
+						case "DKIM_SIGERROR_KEY_ILLFORMED_TAGSPEC":
+						case "DKIM_SIGERROR_KEY_DUPLICATE_TAG":
+						case "DKIM_SIGERROR_KEY_ILLFORMED_V":
+						case "DKIM_SIGERROR_KEY_ILLFORMED_H":
+						case "DKIM_SIGERROR_KEY_ILLFORMED_K":
+						case "DKIM_SIGERROR_KEY_ILLFORMED_N":
+						case "DKIM_SIGERROR_KEY_MISSING_P":
+						case "DKIM_SIGERROR_KEY_ILLFORMED_P":
+						case "DKIM_SIGERROR_KEY_ILLFORMED_S":
+						case "DKIM_SIGERROR_KEY_ILLFORMED_T":
+							errorType = "DKIM_SIGERROR_KEY_ILLFORMED";
+							break;
+						case "DKIM_SIGERROR_KEY_INVALID_V":
+						case "DKIM_SIGERROR_KEY_HASHNOTINCLUDED":
+						case "DKIM_SIGERROR_KEY_UNKNOWN_K":
+						case "DKIM_SIGERROR_KEY_HASHMISMATCH":
+						case "DKIM_SIGERROR_KEY_NOTEMAILKEY":
+						case "DKIM_SIGERROR_KEYDECODE":
+							errorType = "DKIM_SIGERROR_KEY_INVALID";
+							break;
+						case "DKIM_SIGERROR_BADSIG":
+						case "DKIM_SIGERROR_CORRUPT_BH":
+						case "DKIM_SIGERROR_MISSING_FROM":
+						case "DKIM_SIGERROR_TOOLARGE_L":
+						case "DKIM_SIGERROR_NOKEY":
+						case "DKIM_SIGERROR_KEY_REVOKED":
+						case "DKIM_SIGERROR_KEY_TESTMODE":
+						case "DKIM_POLICYERROR_MISSING_SIG":
+						case "DKIM_POLICYERROR_KEYMISMATCH":
+						case "DKIM_POLICYERROR_KEY_INSECURE":
+						case "DKIM_POLICYERROR_WRONG_SDID":
+							break;
+						default:
+							log.warn(`unknown errorType: ${errorType}`);
+					}
 				}
+				errorMsg =
+					browser.i18n.getMessage(errorType,
+						dkimSigResult.errorStrParams) ||
+					errorType;
 			}
-			const errorMsg =
-				browser.i18n.getMessage(errorType,
-					dkimSigResult.errorStrParams) ||
-				errorType;
 			if (errorMsg) {
 				authResultDKIM.result_str = browser.i18n.getMessage("PERMFAIL",
 					[errorMsg]);

diff --git a/modules/dkim/verifier.mjs.js b/modules/dkim/verifier.mjs.js
@@ -75,7 +75,7 @@ import prefs from "../preferences.mjs.js";
  *           Array of warning_objects.
  *           required if result="SUCCESS"
  * @property {String|undefined} [errorType]
- *           if result="PERMFAIL: DKIM_SigError.errorType
+ *           if result="PERMFAIL: DKIM_SigError.errorType or Undefined
  *           if result="TEMPFAIL: DKIM_InternalError.errorType or Undefined
  * @property {String[]|undefined} [errorStrParams]
  * @property {Boolean|undefined} [hideFail]

diff --git a/test/data/rfc6376-A.2-arh-failed-no_reason.eml b/test/data/rfc6376-A.2-arh-failed-no_reason.eml
@@ -0,0 +1,25 @@
+Authentication-Results: example.net;
+  spf=pass smtp.mailfrom=example.com;
+  dkim=fail header.d=example.com
+DKIM-Signature: v=1; a=rsa-sha256; s=brisbane; d=example.com;
+      c=simple/simple; q=dns/txt; i=joe@football.example.com;
+      h=Received : From : To : Subject : Date : Message-ID;
+      bh=2jUSOH9NhtVGCQWNr9BrIAPreKQjO6Sn7XIkfJVOzv8=;
+      b=AuUoFEfDxTDkHlLXSZEpZj79LICEps6eda7W3deTVFOk4yAUoqOB
+        4nujc7YopdG5dWLSdNg6xNAZpOPr+kHxt1IrE+NahM6L/LbvaHut
+        KVdkLLkpVaVVQPzeRDI009SO2Il5Lu7rDNH6mZckBdrIx0orEtZV
+        4bmp/YzhwvcubU4=;
+Received: from client1.football.example.com  [192.0.2.1]
+      by submitserver.example.com with SUBMISSION;
+      Fri, 11 Jul 2003 21:01:54 -0700 (PDT)
+From: Joe SixPack <joe@football.example.com>
+To: Suzie Q <suzie@shopping.example.net>
+Subject: Is dinner ready?
+Date: Fri, 11 Jul 2003 21:00:37 -0700 (PDT)
+Message-ID: <20030712040037.46341.5F8J@football.example.com>
+
+Hi.
+
+We lost the game. Are you hungry yet?
+
+Joe.
diff --git a/test/data/rfc6376-A.2-arh-failed.eml b/test/data/rfc6376-A.2-arh-failed.eml
@@ -0,0 +1,25 @@
+Authentication-Results: example.net;
+  spf=pass smtp.mailfrom=example.com;
+  dkim=fail reason="bad signature" header.d=example.com
+DKIM-Signature: v=1; a=rsa-sha256; s=brisbane; d=example.com;
+      c=simple/simple; q=dns/txt; i=joe@football.example.com;
+      h=Received : From : To : Subject : Date : Message-ID;
+      bh=2jUSOH9NhtVGCQWNr9BrIAPreKQjO6Sn7XIkfJVOzv8=;
+      b=AuUoFEfDxTDkHlLXSZEpZj79LICEps6eda7W3deTVFOk4yAUoqOB
+        4nujc7YopdG5dWLSdNg6xNAZpOPr+kHxt1IrE+NahM6L/LbvaHut
+        KVdkLLkpVaVVQPzeRDI009SO2Il5Lu7rDNH6mZckBdrIx0orEtZV
+        4bmp/YzhwvcubU4=;
+Received: from client1.football.example.com  [192.0.2.1]
+      by submitserver.example.com with SUBMISSION;
+      Fri, 11 Jul 2003 21:01:54 -0700 (PDT)
+From: Joe SixPack <joe@football.example.com>
+To: Suzie Q <suzie@shopping.example.net>
+Subject: Is dinner ready?
+Date: Fri, 11 Jul 2003 21:00:37 -0700 (PDT)
+Message-ID: <20030712040037.46341.5F8J@football.example.com>
+
+Hi.
+
+We lost the game. Are you hungry yet?
+
+Joe.
diff --git a/test/data/rfc6376-A.2-arh-valid-auid.eml b/test/data/rfc6376-A.2-arh-valid-auid.eml
@@ -0,0 +1,25 @@
+Authentication-Results: example.net;
+  spf=pass smtp.mailfrom=example.com;
+  dkim=pass (good signature) header.i=joe@football.example.com
+DKIM-Signature: v=1; a=rsa-sha256; s=brisbane; d=example.com;
+      c=simple/simple; q=dns/txt; i=joe@football.example.com;
+      h=Received : From : To : Subject : Date : Message-ID;
+      bh=2jUSOH9NhtVGCQWNr9BrIAPreKQjO6Sn7XIkfJVOzv8=;
+      b=AuUoFEfDxTDkHlLXSZEpZj79LICEps6eda7W3deTVFOk4yAUoqOB
+        4nujc7YopdG5dWLSdNg6xNAZpOPr+kHxt1IrE+NahM6L/LbvaHut
+        KVdkLLkpVaVVQPzeRDI009SO2Il5Lu7rDNH6mZckBdrIx0orEtZV
+        4bmp/YzhwvcubU4=;
+Received: from client1.football.example.com  [192.0.2.1]
+      by submitserver.example.com with SUBMISSION;
+      Fri, 11 Jul 2003 21:01:54 -0700 (PDT)
+From: Joe SixPack <joe@football.example.com>
+To: Suzie Q <suzie@shopping.example.net>
+Subject: Is dinner ready?
+Date: Fri, 11 Jul 2003 21:00:37 -0700 (PDT)
+Message-ID: <20030712040037.46341.5F8J@football.example.com>
+
+Hi.
+
+We lost the game. Are you hungry yet?
+
+Joe.
diff --git a/test/data/rfc6376-A.2-arh-valid-sdid_and_auid.eml b/test/data/rfc6376-A.2-arh-valid-sdid_and_auid.eml
@@ -0,0 +1,25 @@
+Authentication-Results: example.net;
+  spf=pass smtp.mailfrom=example.com;
+  dkim=pass (good signature) header.d=example.com header.i=joe@football.example.com
+DKIM-Signature: v=1; a=rsa-sha256; s=brisbane; d=example.com;
+      c=simple/simple; q=dns/txt; i=joe@football.example.com;
+      h=Received : From : To : Subject : Date : Message-ID;
+      bh=2jUSOH9NhtVGCQWNr9BrIAPreKQjO6Sn7XIkfJVOzv8=;
+      b=AuUoFEfDxTDkHlLXSZEpZj79LICEps6eda7W3deTVFOk4yAUoqOB
+        4nujc7YopdG5dWLSdNg6xNAZpOPr+kHxt1IrE+NahM6L/LbvaHut
+        KVdkLLkpVaVVQPzeRDI009SO2Il5Lu7rDNH6mZckBdrIx0orEtZV
+        4bmp/YzhwvcubU4=;
+Received: from client1.football.example.com  [192.0.2.1]
+      by submitserver.example.com with SUBMISSION;
+      Fri, 11 Jul 2003 21:01:54 -0700 (PDT)
+From: Joe SixPack <joe@football.example.com>
+To: Suzie Q <suzie@shopping.example.net>
+Subject: Is dinner ready?
+Date: Fri, 11 Jul 2003 21:00:37 -0700 (PDT)
+Message-ID: <20030712040037.46341.5F8J@football.example.com>
+
+Hi.
+
+We lost the game. Are you hungry yet?
+
+Joe.
diff --git a/test/unittest/authVerifierSpec.mjs.js b/test/unittest/authVerifierSpec.mjs.js
@@ -252,5 +252,58 @@ describe("AuthVerifier [unittest]", function () {
 			res = await authVerifier.verify(message);
 			expect((res.spf ?? [])[0].result).to.be.equal("pass");
 		});
+		describe("Converting of ARH result to DKIM result", function () {
+			beforeEach(async function () {
+				await prefs.setValue("dkim.enable", false);
+				await prefs.setValue("arh.read", true);
+			});
+
+			it("DKIM pass with only SDID", async function () {
+				await prefs.setValue("arh.read", true);
+
+				const message = await createMessageHeader("rfc6376-A.2-arh-valid.eml");
+				const res = await authVerifier.verify(message);
+				expect(res.dkim[0].result).to.be.equal("SUCCESS");
+				expect(res.dkim[0].result_str).to.be.equal("Valid (Signed by example.com)");
+				expect(res.dkim[0].sdid).to.be.equal("example.com");
+				expect(res.dkim[0].auid).to.be.equal("@example.com");
+			});
+			it("DKIM pass with only AUID", async function () {
+				await prefs.setValue("arh.read", true);
+
+				const message = await createMessageHeader("rfc6376-A.2-arh-valid-auid.eml");
+				const res = await authVerifier.verify(message);
+				expect(res.dkim[0].result).to.be.equal("SUCCESS");
+				expect(res.dkim[0].result_str).to.be.equal("Valid (Signed by football.example.com)");
+				expect(res.dkim[0].sdid).to.be.equal("football.example.com");
+				expect(res.dkim[0].auid).to.be.equal("joe@football.example.com");
+			});
+			it("DKIM pass with both SDID and AUID", async function () {
+				await prefs.setValue("arh.read", true);
+
+				const message = await createMessageHeader("rfc6376-A.2-arh-valid-sdid_and_auid.eml");
+				const res = await authVerifier.verify(message);
+				expect(res.dkim[0].result).to.be.equal("SUCCESS");
+				expect(res.dkim[0].result_str).to.be.equal("Valid (Signed by example.com)");
+				expect(res.dkim[0].sdid).to.be.equal("example.com");
+				expect(res.dkim[0].auid).to.be.equal("joe@football.example.com");
+			});
+			it("DKIM fail with reason", async function () {
+				await prefs.setValue("arh.read", true);
+
+				const message = await createMessageHeader("rfc6376-A.2-arh-failed.eml");
+				const res = await authVerifier.verify(message);
+				expect(res.dkim[0].result).to.be.equal("PERMFAIL");
+				expect(res.dkim[0].result_str).to.be.equal("Invalid (bad signature)");
+			});
+			it("DKIM fail without reason", async function () {
+				await prefs.setValue("arh.read", true);
+
+				const message = await createMessageHeader("rfc6376-A.2-arh-failed-no_reason.eml");
+				const res = await authVerifier.verify(message);
+				expect(res.dkim[0].result).to.be.equal("PERMFAIL");
+				expect(res.dkim[0].result_str).to.be.equal("Invalid");
+			});
+		});
 	});
 });