255 lines
11 KiB
Python
Executable File
255 lines
11 KiB
Python
Executable File
#!/usr/bin/env python3
|
|
|
|
# TODO: can we use struct instead for blobParser?
|
|
|
|
import argparse
|
|
import getpass
|
|
import hashlib
|
|
import re
|
|
import sys
|
|
import os
|
|
from collections import defaultdict
|
|
try:
|
|
import OpenSSL # "python-pyopenssl" package on Arch
|
|
except ImportError:
|
|
exit('You need to install PyOpenSSL ("pip3 install --user PyOpenSSL" if pip3 is installed)')
|
|
|
|
## DEFINE SOME PRETTY STUFF ##
|
|
class color(object):
|
|
# Windows doesn't support ANSI color escapes like sh does.
|
|
if sys.platform == 'win32':
|
|
# "You should be using subprocess!" yeah yeah yeah, I know, shut up.
|
|
# I already have OS imported and this is a quick hack.
|
|
BLACK = os.system('color 0')
|
|
BLUE = os.system('color 1')
|
|
GREEN = os.system('color 2')
|
|
DARKCYAN = os.system('color 3') # "Aqua" text
|
|
RED = os.system('color 4')
|
|
PURPLE = os.system('color 5')
|
|
YELLOW = os.system('color 6')
|
|
END = os.system('color 7') # "White" text
|
|
GRAY = os.system('color 8')
|
|
CYAN = os.system('color 9') # "Light Blue" text
|
|
LTGREEN = os.system('color A') # "Light Green" text
|
|
LTAQUA = os.system('color B') # "Light Aqua" text
|
|
LTRED = os.system('color C') # "Light Red" text
|
|
LTPURPLE = os.system('color D') # "Light Purple" text
|
|
LTYELLOW = os.system('color E') # "Light Yellow" text
|
|
BOLD = os.system('color F') # "Bright White" text
|
|
UNDERLINE = None
|
|
else:
|
|
PURPLE = '\033[95m'
|
|
CYAN = '\033[96m'
|
|
DARKCYAN = '\033[36m'
|
|
BLUE = '\033[94m'
|
|
GREEN = '\033[92m'
|
|
YELLOW = '\033[93m'
|
|
RED = '\033[91m'
|
|
BOLD = '\033[1m'
|
|
UNDERLINE = '\033[4m'
|
|
END = '\033[0m'
|
|
|
|
class Hasher(object):
|
|
def __init__(self, args):
|
|
self.args = args
|
|
self.blobGetter(self.args['cert'])
|
|
self.blobParser()
|
|
|
|
def getPass(self):
|
|
# Do we need to get the passphrase?
|
|
if self.args['passphrase']:
|
|
if self.args['passphrase'] == 'stdin':
|
|
self.args['passphrase'] = sys.stdin.read().replace('\n', '')
|
|
elif self.args['passphrase'] == 'prompt':
|
|
_colorargs = (color.BOLD, color.RED, self.args['cert'], color.END)
|
|
_repeat = True
|
|
while _repeat == True:
|
|
_pass_in = getpass.getpass(('\n{0}What is the encryption password ' +
|
|
'for {1}{2}{0}{3}{0} ?{3} ').format(*_colorargs))
|
|
if not _pass_in or _pass_in == '':
|
|
print(('\n{0}Invalid passphrase for {1}{2}{0}{3}{0} ; ' +
|
|
'please enter a valid passphrase!{3} ').format(*_colorargs))
|
|
else:
|
|
_repeat = False
|
|
self.args['passphrase'] = _pass_in.replace('\n', '')
|
|
print()
|
|
else:
|
|
self.args['passphrase'] = None
|
|
return()
|
|
|
|
def importCert(self):
|
|
self.getPass()
|
|
# Try loading the certificate
|
|
try:
|
|
self.pkcs = OpenSSL.crypto.load_pkcs12(self.cert, self.args['passphrase'])
|
|
except OpenSSL.crypto.Error:
|
|
exit('Could not load certificate! (Wrong passphrase? Wrong file?)')
|
|
return()
|
|
|
|
def hashCert(self):
|
|
self.crt_in = self.pkcs.get_certificate()
|
|
self.der = OpenSSL.crypto.dump_certificate(OpenSSL.crypto.FILETYPE_ASN1,
|
|
self.crt_in)
|
|
self.hash = hashlib.sha1(self.der).hexdigest().lower()
|
|
return(self.hash)
|
|
|
|
def blobGetter(self, blobpath):
|
|
self.cert = None
|
|
self.blob = None
|
|
_blst = blobpath.split(':')
|
|
if len(_blst) == 2:
|
|
blob = _blst[1]
|
|
self.certtype = _blst[0].lower()
|
|
elif len(_blst) == 1:
|
|
blob = _blst[0]
|
|
self.certtype = 'file'
|
|
else:
|
|
raise ValueError('{0} is not a supported path'.format(blobpath))
|
|
self.certtype = None
|
|
if self.certtype:
|
|
_hexblob = None
|
|
if self.certtype in ('plist', 'ini', 'file'):
|
|
blob = os.path.abspath(os.path.expanduser(blob))
|
|
if not os.path.isfile(blob):
|
|
raise FileNotFoundError('{0} does not exist'.format(blob))
|
|
if self.certtype == 'reg': # Only supported on Windows machines, obviously.
|
|
if sys.platform == 'win32':
|
|
import winreg
|
|
elif sys.platform == 'cygwin':
|
|
# https://bitbucket.org/sfllaw/cygwinreg/issues/5/support-python3
|
|
exit(('Python 3 under Cygwin does not support reading the registry. ' +
|
|
'Please use native-Windows Python 3 (for now) or ' +
|
|
'specify an actual PKCS #12 certificate file.'))
|
|
#try:
|
|
# import cygwinreg as winreg
|
|
#except ImportError:
|
|
# exit('You must install the cygwinreg python module in your cygwin environment to read the registry.')
|
|
_keypath = blob.split('\\')
|
|
_hkey = getattr(winreg, _keypath[0])
|
|
_skeypath = _keypath[1:-1]
|
|
_ckey = _keypath[-1]
|
|
_r = winreg.OpenKey(_hkey, '\\'.join(_skeypath))
|
|
_hexblob, _ = winreg.QueryValueEx(_r, _ckey)
|
|
winreg.CloseKey(_r)
|
|
elif self.certtype == 'plist': # plistlib, however, is thankfully cross-platform.
|
|
import plistlib
|
|
with open(blob, 'rb') as f:
|
|
_pdata = plistlib.loads(f.read())
|
|
_hexblob = _pdata['net.certificate']
|
|
elif self.certtype == 'ini':
|
|
import configparser
|
|
_parser = configparser.RawConfigParser()
|
|
_parser.read(blob)
|
|
_cfg = defaultdict(dict)
|
|
for s in _parser.sections():
|
|
_cfg[s] = {}
|
|
for k in _parser.options(s):
|
|
_cfg[s][k] = _parser.get(s, k)
|
|
self.blob = _cfg['net']['certificate']
|
|
else: # It's (supposedly) a PKCS #12 file - obviously, cross-platform.
|
|
with open(blob, 'rb') as f:
|
|
self.cert = f.read()
|
|
return()
|
|
|
|
def blobParser(self):
|
|
if not self.blob:
|
|
return()
|
|
if self.blob == '':
|
|
raise ValueError('We could not find an embedded certificate.')
|
|
# A pox upon the house of Mumble for not using base64. A POX, I SAY.
|
|
# So instead we need to straight up de-byte-array the mess.
|
|
# The below is an eldritch horror, bound to twist the mind of any sane man
|
|
# into the depths of madness.
|
|
# I probably might have been able to use a struct here, but meh.
|
|
blob = re.sub('^"?@ByteArray\(0(.*)\)"?$',
|
|
'\g<1>',
|
|
self.blob,
|
|
re.MULTILINE, re.DOTALL)
|
|
_bytes = b'0'
|
|
for s in blob.split('\\x'):
|
|
if s == '':
|
|
continue
|
|
_chunk = list(s)
|
|
# Skip the first two chars for string interpolation - they're hex.
|
|
_start = 2
|
|
try:
|
|
_hex = ''.join(_chunk[0:2])
|
|
_bytes += bytes.fromhex(_hex)
|
|
except ValueError:
|
|
# We need to zero-pad, and alter the starting index
|
|
# because yep, you guessed it - their bytearray hex vals
|
|
# (in plaintext) aren't zero-padded, either.
|
|
_hex = ''.join(_chunk[0]).zfill(2)
|
|
_bytes += bytes.fromhex(_hex)
|
|
_start = 1
|
|
# And then append the rest as-is. "Mostly."
|
|
# Namely, we need to change the single-digit null byte notation
|
|
# to actual python null bytes, and then de-escape the escapes.
|
|
# (i.e. '\t' => ' ')
|
|
_str = re.sub('\\\\0([^0])',
|
|
'\00\g<1>',
|
|
''.join(_chunk[_start:])).encode('utf-8').decode('unicode_escape')
|
|
_bytes += _str.encode('utf-8')
|
|
self.cert = _bytes
|
|
return()
|
|
|
|
def parseArgs():
|
|
# Set the default cert path
|
|
_certpath = '~/Documents/MumbleAutomaticCertificateBackup.p12'
|
|
# This catches ALL versions of macOS/OS X.
|
|
if sys.platform == 'darwin':
|
|
_cfgpath = 'PLIST:~/Library/Preferences/net.sourceforge.mumble.Mumble.plist'
|
|
# ALL versions of windows, even Win10, on x86. Even 64-bit. I know.
|
|
elif sys.platform == 'win32':
|
|
_cfgpath = r'REG:HKEY_CURRENT_USER\Software\Mumble\Mumble\net\certificate'
|
|
# Some people are sensible.
|
|
if sys.platform == 'cygwin':
|
|
_cfgpath = r'REG:HKEY_CURRENT_USER\Software\Mumble\Mumble\net\certificate'
|
|
elif (sys.platform == 'linux') or (re.match('.*bsd.*', sys.platform)): # duh
|
|
_cfgpath = 'INI:~/.config/Mumble/Mumble.conf'
|
|
else:
|
|
# WHO KNOWS what we're running on
|
|
_cfgpath = None
|
|
if not os.path.isfile(os.path.abspath(os.path.expanduser(_certpath))):
|
|
_defcrt = _cfgpath
|
|
else:
|
|
_defcrt = 'FILE:{0}'.format(_certpath)
|
|
args = argparse.ArgumentParser()
|
|
args.add_argument('-p',
|
|
'--passphrase',
|
|
choices = ['stdin', 'prompt'],
|
|
dest = 'passphrase',
|
|
default = None,
|
|
help = ('The default is to behave as if your certificate does not have ' +
|
|
'a passphrase attached (as this is Mumble\'s default); however, ' +
|
|
'if you specify \'stdin\' we will expect the passphrase to be given as a stdin pipe, ' +
|
|
'if you specify \'prompt\', we will prompt you for a passphrase (it will not be echoed back' +
|
|
'to the console)'))
|
|
args.add_argument('-c', '--cert',
|
|
dest = 'cert',
|
|
default = _defcrt,
|
|
metavar = 'path/to/mumblecert.p12',
|
|
help = ('The path to your exported PKCS #12 Mumble certificate. ' +
|
|
'Special prefixes are ' +
|
|
'{0} (it is a PKCS #12 file, default), ' +
|
|
'{1} (it is embedded in a macOS/OS X PLIST file), ' +
|
|
'{2} (it is a Mumble.conf with embedded PKCS#12), or ' +
|
|
'{3} (it is a path to a Windows registry object). ' +
|
|
'Default: {4}').format('{0}FILE{1}'.format(color.BOLD, color.END),
|
|
'{0}PLIST{1}'.format(color.BOLD, color.END),
|
|
'{0}INI{1}'.format(color.BOLD, color.END),
|
|
'{0}REG{1}'.format(color.BOLD, color.END),
|
|
'{0}{1}{2}'.format(color.BOLD, _defcrt, color.END)))
|
|
return(args)
|
|
|
|
def main():
|
|
args = vars(parseArgs().parse_args())
|
|
cert = Hasher(args)
|
|
cert.importCert()
|
|
h = cert.hashCert()
|
|
print('\n\t\033[1mYour certificate\'s public hash is: \033[94m{0}\033[0m'.format(h))
|
|
print('\n\t\033[1mPlease provide this to the Mumble server administrator that has requested it.\033[0m\n')
|
|
|
|
if __name__ == '__main__':
|
|
main()
|