Generalize cipher selection

TaaviE · TaaviE · commit 358537a6edff · 2026-03-16T11:13:43.000Z
diff --git a/lib/message-handler.js b/lib/message-handler.js
@@ -2061,63 +2061,35 @@ class MessageHandler {
             return false;
         }
 
-        let derEncoded;
-        let smimeType;
+        let cipherConfig = {
+            'AES-CBC': { fn: SMIMEEncryptor.encryptCBC, smimeType: 'enveloped-data' },
+            'AES-GCM': { fn: SMIMEEncryptor.encryptGCM, smimeType: 'authEnveloped-data' }
+        }[cipher];
+        let encryptFn = cipherConfig.fn;
+        let smimeType = cipherConfig.smimeType;
 
-        if (cipher === 'AES-CBC') {
-            // AES-256-CBC via Node.js crypto primitives
-            let result;
-            try {
-                result = await SMIMEEncryptor.encryptCBC(validCerts, raw, { keyTransport });
-            } catch (err) {
-                log.error('SMIME', 'AES-CBC encryption failed: %s', err.message);
-                this.loggelf({
-                    short_message: '[ENCRYPTFAIL] AES-CBC encryption failed',
-                    _mail_action: 'encrypt_fail',
-                    _error: err.message,
-                    _source: 'smime_encrypt'
-                });
-                return false;
-            }
-            if (!result) {
-                log.error('SMIME', 'AES-CBC encryption returned no result');
-                this.loggelf({
-                    short_message: '[ENCRYPTFAIL] AES-CBC encryption returned no result',
-                    _mail_action: 'encrypt_fail',
-                    _error: 'No result from encryptCBC',
-                    _source: 'smime_encrypt'
-                });
-                return false;
-            }
-            derEncoded = result;
-            smimeType = 'enveloped-data';
-        } else {
-            // AES-256-GCM via custom AuthEnvelopedData builder
-            let result;
-            try {
-                result = await SMIMEEncryptor.encryptGCM(validCerts, raw, { keyTransport });
-            } catch (err) {
-                log.error('SMIME', 'AES-GCM encryption failed: %s', err.message);
-                this.loggelf({
-                    short_message: '[ENCRYPTFAIL] AES-GCM encryption failed',
-                    _mail_action: 'encrypt_fail',
-                    _error: err.message,
-                    _source: 'smime_encrypt'
-                });
-                return false;
-            }
-            if (!result) {
-                log.error('SMIME', 'AES-GCM encryption returned no result');
-                this.loggelf({
-                    short_message: '[ENCRYPTFAIL] AES-GCM encryption returned no result',
-                    _mail_action: 'encrypt_fail',
-                    _error: 'No result from encryptGCM',
-                    _source: 'smime_encrypt'
-                });
-                return false;
-            }
-            derEncoded = result;
-            smimeType = 'authEnveloped-data';
+        let derEncoded;
+        try {
+            derEncoded = await encryptFn(validCerts, raw, { keyTransport });
+        } catch (err) {
+            log.error('SMIME', '%s encryption failed: %s', cipher, err.message);
+            this.loggelf({
+                short_message: '[ENCRYPTFAIL] ' + cipher + ' encryption failed',
+                _mail_action: 'encrypt_fail',
+                _error: err.message,
+                _source: 'smime_encrypt'
+            });
+            return false;
+        }
+        if (!derEncoded) {
+            log.error('SMIME', '%s encryption returned no result', cipher);
+            this.loggelf({
+                short_message: '[ENCRYPTFAIL] ' + cipher + ' encryption returned no result',
+                _mail_action: 'encrypt_fail',
+                _error: 'No result from ' + cipher,
+                _source: 'smime_encrypt'
+            });
+            return false;
         }
 
         let b64Encoded = Buffer.from(derEncoded).toString('base64');
