catalyst
diff --git a/‎classes/dkim_manager.php
+198 b/‎classes/dkim_manager.php
+198
diff --git a/‎dkim.php
+187 b/‎dkim.php
+187
@@ -0,0 +1,198 @@
+<?php
+// This file is part of Moodle - http://moodle.org/
+//
+// Moodle is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// Moodle is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with Moodle.  If not, see <http://www.gnu.org/licenses/>.
+
+/**
+ * @package    tool_emailutils
+ * @copyright  2023 onwards Catalyst IT {@link http://www.catalyst-eu.net/}
+ * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
+ * @author     Brendan Heywood <[email protected]>
+ */
+
+namespace tool_emailutils;
+
+/**
+ * This loads, verifies and can auto create DKIM pairs of certificates
+ *
+ * Code largely adapted from PHPMailer
+ */
+class dkim_manager {
+
+    protected $domain;
+
+    protected $selector;
+
+    protected $privatekey;
+
+    protected $publickey;
+
+    protected $dnsrecord;
+
+    const DIGEST_ALG = 'sha256';
+
+    /**
+     * Create or load the certificates for a domain and selector
+     *
+     */
+    public function __construct($domain, $selector, $autocreate = false) {
+        $this->domain = $domain;
+        $this->selector = $selector;
+
+        $privatekeyfile = $this->get_private_key_path();
+        $publickeyfile  = $this->get_public_key_path();
+
+        if (!file_exists($privatekeyfile) && $autocreate) {
+
+            $this->get_base_path(true);
+            // Create a 2048-bit RSA key with an SHA256 digest.
+            $pk = openssl_pkey_new(
+                [
+                    'digest_alg' => self::DIGEST_ALG,
+                    'private_key_bits' => 2048,
+                    'private_key_type' => OPENSSL_KEYTYPE_RSA,
+                ]
+            );
+
+            // Save both keys.
+            openssl_pkey_export_to_file($pk, $privatekeyfile);
+            $details = openssl_pkey_get_details($pk);
+            file_put_contents($publickeyfile, $details['key']);
+        }
+
+        $this->privatekey = file_get_contents($privatekeyfile);
+        $this->publickey  = file_get_contents($publickeyfile);
+    }
+
+    public function get_domain_path() {
+        global $CFG;
+        return $CFG->dataroot . '/dkim/' . $this->domain . '/';
+    }
+
+    public function get_base_path($create = false) {
+        $certdir = $this->get_domain_path();
+        if ($create) {
+            mkdir($certdir, 0777, true);
+        }
+        return $certdir . '/' . $this->selector;
+    }
+
+    public function get_private_key_path() {
+        return $this->get_base_path() . '.private';
+    }
+
+    public function get_public_key_path() {
+        return $this->get_base_path() . '.public';
+    }
+
+    public function get_dns_record_path() {
+        return $this->get_base_path() . '.txt';
+    }
+
+    /**
+     * Get the domain the DKIM record should be stored at
+     */
+    public function get_dns_domain() {
+        return "{$this->selector}._domainkey.{$this->domain}";
+    }
+
+    /**
+     * Get the key of the DKIM txt record
+     */
+    public function get_dns_key() {
+        return $this->get_dns_domain() . ' IN TXT';
+    }
+
+    /**
+     * Get the value of the DKIM record
+     *
+     * This loads the public key and then stores the DNS record in a file.
+     */
+    public function get_dns_value() {
+        if (!empty($this->dnsrecord)) {
+            return $this->dnsrecord;
+        }
+
+        // TODO add support for records added by open dkim
+        // These do not include the public key in the normal format, only in the DNS value format.
+
+        if (empty($this->publickey)) {
+            return "ERROR: Can't find public key";
+        }
+
+        $dnsvalue = 'v=DKIM1;';
+        $dnsvalue .= ' h=' . self::DIGEST_ALG . ';'; // Hash algorythm.
+        $dnsvalue .= ' t=s;';   // No sub domains allowed.
+        $dnsvalue .= ' k=rsa;'; // Key type.
+        $dnsvalue .= ' p=';     // Public key.
+
+        $publickey = $this->publickey;
+        $publickey = preg_replace('/^-+.*?-+$/m', '', $publickey); // Remove PEM wrapper.
+        $publickey = str_replace(["\r", "\n"], '', $publickey); // Strip line breaks.
+        $dnsvalue .= $publickey;
+
+        $this->dnsrecord = trim($dnsvalue);
+
+        return $this->dnsrecord;
+    }
+
+    /**
+     * Get a chunked version of the DKIM record
+     *
+     * Strip and split the key into smaller parts and format for DNS as many systems
+     * don't like long TXT entries but are OK if it's split into 255-char chunks.
+     */
+    public function get_dns_value_chunked() {
+
+        $rawvalue = $this->get_dns_value();
+
+        // Split into chunks.
+        $keyparts = str_split($rawvalue, 253); // Becomes 255 when quotes are included.
+        // Quote each chunk.
+        foreach ($keyparts as $keypart) {
+            $dnsvalue .= '"' . trim($keypart) . '" ';
+        }
+
+        return $dnsvalue;
+
+    }
+    /**
+     * Get the alternate escaped version of the DKIM record
+     *
+     * Some DNS servers don't like ;(semi colon) chars unless backslash-escaped
+     */
+    public function get_dns_value_escaped() {
+
+        $value = $this->get_dns_value_chunked();
+        $value = str_replace(';', '\;', $value);
+        return $value;
+
+    }
+
+    /**
+     * Delete all info about a selector
+     */
+    public function delete_selector() {
+        $privatekeyfile = $this->get_private_key_path();
+        $publickeyfile  = $this->get_public_key_path();
+        $dnsrecordfile  = $this->get_dns_record_path();
+        $domaindir = $this->get_domain_path();
+
+        @unlink($privatekeyfile);
+        @unlink($publickeyfile);
+        @unlink($dnsrecordfile);
+        @rmdir($domaindir);
+    }
+
+}
@@ -0,0 +1,187 @@
+<?php
+// This file is part of Moodle - http://moodle.org/
+//
+// Moodle is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// Moodle is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with Moodle.  If not, see <http://www.gnu.org/licenses/>.
+
+/**
+ * @package    tool_emailutils
+ * @copyright  2019 onwards Catalyst IT {@link http://www.catalyst-eu.net/}
+ * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
+ * @author     Brendan Heywood <[email protected]>
+ */
+
+use tool_emailutils\dkim_manager;
+
+require_once(__DIR__ . '/../../../config.php');
+require_once($CFG->libdir . '/adminlib.php');
+
+$baseurl = new moodle_url('/admin/tool/emailutils/dkim.php');
+$PAGE->set_url($baseurl);
+admin_externalpage_setup('tool_emailutils_list');
+
+$action = optional_param('action', '', PARAM_ALPHA);
+
+if ($action == 'delete') {
+    require_sesskey();
+    $domain = required_param('domain',  PARAM_TEXT);
+    $selector = required_param('selector', PARAM_TEXT);
+    $manager = new dkim_manager($domain, $selector);
+    $manager->delete_selector();
+    redirect($baseurl, get_string('selectordeleted', 'tool_emailutils'), null, \core\output\notification::NOTIFY_SUCCESS);
+}
+
+if ($action == 'create') {
+    require_sesskey();
+    $domain = required_param('domain',  PARAM_TEXT);
+    $selector = required_param('selector', PARAM_TEXT);
+    $manager = new dkim_manager($domain, $selector, true);
+    redirect($baseurl, get_string('selectorcreated', 'tool_emailutils'), null, \core\output\notification::NOTIFY_SUCCESS);
+}
+
+if ($action == 'activate') {
+    require_sesskey();
+    $selector = required_param('selector', PARAM_TEXT);
+    add_to_config_log('emaildkimselector', $CFG->emaildkimselector, $selector, '');
+    set_config('emaildkimselector', $selector);
+    redirect($baseurl, get_string('selectoractivated', 'tool_emailutils'), null, \core\output\notification::NOTIFY_SUCCESS);
+}
+
+print $OUTPUT->header();
+print $OUTPUT->heading(get_string('dkimmanager', 'tool_emailutils'));
+
+
+$dkimdir = $CFG->dataroot . '/dkim/';
+$domains = scandir($dkimdir);
+$domaincount = 0;
+$noreplydomain = substr($CFG->noreplyaddress, strpos($CFG->noreplyaddress, '@') + 1);
+
+print "<table class='table table-sm w-auto table-bordered'>";
+print '<tr><th colspan=2>Domains / selectors</th><th>Actions</th></tr>';
+foreach ($domains as $domain) {
+
+    if (substr($domain, 0, 1) == '.') {
+        continue;
+    }
+    if (!is_dir($dkimdir . $domain)) {
+        continue;
+    }
+
+    $domaincount ++;
+
+    print '<tr><td colspan=2>';
+    print '<h3>';
+    print html_writer::tag('span', "@$domain ");
+    if ($domain == $noreplydomain) {
+        print ' ' . html_writer::tag('span', get_string('domaindefaultnoreply', 'tool_emailutils'),
+            ['class' => 'badge badge-secondary']);
+    }
+    print '</h3>';
+    print '</td>';
+    print '<td>';
+
+    $url = new moodle_url('https://mxtoolbox.com/SuperTool.aspx', ['action' => "spf:$domain", 'run' => 'toolpage']);
+    print get_string('mxtoolbox', 'tool_emailutils');
+    print '<ul>';
+    print "<li><a href='$url' target='_blank'>SPF</a>";
+
+    $url = new moodle_url('https://mxtoolbox.com/SuperTool.aspx', ['action' => "txt:$domain"]);
+    print "<li><a href='$url' target='_blank'>Raw TXT</a>";
+
+    print '</th></tr>';
+
+
+    $selectors = scandir($dkimdir . $domain);
+    $selectorcount = 0;
+
+    foreach ($selectors as $file) {
+
+        if (substr($file, -8, 8) !== '.private') {
+            continue;
+        }
+
+        $selector = substr($file, 0, -8);
+        $manager = new dkim_manager($domain, $selector);
+
+        $context = [
+            'domain'    => $domain,
+            'selector'  => $selector,
+            'dkimurl'   => new moodle_url('https://mxtoolbox.com/SuperTool.aspx',
+                ['action' => "dkim:$domain:$selector", 'run' => 'toolpage']),
+            'dkimrawurl' => new moodle_url('https://mxtoolbox.com/SuperTool.aspx',
+                ['action' => "txt:$selector._domainkey.$domain"]),
+            'dnskey'    => $manager->get_dns_key(),
+            'dnsvalue'          => $manager->get_dns_value(),
+            'dnsvaluechunked'   => $manager->get_dns_value_chunked(),
+            'dnsvalueescaped'   => $manager->get_dns_value_escaped(),
+            'id' => uniqid(),
+        ];
+
+        if ($CFG->emaildkimselector == $selector) {
+            $context['selectoractive'] = true;
+        }
+
+        if ($CFG->emaildkimselector !== $selector) {
+            // Only give the option to delete if it is not being used.
+            $confirmation = new \confirm_action(
+                get_string('selectordeleteconfirm', 'tool_emailutils'),
+                null,
+                get_string('selectordelete', 'tool_emailutils')
+            );
+            $context['selectordelete'] = $OUTPUT->action_link(
+                new moodle_url('/admin/tool/emailutils/dkim.php', [
+                        'domain'    => $domain,
+                        'selector'  => $selector,
+                        'action'    => 'delete',
+                        'sesskey'   => sesskey()]),
+                    get_string('selectordelete', 'tool_emailutils'),
+                    $confirmation,
+                    ['class' => 'btn btn-secondary btn-sm'],
+                    new pix_icon('i/delete', ''));
+
+            // Only give the option to make it the active select if it is not being used.
+            $confirmation = new \confirm_action(
+                get_string('selectoractivateconfirm', 'tool_emailutils'),
+                null,
+                get_string('selectoractivate', 'tool_emailutils')
+            );
+            $context['selectoractivate'] = $OUTPUT->action_link(
+                new moodle_url('/admin/tool/emailutils/dkim.php', [
+                        'selector'  => $selector,
+                        'action'    => 'activate',
+                        'sesskey'   => sesskey()]),
+                    get_string('selectoractivate', 'tool_emailutils'),
+                    $confirmation,
+                    ['class' => 'btn btn-secondary btn-sm'],
+                    new pix_icon('i/star', ''));
+        }
+
+        print $OUTPUT->render_from_template('tool_emailutils/dkimselector', $context);
+    }
+}
+print "</table>";
+
+print html_writer::tag('div', get_string('dkimmanagerhelp', 'tool_emailutils'), ['class' => 'crap', 'style' => 'max-width: 40em']);
+
+if ($domaincount == 0) {
+    echo $OUTPUT->notification('No DKIM files found',  \core\notification::ERROR);
+}
+
+// TODO have option to create a new key pair with form with selector
+// TODO put this in the proper admin tree
+// TODO translate fully
+// TODO add events when keys are created or removed
+// todo have option to change selector to a
+// todo have a check if the dns record is in place.
+
+echo $OUTPUT->footer();