From 7ffde9de181310ef31a52b8a89f6779bd86f7339 Mon Sep 17 00:00:00 2001
From: mwiegand <mwiegand@seibert-media.net>
Date: Thu, 17 Jun 2021 00:26:13 +0200
Subject: [PATCH] wip

---
 bundles/opendkim/metadata.py         | 55 ++++++++++++++++++++++++++++
 data/dkim/mail2.sublimity.de.privkey |  1 +
 data/dkim/mail2.sublimity.de.pubkey  | 28 ++++++++++++++
 3 files changed, 84 insertions(+)
 create mode 100644 data/dkim/mail2.sublimity.de.privkey
 create mode 100644 data/dkim/mail2.sublimity.de.pubkey

diff --git a/bundles/opendkim/metadata.py b/bundles/opendkim/metadata.py
index ea62327..0cc7c86 100644
--- a/bundles/opendkim/metadata.py
+++ b/bundles/opendkim/metadata.py
@@ -1,3 +1,9 @@
+from os.path import join, exists
+from cryptography.hazmat.primitives import serialization as crypto_serialization
+from cryptography.hazmat.primitives.asymmetric import rsa
+from cryptography.hazmat.backends import default_backend as crypto_default_backend
+
+
 defaults = {
     'apt': {
         'packages': {
@@ -7,5 +13,54 @@ defaults = {
     },
     'opendkim': {
         'domains': [],
+        'keys': {},
     },
 }
+
+@metadata_reactor.provides(
+    'opendkim/keys'
+)
+def keys(metadata):
+    keys = {}
+    
+    for domain in metadata.get('opendkim/domains'):
+        if domain in metadata.get(f'opendkim/keys'):
+            continue
+        
+        pubkey_path = join(repo.path, 'data', 'dkim', f'{domain}.privkey')
+        privkey_path = join(repo.path, 'data', 'dkim', f'{domain}.pubkey')
+        
+        if not exists(pubkey_path) or not exists(privkey_path):
+            key = rsa.generate_private_key(
+                backend=crypto_default_backend(),
+                public_exponent=65537,
+                key_size=2048
+            )
+            with open(pubkey_path, 'w') as file:
+                file.write(     
+                    key.public_key().public_bytes(
+                        crypto_serialization.Encoding.OpenSSH,
+                        crypto_serialization.PublicFormat.OpenSSH
+                    ).decode()
+                )
+            with open(privkey_path, 'w') as file:
+                file.write(
+                    key.private_bytes(
+                        crypto_serialization.Encoding.PEM,
+                        crypto_serialization.PrivateFormat.PKCS8,
+                        crypto_serialization.NoEncryption()
+                    ).decode()
+                )
+                
+        with open(pubkey_path, 'r') as pubkey:
+            with open(privkey_path, 'r') as privkey:
+                keys[domain] = {
+                    'public': pubkey.read(),
+                    'private': privkey.read(),
+                }
+
+    return {
+        'opendkim': {
+            'keys': keys,
+        }
+    }
diff --git a/data/dkim/mail2.sublimity.de.privkey b/data/dkim/mail2.sublimity.de.privkey
new file mode 100644
index 0000000..79ab4ab
--- /dev/null
+++ b/data/dkim/mail2.sublimity.de.privkey
@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC1DDDUIj7qX9NovO8SbuzaL+cc4JInAVb2DXTHEZh7o9guW/n2drpLEUA6fS6d8yBWXvbijyp4X3+9qP0R2j64QMNFaK3crnXo0Og8ko2in2Tz9NeICN8wJtzLw8lTifCxarwPxHWbKsJLkZlZJS78+BSn4dDSjedNjnH/ah9ST0fVL/yi6NmQ8be5jZK1pXVgaED6RcjkdgXUI2DkfV5yM9lSx3LjhPj6iJWQ0ixMpKJEnBMfrOlcKDPmfJBiNkUyx4MJOBMhzy50oBPacYXVZoC1FsACT2TVkUQ52USW4jyxBozyyR3rIYeaGQkU33DYOgSQ6gF3sozW7HnIriHj
\ No newline at end of file
diff --git a/data/dkim/mail2.sublimity.de.pubkey b/data/dkim/mail2.sublimity.de.pubkey
new file mode 100644
index 0000000..3283281
--- /dev/null
+++ b/data/dkim/mail2.sublimity.de.pubkey
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC1DDDUIj7qX9No
+vO8SbuzaL+cc4JInAVb2DXTHEZh7o9guW/n2drpLEUA6fS6d8yBWXvbijyp4X3+9
+qP0R2j64QMNFaK3crnXo0Og8ko2in2Tz9NeICN8wJtzLw8lTifCxarwPxHWbKsJL
+kZlZJS78+BSn4dDSjedNjnH/ah9ST0fVL/yi6NmQ8be5jZK1pXVgaED6RcjkdgXU
+I2DkfV5yM9lSx3LjhPj6iJWQ0ixMpKJEnBMfrOlcKDPmfJBiNkUyx4MJOBMhzy50
+oBPacYXVZoC1FsACT2TVkUQ52USW4jyxBozyyR3rIYeaGQkU33DYOgSQ6gF3sozW
+7HnIriHjAgMBAAECggEBAJ5RS72lOLlBFKCpXrIS2AGwE/yXkJaVQFMnzy9o/ptX
+2monufzBNAUCz9SVtRcgDO4aWvAhW3UppY3XYX2kCGadE2T1tdudn7P4Qqz9Ruen
+VONT/smRYII96aQx0DLCE/1BJbTwChunF4J3js56io1h7sYj3LTSrCqQ3rUIOt2A
+xkGtXdRRCSGXpv+FiFlxEMhbDcfXuDTgO02Aj16Eb5VeZeDOCS90jLxXoeCyMVZF
+Y9A+fpG+BCdUxlw6+fkqAQQEAv77IqhZHFfK6eTHzccTY7J2CxuVFOMEwTo3I4xu
+a4oLa9cXXA75p86u5dNKS7y8Vdow/HLtnujVJcGvPAkCgYEA7PZRmMFNRlqshGtx
+Dv77fxaeiKoFg7Izw6V/j/OoRKdKWow8BStIAr6CjoFnWVzimF337xffglnfOJjJ
+G7UG4sEPeNRe2soNuJJIOF6TRKtppSw7GQBs6fdtXfNXq1JVqao4c7fUb0/rVhXM
+1U4Idn+ipXh+JE/+fKGjucYr5s0CgYEAw5fbub4+NBxoQ4mXfMou0sqeCVUHTWG2
+4w7wKZaYXebrm2USAsJkkMaUZjJ6geu2SkEdWpyhs7pyaPyMGt3ZTMm9wxZQ3uE5
+fZA5lxz2oOfxNEJSEgC+qCmsrsuV+Urmvt0foYequbyRck8tYc710pANqzFshtAG
+SKtNaTUjS28CgYB9hc2beWoRxp50VuXA59kZbUX1Zvsc1B0Pmm+ENbIBDA0bAgYZ
+RuASdBB8pJe2grmVtNFNWfwP9MOGG4kMoExReatUekr04ut5xiNzmMWyLor77/4u
+NEd9eI/6oJjkK+0svvrAcbSacl9bbpjetUNOYjYqKTXIzockRguQsSU4UQKBgQCA
+KkIQtFiOTQ8FMmPRoaqM9bgY5V6jliQBJQi6N7Qf0/EPImtq43aCZ51WWj1sZMhO
+X9ycQ4ax/rp5kQM9l6GMb6Wo8DaN1YeWf6s9Gf2B8npbhBnDMjm8d5Jv93eOo0YQ
+S1Uuw3dbvfSQstFKBhOOplZOl1RGAooblCRljCxUgQKBgBItURsxoH8tgnVHsYu5
+gdnJHo3CEd0pnX2a4wn5/Rnh5vm6j7zLEpwuEGUq2OBC8ccCiSeNZIJnKI6oXnv0
+tdLuDvaaO3E13VcA/EBS6bgdHtC9tR1OWPLxrlTP6lPywLqBoIcrSuAun/hJNE+G
+5b/xXoOLw9KNkcbqXBHOhiwg
+-----END PRIVATE KEY-----