symfony
diff --git a/‎src/Symfony/Bundle/FrameworkBundle/DependencyInjection/Configuration.php
Copy file name to clipboardExpand all lines: src/Symfony/Bundle/FrameworkBundle/DependencyInjection/Configuration.php
+75 b/‎src/Symfony/Bundle/FrameworkBundle/DependencyInjection/Configuration.php
Copy file name to clipboardExpand all lines: src/Symfony/Bundle/FrameworkBundle/DependencyInjection/Configuration.php
+75
diff --git a/‎src/Symfony/Bundle/FrameworkBundle/DependencyInjection/FrameworkExtension.php
Copy file name to clipboardExpand all lines: src/Symfony/Bundle/FrameworkBundle/DependencyInjection/FrameworkExtension.php
+45 b/‎src/Symfony/Bundle/FrameworkBundle/DependencyInjection/FrameworkExtension.php
Copy file name to clipboardExpand all lines: src/Symfony/Bundle/FrameworkBundle/DependencyInjection/FrameworkExtension.php
+45
diff --git a/‎src/Symfony/Bundle/FrameworkBundle/Resources/config/mailer.php
Copy file name to clipboardExpand all lines: src/Symfony/Bundle/FrameworkBundle/Resources/config/mailer.php
+48 b/‎src/Symfony/Bundle/FrameworkBundle/Resources/config/mailer.php
Copy file name to clipboardExpand all lines: src/Symfony/Bundle/FrameworkBundle/Resources/config/mailer.php
+48
diff --git a/‎src/Symfony/Bundle/FrameworkBundle/Resources/config/schema/symfony-1.0.xsd
Copy file name to clipboardExpand all lines: src/Symfony/Bundle/FrameworkBundle/Resources/config/schema/symfony-1.0.xsd
+27 b/‎src/Symfony/Bundle/FrameworkBundle/Resources/config/schema/symfony-1.0.xsd
Copy file name to clipboardExpand all lines: src/Symfony/Bundle/FrameworkBundle/Resources/config/schema/symfony-1.0.xsd
+27
diff --git a/‎src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/ConfigurationTest.php
Copy file name to clipboardExpand all lines: src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/ConfigurationTest.php
+21 b/‎src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/ConfigurationTest.php
Copy file name to clipboardExpand all lines: src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/ConfigurationTest.php
+21
diff --git a/‎src/Symfony/Component/Mailer/CHANGELOG.md
Copy file name to clipboardExpand all lines: src/Symfony/Component/Mailer/CHANGELOG.md
+1 b/‎src/Symfony/Component/Mailer/CHANGELOG.md
Copy file name to clipboardExpand all lines: src/Symfony/Component/Mailer/CHANGELOG.md
+1
diff --git a/‎src/Symfony/Component/Mailer/EventListener/DkimSignedMessageListener.php
Copy file name to clipboard
+46 b/‎src/Symfony/Component/Mailer/EventListener/DkimSignedMessageListener.php
Copy file name to clipboard
+46
diff --git a/‎src/Symfony/Component/Mailer/EventListener/SmimeEncryptedMessageListener.php
Copy file name to clipboard
+47 b/‎src/Symfony/Component/Mailer/EventListener/SmimeEncryptedMessageListener.php
Copy file name to clipboard
+47
@@ -2236,6 +2236,81 @@ private function addMailerSection(ArrayNodeDefinition $rootNode, callable $enabl
                                 ->end()
                             ->end()
                         ->end()
+                        ->arrayNode('dkim_signer')
+                            ->addDefaultsIfNotSet()
+                            ->fixXmlConfig('option')
+                            ->canBeEnabled()
+                            ->info('DKIM signer configuration')
+                            ->children()
+                                ->scalarNode('key')
+                                    ->info('Key content, or path to key (in PEM format with the `file://` prefix)')
+                                    ->defaultValue('')
+                                    ->cannotBeEmpty()
+                                ->end()
+                                ->scalarNode('domain')->defaultValue('')->end()
+                                ->scalarNode('select')->defaultValue('')->end()
+                                ->scalarNode('passphrase')
+                                    ->info('A passphrase of the private key if any')
+                                    ->defaultValue('')
+                                ->end()
+                                ->arrayNode('options')
+                                    ->performNoDeepMerging()
+                                    ->normalizeKeys(false)
+                                    ->useAttributeAsKey('name')
+                                    ->prototype('variable')->end()
+                                ->end()
+                            ->end()
+                        ->end()
+                        ->arrayNode('smime_signer')
+                            ->addDefaultsIfNotSet()
+                            ->canBeEnabled()
+                            ->info('SMIME signer configuration')
+                            ->children()
+                                ->scalarNode('key')
+                                    ->info('Path to key (in PEM format)')
+                                    ->defaultValue('')
+                                    ->cannotBeEmpty()
+                                ->end()
+                                ->scalarNode('certificate')
+                                    ->info('Path to certificate (in PEM format without the `file://` prefix)')
+                                    ->defaultValue('')
+                                    ->cannotBeEmpty()
+                                ->end()
+                                ->scalarNode('passphrase')
+                                    ->info('A passphrase of the private key if any')
+                                    ->defaultNull()
+                                ->end()
+                                ->scalarNode('extra_certificates')->defaultNull()->end()
+                                ->integerNode('sign_options')->defaultNull()->end()
+                            ->end()
+                        ->end()
+                        ->arrayNode('smime_encrypter')
+                            ->addDefaultsIfNotSet()
+                            ->canBeEnabled()
+                            ->info('SMIME encrypter configuration')
+                            ->children()
+                                ->scalarNode('certificate')
+                                    ->info('Path to certificate (in PEM format without the `file://` prefix)')
+                                    ->defaultValue('')
+                                    ->cannotBeEmpty()
+                                ->end()
+                                ->integerNode('cipher')
+                                    ->info('A set of algorithms used to encrypt the message')
+                                    ->defaultNull()
+                                    ->beforeNormalization()
+                                        ->always(function ($v): ?int {
+                                            return null !== $v && \defined('OPENSSL_CIPHER_' . $v) ? \constant('OPENSSL_CIPHER_' . $v) : null;
+                                        })
+                                    ->end()
+                                    ->validate()
+                                        ->ifTrue(function ($v) {
+                                            return \extension_loaded('openssl') && null !== $v && !\defined('OPENSSL_CIPHER_' . $v);
+                                        })
+                                        ->thenInvalid('You must provide a valid cipher.')
+                                    ->end()
+                                ->end()
+                            ->end()
+                        ->end()
                     ->end()
                 ->end()
             ->end()
 
@@ -112,7 +112,10 @@
 use Symfony\Component\Lock\Store\StoreFactory;
 use Symfony\Component\Mailer\Bridge as MailerBridge;
 use Symfony\Component\Mailer\Command\MailerTestCommand;
+use Symfony\Component\Mailer\EventListener\DkimSignedMessageListener;
 use Symfony\Component\Mailer\EventListener\MessengerTransportListener;
+use Symfony\Component\Mailer\EventListener\SmimeEncryptedMessageListener;
+use Symfony\Component\Mailer\EventListener\SmimeSignedMessageListener;
 use Symfony\Component\Mailer\Mailer;
 use Symfony\Component\Mercure\HubRegistry;
 use Symfony\Component\Messenger\Attribute\AsMessageHandler;
@@ -2837,6 +2840,48 @@ private function registerMailerConfiguration(array $config, ContainerBuilder $co
             $container->removeDefinition('mailer.messenger_transport_listener');
         }
 
+        if ($config['dkim_signer']['enabled']) {
+            if (!class_exists(DkimSignedMessageListener::class)) {
+                throw new LogicException('DKIM signed messages support cannot be enabled as the component is not up to date. Update the symfony/mailer.');
+            }
+            $dkimSigner = $container->getDefinition('mailer.dkim_signer');
+            $dkimSigner->setArgument(0, $config['dkim_signer']['key']);
+            $dkimSigner->setArgument(1, $config['dkim_signer']['domain']);
+            $dkimSigner->setArgument(2, $config['dkim_signer']['select']);
+            $dkimSigner->setArgument(3, $config['dkim_signer']['options']);
+            $dkimSigner->setArgument(4, $config['dkim_signer']['passphrase']);
+        } else {
+            $container->removeDefinition('mailer.dkim_signer');
+            $container->removeDefinition('mailer.dkim_signer.listener');
+        }
+
+        if ($config['smime_signer']['enabled']) {
+            if (!class_exists(SmimeSignedMessageListener::class)) {
+                throw new LogicException('SMIME signed messages support cannot be enabled as the component is not up to date. Update the symfony/mailer.');
+            }
+            $smimeSigner = $container->getDefinition('mailer.smime_signer');
+            $smimeSigner->setArgument(0, $config['smime_signer']['key']);
+            $smimeSigner->setArgument(1, $config['smime_signer']['certificate']);
+            $smimeSigner->setArgument(2, $config['smime_signer']['passphrase']);
+            $smimeSigner->setArgument(3, $config['smime_signer']['extra_certificates']);
+            $smimeSigner->setArgument(4, $config['smime_signer']['sign_options']);
+        } else {
+            $container->removeDefinition('mailer.smime_signer');
+            $container->removeDefinition('mailer.smime_signer.listener');
+        }
+
+        if ($config['smime_encrypter']['enabled']) {
+            if (!class_exists(SmimeEncryptedMessageListener::class)) {
+                throw new LogicException('SMIME encrypted messages support cannot be enabled as the component is not up to date. Update the symfony/mailer.');
+            }
+            $smimeDecrypter = $container->getDefinition('mailer.smime_encrypter');
+            $smimeDecrypter->setArgument(0, $config['smime_encrypter']['certificate']);
+            $smimeDecrypter->setArgument(1, $config['smime_encrypter']['cipher']);
+        } else {
+            $container->removeDefinition('mailer.smime_encrypter');
+            $container->removeDefinition('mailer.smime_encrypter.listener');
+        }
+
         if ($webhookEnabled) {
             $loader->load('mailer_webhook.php');
         }
 
@@ -12,16 +12,22 @@
 namespace Symfony\Component\DependencyInjection\Loader\Configurator;
 
 use Symfony\Component\Mailer\Command\MailerTestCommand;
+use Symfony\Component\Mailer\EventListener\DkimSignedMessageListener;
 use Symfony\Component\Mailer\EventListener\EnvelopeListener;
 use Symfony\Component\Mailer\EventListener\MessageListener;
 use Symfony\Component\Mailer\EventListener\MessageLoggerListener;
 use Symfony\Component\Mailer\EventListener\MessengerTransportListener;
+use Symfony\Component\Mailer\EventListener\SmimeEncryptedMessageListener;
+use Symfony\Component\Mailer\EventListener\SmimeSignedMessageListener;
 use Symfony\Component\Mailer\Mailer;
 use Symfony\Component\Mailer\MailerInterface;
 use Symfony\Component\Mailer\Messenger\MessageHandler;
 use Symfony\Component\Mailer\Transport;
 use Symfony\Component\Mailer\Transport\TransportInterface;
 use Symfony\Component\Mailer\Transport\Transports;
+use Symfony\Component\Mime\Crypto\DkimSigner;
+use Symfony\Component\Mime\Crypto\SMimeEncrypter;
+use Symfony\Component\Mime\Crypto\SMimeSigner;
 
 return static function (ContainerConfigurator $container) {
     $container->services()
@@ -78,6 +84,48 @@
         ->set('mailer.messenger_transport_listener', MessengerTransportListener::class)
             ->tag('kernel.event_subscriber')
 
+         ->set('mailer.dkim_signer', DkimSigner::class)
+            ->args([
+                abstract_arg('key'),
+                abstract_arg('domain'),
+                abstract_arg('select'),
+                abstract_arg('options'),
+                abstract_arg('passphrase'),
+            ])
+
+        ->set('mailer.smime_signer', SMimeSigner::class)
+            ->args([
+                abstract_arg('key'),
+                abstract_arg('certificate'),
+                abstract_arg('passphrase'),
+                abstract_arg('extraCertificates'),
+                abstract_arg('signOptions'),
+            ])
+
+        ->set('mailer.smime_encrypter', SMimeEncrypter::class)
+            ->args([
+                abstract_arg('certificate'),
+                abstract_arg('cipher'),
+            ])
+
+        ->set('mailer.dkim_signer.listener', DkimSignedMessageListener::class)
+            ->args([
+                service(DkimSigner::class),
+            ])
+            ->tag('kernel.event_subscriber')
+
+        ->set('mailer.smime_signer.listener', SmimeSignedMessageListener::class)
+            ->args([
+                service('mailer.smime_signer'),
+            ])
+            ->tag('kernel.event_subscriber')
+
+        ->set('mailer.smime_encrypter.listener', SmimeEncryptedMessageListener::class)
+            ->args([
+                service('mailer.smime_encrypter'),
+            ])
+            ->tag('kernel.event_subscriber')
+
         ->set('console.command.mailer_test', MailerTestCommand::class)
             ->args([
                 service('mailer.transports'),
 
@@ -789,6 +789,9 @@
             <xsd:element name="transport" type="mailer_transport" minOccurs="0" maxOccurs="unbounded" />
             <xsd:element name="envelope" type="mailer_envelope" minOccurs="0" maxOccurs="1" />
             <xsd:element name="header" type="header" minOccurs="0" maxOccurs="unbounded" />
+            <xsd:element name="dkim-signer" type="mailer_dkim_signer" minOccurs="0" />
+            <xsd:element name="smime-signer" type="mailer_smime_signer" minOccurs="0" />
+            <xsd:element name="smime-encrypter" type="mailer_smime_encrypter" minOccurs="0" />
         </xsd:sequence>
         <xsd:attribute name="enabled" type="xsd:boolean" />
         <xsd:attribute name="dsn" type="xsd:string" />
@@ -811,6 +814,30 @@
         </xsd:sequence>
     </xsd:complexType>
 
+
+    <xsd:complexType name="mailer_dkim_signer">
+        <xsd:sequence>
+            <xsd:element name="option" type="metadata" minOccurs="0" maxOccurs="unbounded" />
+        </xsd:sequence>
+        <xsd:attribute name="key" type="xsd:string"/>
+        <xsd:attribute name="domain" type="xsd:string"/>
+        <xsd:attribute name="select" type="xsd:string"/>
+        <xsd:attribute name="passphrase" type="xsd:string" />
+    </xsd:complexType>
+
+    <xsd:complexType name="mailer_smime_signer">
+        <xsd:attribute name="key" type="xsd:string"/>
+        <xsd:attribute name="certificate" type="xsd:string"/>
+        <xsd:attribute name="passphrase" type="xsd:string" />
+        <xsd:attribute name="extraCertificates" type="xsd:string" />
+        <xsd:attribute name="signOptions" type="xsd:integer" />
+    </xsd:complexType>
+
+    <xsd:complexType name="mailer_smime_encrypter">
+        <xsd:attribute name="certificate" type="xsd:string"/>
+        <xsd:attribute name="cipher" type="xsd:integer" />
+    </xsd:complexType>
+
     <xsd:complexType name="http_cache">
         <xsd:sequence>
             <xsd:element name="private-header" type="xsd:string" minOccurs="0" maxOccurs="unbounded" />
 
@@ -922,6 +922,27 @@ class_exists(SemaphoreStore::class) && SemaphoreStore::isSupported() ? 'semaphor
                 'enabled' => !class_exists(FullStack::class) && class_exists(Mailer::class),
                 'message_bus' => null,
                 'headers' => [],
+                'dkim_signer' => [
+                    'enabled' => false,
+                    'options' => [],
+                    'key' => '',
+                    'domain' => '',
+                    'select' => '',
+                    'passphrase' => '',
+                ],
+                'smime_signer' => [
+                    'enabled' => false,
+                    'key' => '',
+                    'certificate' => '',
+                    'passphrase' => null,
+                    'extra_certificates' => null,
+                    'sign_options' => null,
+                ],
+                'smime_encrypter' => [
+                    'enabled' => false,
+                    'certificate' => '',
+                    'cipher' => null,
+                ],
             ],
             'notifier' => [
                 'enabled' => !class_exists(FullStack::class) && class_exists(Notifier::class),
 
@@ -7,6 +7,7 @@ CHANGELOG
  * Add DSN param `retry_period` to override default email transport retry period
  * Add `Dsn::getBooleanOption()`
  * Add DSN param `source_ip` to allow binding to a (specific) IPv4 or IPv6 address.
+ * Enable the mailer to configure DKIM or SMIME signer
 
 7.2
 ---
 
@@ -0,0 +1,46 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <fabien@symfony.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Component\Mailer\EventListener;
+
+use Symfony\Component\EventDispatcher\EventSubscriberInterface;
+use Symfony\Component\Mailer\Event\MessageEvent;
+use Symfony\Component\Mime\Crypto\DkimSigner;
+use Symfony\Component\Mime\Message;
+
+/**
+ * Signs the message.
+ *
+ * @author Elías Fernández
+ */
+class DkimSignedMessageListener implements EventSubscriberInterface
+{
+    public function __construct(
+        private DkimSigner $signer,
+    ) {
+    }
+
+    public function onMessage(MessageEvent $event): void
+    {
+        $message = $event->getMessage();
+        if (!$message instanceof Message) {
+            return;
+        }
+        $event->setMessage($this->signer->sign($message));
+    }
+
+    public static function getSubscribedEvents(): array
+    {
+        return [
+            MessageEvent::class => ['onMessage', -128],
+        ];
+    }
+}
@@ -0,0 +1,47 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <fabien@symfony.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Component\Mailer\EventListener;
+
+use Symfony\Component\EventDispatcher\EventSubscriberInterface;
+use Symfony\Component\Mailer\Event\MessageEvent;
+use Symfony\Component\Mime\Crypto\SMimeEncrypter;
+use Symfony\Component\Mime\Message;
+
+/**
+ * Encrypts the message.
+ *
+ * @author Elías Fernández
+ */
+class SmimeEncryptedMessageListener implements EventSubscriberInterface
+{
+    public function __construct(
+        private SMimeEncrypter $encrypter,
+    ) {
+    }
+
+    public function onMessage(MessageEvent $event): void
+    {
+        $message = $event->getMessage();
+        if (!$message instanceof Message) {
+            return;
+        }
+
+        $event->setMessage($this->encrypter->encrypt($message));
+    }
+
+    public static function getSubscribedEvents(): array
+    {
+        return [
+            MessageEvent::class => ['onMessage', -128],
+        ];
+    }
+}