[Draft] Authenticated Received Chain - ARC-sealing#31
[Draft] Authenticated Received Chain - ARC-sealing#31agrinchenko wants to merge 96 commits intoapache:masterfrom
Conversation
Fix FWS is not trimmed correctly
- Use goals `single` instead of `attached` by the recommendation at http://maven.apache.org/plugins-archives/maven-assembly-plugin-2.5.5/attached-mojo.html
Following alphabetical order with groupId > artifactId
The JDKIM mailet has been moved into James server project
After removing the mailet (been moved to James), those libs are not necessary anymore.
- Rewired DMARC into separate module - Added relaxed header alignment for DMARC using PSL list - Removed commons-codec dependency
|
Hey guys! I committed changes with DMARC in a separate module and also implemented both strict and relaxed header checking against PSL list. The Jenkins build fails though because |
|
I have limited bandwith because of over-committing on another project. I will take time for a complete review of this work this weekend. |
|
Thanks, Benoit! No rush.. |
chibenwa
left a comment
chibenwa
left a comment
There was a problem hiding this comment.
I do think we could benefit from updating the documentation (src/site ?) for mentionning arc and dkim support + giving some little code examples.
I (tried to) refrain from doing too much code style related comments but I'd be happy, if you accept, to propose you a changeset to polish a bit this work (i'd PR your branch).
arc/src/main/java/org/apache/james/arc/ArcSignatureRecordImpl.java
Outdated
Show resolved
Hide resolved
|
|
||
| private PublicSuffixList() {} | ||
|
|
||
| public static boolean isPublicSuffix(String domain) { |
There was a problem hiding this comment.
The PSL can't be used just to know if contains a suffix, it's missing exceptions and wildcard. Many valid domains will not be found.
There was a problem hiding this comment.
Thanks for the feedback. I will take a closer look at PSL exceptions and wildcards, I think I just learned something new about PSL.
There was a problem hiding this comment.
Thanks for the feedback. I will take a closer look at PSL exceptions and wildcards, I think I just learned something new about PSL.
If you need, here is my library:
https://central.sonatype.com/artifact/dev.pinter.psl/publicsuffixlist
There was a problem hiding this comment.
Thanks again, for the pointer to your lib! Nice work! I think it does actually more than what I need for the relaxed domain checking. I took another try at rewriting my initial PSL code to add ability to handle wildcards and exceptions. Checked in.
dmarc/src/main/java/org/apache/james/dmarc/PublicSuffixList.java
Outdated
Show resolved
Hide resolved
| import static org.junit.Assert.assertTrue; | ||
|
|
||
| public class PublicSuffixListTest { | ||
|
|
There was a problem hiding this comment.
If a PSL implementation is to be included here, I think a lot more tests will be needed. My implementation has more than 130 tests. A fail in PSL lookup can make invalid dmarc to pass.
There was a problem hiding this comment.
Good to know you have PSL implementation with 130 tests already! I would be glad to integrate with your work and delegate the relaxed org domain determination to your code. Let me know! Essentially I would need to be able to supply FQDN and receive either (1) a relaxed version of it (i.e. PSL public suffix + 1 part to the left of it) or (2) same FQDN if nothing is found in PSL.
There was a problem hiding this comment.
Nice work you have on PSL! I think your library does more than what I need for the purposes of relaxed domain alignment. As a first step I rewrote initial PSL code I had to handle wildcards and exceptions, also added more test cases.
- Added ARC validation outcome with details on the failure - Refactored logic such as `computeBTag` into separate methods - Added hard fail whenever multiple From headers detected - Rewrote tag extraction logic to do it all in one pass for efficiency - Simplified getTimeMeasure to use standard Java - Removed unnecessary Overrides
Bumps [org.assertj:assertj-core](https://github.com/assertj/assertj) from 3.26.0 to 3.27.7. - [Release notes](https://github.com/assertj/assertj/releases) - [Commits](assertj/assertj@assertj-build-3.26.0...assertj-build-3.27.7) --- updated-dependencies: - dependency-name: org.assertj:assertj-core dependency-version: 3.27.7 dependency-type: direct:development ... Signed-off-by: dependabot[bot] <support@github.com>
Removed typos
This comment was marked as outdated.
This comment was marked as outdated.
Sorry, something went wrong.
|
Last comnit in the README is nice. I'll commit to do a review, likely next weekend. We shalll eventually merge this work upstream in james-jdkim. |
Thanks! Sorry for the delays; I've been going through some changes lately, but all is good now. Waiting on your review. |
ieugen
changed the title
8 participants
Draft for ARC-sealing for review/comments/feedback. Work in progress.