diff --git a/Scripts/Billing/checkout.sh b/Scripts/Billing/checkout.sh new file mode 100755 index 0000000..b19a052 --- /dev/null +++ b/Scripts/Billing/checkout.sh @@ -0,0 +1,6 @@ +#!/bin/bash + + +svn co --username jryland http://internal.invertedlogic.com/dev/code/Scripts/Billing/ + + diff --git a/Scripts/Billing/checkout.sh b/Scripts/Billing/checkout.sh new file mode 100755 index 0000000..b19a052 --- /dev/null +++ b/Scripts/Billing/checkout.sh @@ -0,0 +1,6 @@ +#!/bin/bash + + +svn co --username jryland http://internal.invertedlogic.com/dev/code/Scripts/Billing/ + + diff --git a/Scripts/Billing/dkim-verify.sh b/Scripts/Billing/dkim-verify.sh index d6e6d60..7857c90 100755 --- a/Scripts/Billing/dkim-verify.sh +++ b/Scripts/Billing/dkim-verify.sh @@ -1,11 +1,42 @@ #!/bin/bash +# +# DKIM verification script +# Written by John Ryland +# Copyright 2015 +# +# Usage: dkim-verify.sh raw-email.txt +# +# Returns: +# 0 if success and verifies OK +# 1 if has DKIM-signature and was processed but verification failed +# -1 for other errors +# PROGRAM_NAME=`basename $0` INPUT=$1 -mkdir -p tmp +if [ "$#" != "1" ] +then + echo "$PROGRAM_NAME: Invalid number of parameters" + exit -1 +fi -cat << EOF > tmp/parameters.sh +if [ ! -f "$INPUT" ] +then + echo "$PROGRAM_NAME: Invalid input file" + exit -1 +fi + +mkdir -p $HOME/tmp +TEMPDIR=`mktemp -d -p $HOME/tmp` + +if [ ! -d "$TEMPDIR" ] +then + echo "$PROGRAM_NAME: Error creating temp directory" + exit -1 +fi + +cat << EOF > $TEMPDIR/parameters.sh DKIM_VERSION=0 DKIM_ALGORITHM=rsa-sha256 DKIM_CANONICALIZATION=relaxed/relaxed @@ -21,36 +52,36 @@ # Split email text in to 2 parts, the email headers and the email body cat $INPUT | tr -d '\r' | ( # cat $INPUT | ( - echo -n "" > tmp/headers.txt + echo -n "" > $TEMPDIR/headers.txt while IFS= read -r line do - echo "$line" >> tmp/headers.txt + echo "$line" >> $TEMPDIR/headers.txt if [ "$line" == '' ] then break fi done - echo -n "" > tmp/body.txt + echo -n "" > $TEMPDIR/body.txt while IFS= read -r line do - echo "$line" >> tmp/body.txt + echo "$line" >> $TEMPDIR/body.txt done ) # Handles a single trailing empty line # Perhaps this needs to remove all trailing empty lines? -LAST_LINE=`tail -n 1 tmp/body.txt` +LAST_LINE=`tail -n 1 $TEMPDIR/body.txt` if [ "$LAST_LINE" == '' ] then - sed -i '$ d' tmp/body.txt + sed -i '$ d' $TEMPDIR/body.txt fi # Assuming dkim 'relaxed' canonicalization -cat tmp/body.txt | sed 's/[ \t][ \t]*/ /g' | sed 's/[ \t]$//g' | unix2dos > tmp/cbody.txt -cat tmp/headers.txt | sed -e 's/\(.*\)[ \t]*:[ \t]\(.*\)/\L\1:\E\2/' | sed ':a;N;$!ba;s/[ \t]*\n[ \t][ \t]*/ /g' > tmp/cheaders.txt +cat $TEMPDIR/body.txt | sed 's/[ \t][ \t]*/ /g' | sed 's/[ \t]$//g' | unix2dos > $TEMPDIR/cbody.txt +cat $TEMPDIR/headers.txt | sed -e 's/\(.*\)[ \t]*:[ \t]\(.*\)/\L\1:\E\2/' | sed ':a;N;$!ba;s/[ \t]*\n[ \t][ \t]*/ /g' > $TEMPDIR/cheaders.txt -echo -n "dkim-signature:" > tmp/signature.txt -cat tmp/cheaders.txt | while read LINE +echo -n "dkim-signature:" > $TEMPDIR/signature.txt +cat $TEMPDIR/cheaders.txt | while read LINE do HEADER_FIELD=`echo "$LINE" | cut -d ':' -f 1` HEADER_VALUE=`echo "$LINE" | cut -d ':' -f 2-` @@ -67,31 +98,31 @@ ATTRIB_VALUE=`echo "$ATTRIB" | cut -d '=' -f 2-` # echo " ATTRIB: $ATTRIB" # echo " -$ATTRIB_NAME- = -$ATTRIB_VALUE-" - [ "$ATTRIB_NAME" != "b" ] && echo -n "$ATTRIB_LINE " >> tmp/signature.txt - [ "$ATTRIB_NAME" == "b" ] && echo -n "$ATTRIB_LINE" | sed 's/b=[^;]*\(.*\)/b=\1/g' >> tmp/signature.txt - [ "$ATTRIB_NAME" == "v" ] && echo "DKIM_VERSION=$ATTRIB_VALUE" >> tmp/parameters.sh - [ "$ATTRIB_NAME" == "a" ] && echo "DKIM_ALGORITHM=$ATTRIB_VALUE" >> tmp/parameters.sh - [ "$ATTRIB_NAME" == "c" ] && echo "DKIM_CANONICALIZATION=$ATTRIB_VALUE" >> tmp/parameters.sh - [ "$ATTRIB_NAME" == "d" ] && echo "DKIM_DOMAIN=$ATTRIB_VALUE" >> tmp/parameters.sh - [ "$ATTRIB_NAME" == "s" ] && echo "DKIM_SUBDOMAIN=$ATTRIB_VALUE" >> tmp/parameters.sh - [ "$ATTRIB_NAME" == "t" ] && echo "DKIM_TIMESTAMP=$ATTRIB_VALUE" >> tmp/parameters.sh - [ "$ATTRIB_NAME" == "bh" ] && echo "DKIM_BODY_HASH=$ATTRIB_VALUE" >> tmp/parameters.sh - [ "$ATTRIB_NAME" == "h" ] && echo "DKIM_HEADERS=$ATTRIB_VALUE" >> tmp/parameters.sh - [ "$ATTRIB_NAME" == "b" ] && echo "DKIM_BASE64_SIGNATURE=$ATTRIB_VALUE" >> tmp/parameters.sh + [ "$ATTRIB_NAME" != "b" ] && echo -n "$ATTRIB_LINE " >> $TEMPDIR/signature.txt + [ "$ATTRIB_NAME" == "b" ] && echo -n "$ATTRIB_LINE" | sed 's/b=[^;]*\(.*\)/b=\1/g' >> $TEMPDIR/signature.txt + [ "$ATTRIB_NAME" == "v" ] && echo "DKIM_VERSION=$ATTRIB_VALUE" >> $TEMPDIR/parameters.sh + [ "$ATTRIB_NAME" == "a" ] && echo "DKIM_ALGORITHM=$ATTRIB_VALUE" >> $TEMPDIR/parameters.sh + [ "$ATTRIB_NAME" == "c" ] && echo "DKIM_CANONICALIZATION=$ATTRIB_VALUE" >> $TEMPDIR/parameters.sh + [ "$ATTRIB_NAME" == "d" ] && echo "DKIM_DOMAIN=$ATTRIB_VALUE" >> $TEMPDIR/parameters.sh + [ "$ATTRIB_NAME" == "s" ] && echo "DKIM_SUBDOMAIN=$ATTRIB_VALUE" >> $TEMPDIR/parameters.sh + [ "$ATTRIB_NAME" == "t" ] && echo "DKIM_TIMESTAMP=$ATTRIB_VALUE" >> $TEMPDIR/parameters.sh + [ "$ATTRIB_NAME" == "bh" ] && echo "DKIM_BODY_HASH=$ATTRIB_VALUE" >> $TEMPDIR/parameters.sh + [ "$ATTRIB_NAME" == "h" ] && echo "DKIM_HEADERS=$ATTRIB_VALUE" >> $TEMPDIR/parameters.sh + [ "$ATTRIB_NAME" == "b" ] && echo "DKIM_BASE64_SIGNATURE=$ATTRIB_VALUE" >> $TEMPDIR/parameters.sh fi done fi done -if [ "`cat tmp/signature.txt`" == "dkim-signature:" ] +if [ "`cat $TEMPDIR/signature.txt`" == "dkim-signature:" ] then echo "$PROGRAM_NAME: No DKIM-Signature found" exit -1 fi -# echo -n "b=" >> tmp/signature.txt +# echo -n "b=" >> $TEMPDIR/signature.txt -. ./tmp/parameters.sh +. ./$TEMPDIR/parameters.sh if [ "$DKIM_VERSION" != "1" ] then @@ -103,10 +134,10 @@ if [ "$DKIM_ALGORITHM" == "rsa-sha256" ] then - BODY_HASH=`cat tmp/cbody.txt | openssl dgst -sha256 -binary | openssl base64` + BODY_HASH=`cat $TEMPDIR/cbody.txt | openssl dgst -sha256 -binary | openssl base64` elif [ "$DKIM_ALGORITHM" == "rsa-sha1" ] then - BODY_HASH=`cat tmp/cbody.txt | openssl dgst -sha1 -binary | openssl base64` + BODY_HASH=`cat $TEMPDIR/cbody.txt | openssl dgst -sha1 -binary | openssl base64` else echo "$PROGRAM_NAME: Unsupported DKIM signing algorithm: $DKIM_ALGORITHM" exit -1 @@ -120,7 +151,7 @@ # echo "Continuing" exit -1 fi -# rm tmp/body.txt +# rm $TEMPDIR/body.txt # Lookup the public key for the domain # PUBLIC_KEY=`dig ${DKIM_SUBDOMAIN}._domainkey.${DKIM_DOMAIN} TXT | grep rsa | cut -d '"' -f 2 | cut -d '=' -f 4` @@ -134,8 +165,8 @@ exit -1 fi # echo "Copying over file" -# rm tmp/key.pub -# cp misc/key.pub tmp/key.pub +# rm $TEMPDIR/key.pub +# cp misc/key.pub $TEMPDIR/key.pub # echo "Copied over file" #else # !TESTING @@ -160,9 +191,9 @@ fi # Convert to a format that openssl can understand -echo -----BEGIN PUBLIC KEY----- > tmp/key.pub -echo $PUBLIC_KEY | fold -w 64 >> tmp/key.pub -echo -----END PUBLIC KEY----- >> tmp/key.pub +echo -----BEGIN PUBLIC KEY----- > $TEMPDIR/key.pub +echo $PUBLIC_KEY | fold -w 64 >> $TEMPDIR/key.pub +echo -----END PUBLIC KEY----- >> $TEMPDIR/key.pub # fi # End TESTING # Dump the contents of the public key @@ -172,7 +203,7 @@ # openssl asn1parse -in key.pub -strparse 19 -offset 4 | cut -d ':' -f 4 | tail -n 1 >> secret.sh -echo -n "" > tmp/dkim-headers.txt +echo -n "" > $TEMPDIR/dkim-headers.txt HEADER_INDEX=1 @@ -185,13 +216,13 @@ break fi # echo " header[$HEADER_INDEX] = -$CURRENT_HEADER-" - cat tmp/cheaders.txt | while read LINE + cat $TEMPDIR/cheaders.txt | while read LINE do HEADER_FIELD=`echo "$LINE" | cut -d ':' -f 1` # echo "$HEADER_FIELD" if [ "$CURRENT_HEADER" == "$HEADER_FIELD" ] then - echo "$LINE" >> tmp/dkim-headers.txt + echo "$LINE" >> $TEMPDIR/dkim-headers.txt # echo "$LINE" break fi @@ -200,9 +231,9 @@ HEADER_INDEX=$((HEADER_INDEX + 1)) done -cat tmp/signature.txt >> tmp/dkim-headers.txt +cat $TEMPDIR/signature.txt >> $TEMPDIR/dkim-headers.txt -# cat tmp/dkim-headers.txt +# cat $TEMPDIR/dkim-headers.txt LAST_CHAR=`echo $DKIM_BASE64_SIGNATURE | tail -c 2` @@ -214,27 +245,27 @@ # echo " DKIM_BASE64_SIGNATURE=$DKIM_BASE64_SIGNATURE" -echo "$DKIM_BASE64_SIGNATURE" | fold -w 64 | base64 -d > tmp/sign.bin -# cat tmp/sign.txt | base64 -d > tmp/sign.bin -# cat tmp/dkim-headers.txt | head -c -1 | unix2dos > tmp/dkim-headers.dos -uniq tmp/dkim-headers.txt | head -c -1 | unix2dos > tmp/dkim-headers.dos +echo "$DKIM_BASE64_SIGNATURE" | fold -w 64 | base64 -d > $TEMPDIR/sign.bin +# cat $TEMPDIR/sign.txt | base64 -d > $TEMPDIR/sign.bin +# cat $TEMPDIR/dkim-headers.txt | head -c -1 | unix2dos > $TEMPDIR/dkim-headers.dos +uniq $TEMPDIR/dkim-headers.txt | head -c -1 | unix2dos > $TEMPDIR/dkim-headers.dos if [ "$DKIM_ALGORITHM" == "rsa-sha256" ] then echo -n "$PROGRAM_NAME: " - cat tmp/dkim-headers.dos | openssl dgst -keyform pem -sha256 -verify tmp/key.pub -signature tmp/sign.bin + cat $TEMPDIR/dkim-headers.dos | openssl dgst -keyform pem -sha256 -verify $TEMPDIR/key.pub -signature $TEMPDIR/sign.bin exit $? # echo "Ret: -$?-" # if verified ok, returns 0, else returns 1 # echo "Hash DOS line endings" # # Convert raw hash to DER encoding by pre-pending something - # (echo '3031300d060960864801650304020105000420' ; cat tmp/dkim-headers.dos | sha256sum) | xxd -r -p | base64 + # (echo '3031300d060960864801650304020105000420' ; cat $TEMPDIR/dkim-headers.dos | sha256sum) | xxd -r -p | base64 # echo "Verified Hash Method 1" - # cat tmp/sign.bin | openssl rsautl -verify -pkcs -pubin -inkey tmp/key.pub | base64 + # cat $TEMPDIR/sign.bin | openssl rsautl -verify -pkcs -pubin -inkey $TEMPDIR/key.pub | base64 # - # CALCULATED_HASH=`cat tmp/dkim-headers.dos | sha256sum | tr [a-z] [A-Z] | tr -d ' -'` - # DECRYPTED_HASH=`cat tmp/sign.bin | openssl rsautl -verify -pkcs -pubin -inkey tmp/key.pub | openssl asn1parse -inform der -offset 17 | cut -d ':' -f 4` + # CALCULATED_HASH=`cat $TEMPDIR/dkim-headers.dos | sha256sum | tr [a-z] [A-Z] | tr -d ' -'` + # DECRYPTED_HASH=`cat $TEMPDIR/sign.bin | openssl rsautl -verify -pkcs -pubin -inkey $TEMPDIR/key.pub | openssl asn1parse -inform der -offset 17 | cut -d ':' -f 4` # if [ "$CALCULATED_HASH" != "$DECRYPTED_HASH" ] # then # echo "$PROGRAM_NAME: Failure, mismatched hashes" @@ -245,7 +276,7 @@ elif [ "$DKIM_ALGORITHM" == "rsa-sha1" ] then echo -n "$PROGRAM_NAME: " - cat tmp/dkim-headers.dos | openssl dgst -keyform pem -sha1 -verify tmp/key.pub -signature tmp/sign.bin + cat $TEMPDIR/dkim-headers.dos | openssl dgst -keyform pem -sha1 -verify $TEMPDIR/key.pub -signature $TEMPDIR/sign.bin # echo "Ret: -$?-" # if verified ok, returns 0, else returns 1 exit $?