1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103

use dns_resolver::DnsError;
use thiserror::Error;

/// DKIM error status
#[derive(Debug, Copy, Clone, Eq, PartialEq)]
pub enum Status {
    Permfail,
    Tempfail,
}

#[derive(Debug, PartialEq, Clone, Error)]
/// DKIM errors
pub enum DKIMError {
    #[error("unsupported hash algorithm: {0}")]
    UnsupportedHashAlgorithm(String),
    #[error("unsupported canonicalization: {0}")]
    UnsupportedCanonicalizationType(String),
    #[error("signature syntax error: {0}")]
    SignatureSyntaxError(String),
    #[error("signature missing required tag ({0})")]
    SignatureMissingRequiredTag(&'static str),
    #[error("incompatible version")]
    IncompatibleVersion,
    #[error("domain mismatch")]
    DomainMismatch,
    #[error("From field not signed")]
    FromFieldNotSigned,
    #[error("signature expired")]
    SignatureExpired,
    #[error("unacceptable signature header")]
    UnacceptableSignatureHeader,
    #[error("unsupported query method")]
    UnsupportedQueryMethod,
    #[error("key unavailable: {0}")]
    KeyUnavailable(String),
    #[error("internal error: {0}")]
    UnknownInternalError(String),
    #[error("no key for signature")]
    NoKeyForSignature,
    #[error("key syntax error")]
    KeySyntaxError,
    #[error("key incompatible version")]
    KeyIncompatibleVersion,
    #[error("inappropriate key algorithm")]
    InappropriateKeyAlgorithm,
    #[error("signature did not verify")]
    SignatureDidNotVerify,
    #[error("body hash did not verify")]
    BodyHashDidNotVerify,
    #[error("malformed email body")]
    MalformedBody,
    #[error("failed sign: {0}")]
    FailedToSign(String),
    #[error("failed to build object: {0}")]
    BuilderError(&'static str),
    #[error("failed to serialize DKIM header: {0}")]
    HeaderSerializeError(String),
    #[error("failed to load private key: {0}")]
    PrivateKeyLoadError(String),
    #[error("failed to parse message: {0:#}")]
    MailParsingError(#[from] mailparsing::MailParsingError),
    #[error("Canonical CRLF line endings are required for correct signing and verification")]
    CanonicalLineEndingsRequired,
    #[error(transparent)]
    Dns(#[from] DnsError),
}

impl DKIMError {
    pub fn status(self) -> Status {
        use DKIMError::*;
        match self {
            SignatureSyntaxError(_)
            | SignatureMissingRequiredTag(_)
            | IncompatibleVersion
            | DomainMismatch
            | FromFieldNotSigned
            | SignatureExpired
            | UnacceptableSignatureHeader
            | UnsupportedQueryMethod
            | NoKeyForSignature
            | KeySyntaxError
            | KeyIncompatibleVersion
            | InappropriateKeyAlgorithm
            | SignatureDidNotVerify
            | BodyHashDidNotVerify
            | MalformedBody
            | CanonicalLineEndingsRequired
            | MailParsingError(_)
            | UnsupportedCanonicalizationType(_)
            | UnsupportedHashAlgorithm(_) => Status::Permfail,
            KeyUnavailable(_)
            | UnknownInternalError(_)
            | BuilderError(_)
            | FailedToSign(_)
            | PrivateKeyLoadError(_)
            | HeaderSerializeError(_) => Status::Tempfail,
            Dns(dns) => match dns {
                DnsError::InvalidName(_) => Status::Permfail,
                DnsError::ResolveFailed(_) => Status::Tempfail,
            },
        }
    }
}