From 1ac50abb2b04b08e8fbcf00070a1d588ea8fbc60 Mon Sep 17 00:00:00 2001
From: Vivien Kraus <vivien@planete-kraus.eu>
Date: Mon, 8 Jan 2024 16:55:02 +0100
Subject: Store the openssl keys in an uri-encoded form

---
 guile/email-key-rotation/dkim.scm | 20 ++++++++++++--------
 1 file changed, 12 insertions(+), 8 deletions(-)

diff --git a/guile/email-key-rotation/dkim.scm b/guile/email-key-rotation/dkim.scm
index 7cc879d..69c1a74 100644
--- a/guile/email-key-rotation/dkim.scm
+++ b/guile/email-key-rotation/dkim.scm
@@ -48,24 +48,26 @@
     (lambda ()
       (sxml-match
        sxml
+       ;; Guile removes newlines in attributes, so we preserve them by
+       ;; saving the keys as uri-encoded strings.
        ((https://planete-kraus.eu/ns/email-key-rotation:key
 	 (@ (current-selector ,current-selector)
-	    (current-private-key ,current-private-key)
-	    (expired-private-key ,expired-private-key))
+	    (current-private-key ,current-private-key-encoded)
+	    (expired-private-key ,expired-private-key-encoded))
 	 (https://planete-kraus.eu/ns/email-key-rotation:next-selector
 	  (@ (name ,next-selectors))) ...)
 	(make-key (string->symbol current-selector)
 		  (map string->symbol next-selectors)
-		  current-private-key
-		  expired-private-key))
+		  (uri-decode current-private-key-encoded)
+		  (uri-decode expired-private-key-encoded)))
        ((https://planete-kraus.eu/ns/email-key-rotation:key
 	 (@ (current-selector ,current-selector)
-	    (current-private-key ,current-private-key))
+	    (current-private-key ,current-private-key-encoded))
 	 (https://planete-kraus.eu/ns/email-key-rotation:next-selector
 	  (@ (name ,next-selectors))) ...)
 	(make-key (string->symbol current-selector)
 		  (map string->symbol next-selectors)
-		  current-private-key
+		  (uri-decode current-private-key-encoded)
 		  #f))))))
 
 (define (key->sxml key)
@@ -88,9 +90,11 @@
 		   `(next-selector (@ (name ,(symbol->string s)))))
 		 next-selectors)))
 	   `(key (@ (current-selector ,current-selector)
-		    (current-private-key ,current-private-key)
+		    (current-private-key
+		     ,(uri-encode current-private-key))
 		    ,@(if expired-private-key
-			  `((expired-private-key ,expired-private-key))
+			  `((expired-private-key
+			     ,(uri-encode expired-private-key)))
 			  '()))
 		 ,@next-selectors)))))))
 
-- 
cgit v1.2.3