Optimize MessageCanonicalization parsing logic

Author: tinohager

src/Nager.EmailAuthentication.UnitTest/DkimSignatureParserTests/BasicTest.cs

@@ -32,7 +32,8 @@ public void TryParse_ValidDkimSignature_ReturnsTrueAndDkimSignature()
             Assert.IsNotNull(dkimSignature);
             Assert.AreEqual("1", dkimSignature.Version);
             Assert.AreEqual(SignatureAlgorithm.RsaSha256, dkimSignature.SignatureAlgorithm);
-            Assert.AreEqual("relaxed/simple", dkimSignature.MessageCanonicalization);
+            Assert.AreEqual(CanonicalizationType.Relaxed, dkimSignature.MessageCanonicalizationHeader);
+            Assert.AreEqual(CanonicalizationType.Simple, dkimSignature.MessageCanonicalizationBody);
             Assert.AreEqual("dns/txt", dkimSignature.QueryMethods);
             Assert.AreEqual("domain.com", dkimSignature.SigningDomainIdentifier);
             Assert.AreEqual("[email protected]", dkimSignature.AgentOrUserIdentifier);

src/Nager.EmailAuthentication.UnitTest/DkimSignatureParserTests/FoldingTest.cs

@@ -17,7 +17,8 @@ public void TryParse_ValidSelector_ReturnsTrueAndPopulatesDataFragment()
 
             Assert.AreEqual("1", dkimSignature.Version);
             Assert.AreEqual(SignatureAlgorithm.RsaSha256, dkimSignature.SignatureAlgorithm);
-            Assert.AreEqual("relaxed/relaxed", dkimSignature.MessageCanonicalization);
+            Assert.AreEqual(CanonicalizationType.Relaxed, dkimSignature.MessageCanonicalizationHeader);
+            Assert.AreEqual(CanonicalizationType.Relaxed, dkimSignature.MessageCanonicalizationBody);
             Assert.AreEqual("dmarc.com", dkimSignature.SigningDomainIdentifier);
             Assert.AreEqual("selector1", dkimSignature.Selector);
             //Assert.AreEqual(["cc"], dkimSignature.SignedHeaderFields);

src/Nager.EmailAuthentication.UnitTest/DkimSignatureParserTests/MessageCanonicalizationTest.cs

@@ -0,0 +1,115 @@
+using Nager.EmailAuthentication.Models;
+
+namespace Nager.EmailAuthentication.UnitTest.DkimSignatureParserTests
+{
+    [TestClass]
+    public sealed class MessageCanonicalizationTest
+    {
+        [TestMethod]
+        public void TryParse_NoMessageCanonicalization_ReturnsTrueAndPopulatesDkimSignature()
+        {
+            var dkimSignatureRaw = "v=1; a=rsa-sha256; d=domain.com; s=test; h=message-id:from; bh=testbodyhash=; b=signaturedata";
+
+            var isSuccessful = DkimSignatureParser.TryParse(dkimSignatureRaw, out var dkimSignature, out var parsingResults);
+
+            Assert.IsTrue(isSuccessful);
+            Assert.IsNotNull(dkimSignature);
+            Assert.IsNull(parsingResults, "ParsingResults is not null");
+        }
+
+        [TestMethod]
+        public void TryParse_SingleMessageCanonicalization1_ReturnsTrueAndPopulatesDkimSignature()
+        {
+            var dkimSignatureRaw = "v=1; a=rsa-sha256; d=domain.com; c=relaxed; s=test; h=message-id:from; bh=testbodyhash=; b=signaturedata";
+
+            var isSuccessful = DkimSignatureParser.TryParse(dkimSignatureRaw, out var dkimSignature, out var parsingResults);
+
+            Assert.IsTrue(isSuccessful);
+            Assert.IsNotNull(dkimSignature);
+            Assert.IsNull(parsingResults, "ParsingResults is not null");
+            Assert.AreEqual(CanonicalizationType.Relaxed, dkimSignature.MessageCanonicalizationHeader);
+            Assert.AreEqual(CanonicalizationType.Simple, dkimSignature.MessageCanonicalizationBody);
+        }
+
+
+        [TestMethod]
+        public void TryParse_SingleMessageCanonicalization2_ReturnsTrueAndPopulatesDkimSignature()
+        {
+            var dkimSignatureRaw = "v=1; a=rsa-sha256; d=domain.com; c=simple; s=test; h=message-id:from; bh=testbodyhash=; b=signaturedata";
+
+            var isSuccessful = DkimSignatureParser.TryParse(dkimSignatureRaw, out var dkimSignature, out var parsingResults);
+
+            Assert.IsTrue(isSuccessful);
+            Assert.IsNotNull(dkimSignature);
+            Assert.IsNull(parsingResults, "ParsingResults is not null");
+            Assert.AreEqual(CanonicalizationType.Simple, dkimSignature.MessageCanonicalizationHeader);
+            Assert.AreEqual(CanonicalizationType.Simple, dkimSignature.MessageCanonicalizationBody);
+        }
+
+        [TestMethod]
+        public void TryParse_DefaultMessageCanonicalization1_ReturnsTrueAndPopulatesDkimSignature()
+        {
+            var dkimSignatureRaw = "v=1; a=rsa-sha256; d=domain.com; c=simple/simple; s=test; h=message-id:from; bh=testbodyhash=; b=signaturedata";
+
+            var isSuccessful = DkimSignatureParser.TryParse(dkimSignatureRaw, out var dkimSignature, out var parsingResults);
+
+            Assert.IsTrue(isSuccessful);
+            Assert.IsNotNull(dkimSignature);
+            Assert.IsNull(parsingResults, "ParsingResults is not null");
+            Assert.AreEqual(CanonicalizationType.Simple, dkimSignature.MessageCanonicalizationHeader);
+            Assert.AreEqual(CanonicalizationType.Simple, dkimSignature.MessageCanonicalizationBody);
+        }
+
+        [TestMethod]
+        public void TryParse_DefaultMessageCanonicalization2_ReturnsTrueAndPopulatesDkimSignature()
+        {
+            var dkimSignatureRaw = "v=1; a=rsa-sha256; d=domain.com; c=simple/relaxed; s=test; h=message-id:from; bh=testbodyhash=; b=signaturedata";
+
+            var isSuccessful = DkimSignatureParser.TryParse(dkimSignatureRaw, out var dkimSignature, out var parsingResults);
+
+            Assert.IsTrue(isSuccessful);
+            Assert.IsNotNull(dkimSignature);
+            Assert.IsNull(parsingResults, "ParsingResults is not null");
+            Assert.AreEqual(CanonicalizationType.Simple, dkimSignature.MessageCanonicalizationHeader);
+            Assert.AreEqual(CanonicalizationType.Relaxed, dkimSignature.MessageCanonicalizationBody);
+        }
+
+        [TestMethod]
+        public void TryParse_DefaultMessageCanonicalization3_ReturnsTrueAndPopulatesDkimSignature()
+        {
+            var dkimSignatureRaw = "v=1; a=rsa-sha256; d=domain.com; c=relaxed/relaxed; s=test; h=message-id:from; bh=testbodyhash=; b=signaturedata";
+
+            var isSuccessful = DkimSignatureParser.TryParse(dkimSignatureRaw, out var dkimSignature, out var parsingResults);
+
+            Assert.IsTrue(isSuccessful);
+            Assert.IsNotNull(dkimSignature);
+            Assert.IsNull(parsingResults, "ParsingResults is not null");
+            Assert.AreEqual(CanonicalizationType.Relaxed, dkimSignature.MessageCanonicalizationHeader);
+            Assert.AreEqual(CanonicalizationType.Relaxed, dkimSignature.MessageCanonicalizationBody);
+        }
+
+        [TestMethod]
+        public void TryParse_InvalidMessageCanonicalization1_ReturnsFalse()
+        {
+            var dkimSignatureRaw = "v=1; a=rsa-sha256; d=domain.com; c=test/test; s=test; h=message-id:from; bh=testbodyhash=; b=signaturedata";
+
+            var isSuccessful = DkimSignatureParser.TryParse(dkimSignatureRaw, out var dkimSignature, out var parsingResults);
+
+            Assert.IsFalse(isSuccessful);
+            Assert.IsNull(dkimSignature);
+            Assert.IsNull(parsingResults, "ParsingResults is not null");
+        }
+
+        [TestMethod]
+        public void TryParse_InvalidMessageCanonicalization2_ReturnsFalse()
+        {
+            var dkimSignatureRaw = "v=1; a=rsa-sha256; d=domain.com; c=relaxed/simple/test; s=test; h=message-id:from; bh=testbodyhash=; b=signaturedata";
+
+            var isSuccessful = DkimSignatureParser.TryParse(dkimSignatureRaw, out var dkimSignature, out var parsingResults);
+
+            Assert.IsFalse(isSuccessful);
+            Assert.IsNull(dkimSignature);
+            Assert.IsNull(parsingResults, "ParsingResults is not null");
+        }
+    }
+}

src/Nager.EmailAuthentication/DkimSignatureParser.cs

@@ -95,18 +95,50 @@ public static bool TryParse(
                 return false;
             }
 
-            if (string.IsNullOrEmpty(dkimSignatureDataFragment.MessageCanonicalization))
+            if (!TryGetSignatureAlgorithm(dkimSignatureDataFragment.SignatureAlgorithm, out var signatureAlgorithm))
             {
                 return false;
             }
 
-            if (!TryGetSignatureAlgorithm(dkimSignatureDataFragment.SignatureAlgorithm, out var signatureAlgorithm))
+            _ = TryParseUnixTimestamp(dkimSignatureDataFragment.Timestamp, out var timestamp);
+            _ = TryParseUnixTimestamp(dkimSignatureDataFragment.SignatureExpiration, out var signatureExpiration);
+
+            var messageCanonicalizationHeader = CanonicalizationType.Simple;
+            var messageCanonicalizationBody = CanonicalizationType.Simple;
+
+            if (!string.IsNullOrEmpty(dkimSignatureDataFragment.MessageCanonicalization))
             {
-                return false;
-            }
+                var parts = dkimSignatureDataFragment.MessageCanonicalization.Split('/');
+
+                if (parts.Length >= 1)
+                {
+                    if (TryGetCanonicalizationType(parts[0], out var canonicalizationType))
+                    {
+                        messageCanonicalizationHeader = canonicalizationType.Value;
+                    }
+                    else
+                    {
+                        return false;
+                    }
+                }
 
-            TryParseUnixTimestamp(dkimSignatureDataFragment.Timestamp, out var timestamp);
-            TryParseUnixTimestamp(dkimSignatureDataFragment.SignatureExpiration, out var signatureExpiration);
+                if (parts.Length == 2)
+                {
+                    if (TryGetCanonicalizationType(parts[1], out var canonicalizationType))
+                    {
+                        messageCanonicalizationBody = canonicalizationType.Value;
+                    }
+                    else
+                    {
+                        return false;
+                    }
+                }
+
+                if (parts.Length > 2)
+                {
+                    return false;
+                }
+            }
 
             dkimSignature = new DkimSignature
             {
@@ -120,13 +152,33 @@ public static bool TryParse(
                 SignatureExpiration = signatureExpiration,
                 AgentOrUserIdentifier = dkimSignatureDataFragment.AgentOrUserIdentifier,
                 SignedHeaderFields = dkimSignatureDataFragment.SignedHeaderFields.Split(':'),
-                MessageCanonicalization = dkimSignatureDataFragment.MessageCanonicalization,
+                MessageCanonicalizationHeader = messageCanonicalizationHeader,
+                MessageCanonicalizationBody = messageCanonicalizationBody,
                 Timestamp = timestamp
             };
 
             return true;
         }
 
+        private static bool TryGetCanonicalizationType(
+            string canonicalizationTypeRaw,
+            [NotNullWhen(true)] out CanonicalizationType? canonicalizationType)
+        {
+            if (canonicalizationTypeRaw.Equals("relaxed", StringComparison.OrdinalIgnoreCase))
+            {
+                canonicalizationType = CanonicalizationType.Relaxed;
+                return true;
+            }
+            else if (canonicalizationTypeRaw.Equals("simple", StringComparison.OrdinalIgnoreCase))
+            {
+                canonicalizationType = CanonicalizationType.Simple;
+                return true;
+            }
+
+            canonicalizationType = null;
+            return false;
+        }
+
         private static bool TryGetSignatureAlgorithm(
             string? signatureAlgorithmRaw,
             [NotNullWhen(true)] out SignatureAlgorithm? signatureAlgorithm)

src/Nager.EmailAuthentication/Models/CanonicalizationType.cs

@@ -0,0 +1,22 @@
+namespace Nager.EmailAuthentication.Models
+{
+    /// <summary>
+    /// Defines the types of canonicalization used in DKIM (DomainKeys Identified Mail).
+    /// Canonicalization determines how email headers and body content are normalized before signing.
+    /// </summary>
+    public enum CanonicalizationType
+    {
+        /// <summary>
+        /// The "Simple" canonicalization applies minimal transformations,
+        /// preserving whitespace and line breaks as they appear in the original message.
+        /// </summary>
+        Simple,
+
+        /// <summary>
+        /// The "Relaxed" canonicalization applies normalization,
+        /// such as collapsing whitespace and standardizing header field names.
+        /// This makes the signature more tolerant to minor formatting changes.
+        /// </summary>
+        Relaxed
+    }
+}

src/Nager.EmailAuthentication/Models/DkimSignature.cs

@@ -26,9 +26,14 @@ public class DkimSignature
         public required string BodyHash { get; set; }
 
         /// <summary>
-        /// Message canonicalization <strong>(c=)</strong>
+        /// Header Message canonicalization <strong>(c=)</strong>
         /// </summary>
-        public required string MessageCanonicalization { get; set; }
+        public required CanonicalizationType MessageCanonicalizationHeader { get; set; }
+
+        /// <summary>
+        /// Body Message canonicalization <strong>(c=)</strong>
+        /// </summary>
+        public required CanonicalizationType MessageCanonicalizationBody { get; set; }
 
         /// <summary>
         /// Signing Domain Identifier <strong>(d=)</strong>