dot

packages and services management
Log | Files | Refs | README

commit 13e9a98733e5406e011e0a50c8a5be5350bf0c69
parent cccfbc9ae57c0d93f5626820daec62020f4cc243
Author: Josuah Demangeon <mail@josuah.net>
Date:   Sun, 10 Dec 2017 22:21:53 +0100

first verison of blih-openssl

Diffstat:
Mbin/blih | 299++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++-----
Abin/blih-openssl | 31+++++++++++++++++++++++++++++++
Mtoread | 2++
3 files changed, 315 insertions(+), 17 deletions(-)

diff --git a/bin/blih b/bin/blih @@ -1,22 +1,287 @@ -#!/bin/sh +#!/usr/bin/env python3.6 -user=$BLIH +import os +import sys +import getopt +import hmac +import hashlib +import urllib.request +import urllib.parse +import json +import getpass -#printf 'password: ' -#IFS= read -r pwd -password='XXX' +version = 1.7 -key=$(printf %s "$pwd" | openssl dgst -sha512 | cut -d ' ' -f 2) -sig=$(printf %s "$usr" | openssl dgst -sha512 -hmac "$key" | cut -d ' ' -f 2) +class blih: + def __init__(self, baseurl='http://127.0.0.1/', user=None, token=None, verbose=False, user_agent='blih-' + str(version)): + self._baseurl = baseurl + if token: + self._token = token + else: + self.token_calc() + if user == None: + self._user = getpass.getuser() + else: + self._user = user + self._verbose = verbose + self._useragent = user_agent -openssl s_client -connect blih.epitech.eu:443 -quiet << EOF -GET //whoami HTTP/1.1 -Accept-Encoding: identity -Content-Length: 184 -Host: blih.epitech.eu -Content-Type: application/json -User-Agent: blih-1.7 -Connection: close + def token_get(self): + return self._token -{"user": "$usr", "signature": "$sig"} -EOF + def token_set(self, token): + self._token = token + + token = property(token_get, token_set) + + def token_calc(self): + self._token = bytes(hashlib.sha512(bytes(getpass.getpass(), 'utf8')).hexdigest(), 'utf8') + print(self._token) + + def sign_data(self, data=None): + signature = hmac.new(self._token, msg=bytes(self._user, 'utf8'), digestmod=hashlib.sha512) + if data: + signature.update(bytes(json.dumps(data, sort_keys=True, indent=4, separators=(',', ': ')), 'utf8')) + + signed_data = {'user' : self._user, 'signature' : signature.hexdigest()} + if data != None: + signed_data['data'] = data + + return signed_data + + def request(self, resource, method='GET', content_type='application/json', data=None, url=None): + signed_data = self.sign_data(data) + + print(json.dumps(signed_data)) + if url: + req = urllib.request.Request(url=url, method=method, data=bytes(json.dumps(signed_data), 'utf8')) + else: + req = urllib.request.Request(url=self._baseurl + resource, method=method, data=bytes(json.dumps(signed_data), 'utf8')) + print(req) + req.add_header('Content-Type', content_type) + req.add_header('User-Agent', self._useragent) + + try: + f = urllib.request.urlopen(req) + except urllib.error.HTTPError as e: + print ('HTTP Error ' + str(e.code)) + data = json.loads(e.read().decode('utf8')) + print ("Error message : '" + data['error'] + "'") + sys.exit(1) + + if f.status == 200: + try: + data = json.loads(f.read().decode('utf8')) + except: + print ("Can't decode data, aborting") + sys.exit(1) + return (f.status, f.reason, f.info(), data) + + print ('Unknown error') + sys.exit(1) + + def repo_create(self, name, type='git', description=None): + data = {'name' : name, 'type' : type} + if description: + data['description'] = description + status, reason, headers, data = self.request('/repositories', method='POST', data=data) + print (data['message']) + + def repo_list(self): + status, reason, headers, data = self.request('/repositories', method='GET') + for i in data['repositories']: + print (i) + + def repo_delete(self, name): + status, reason, headers, data = self.request('/repository/' + name, method='DELETE') + print (data['message']) + + def repo_info(self, name): + status, reason, headers, data = self.request('/repository/' + name, method='GET') + print (data['message']) + + def repo_setacl(self, name, acluser, acl): + data = {'user' : acluser, 'acl' : acl} + status, reason, headers, data = self.request('/repository/' + name + '/acls', method='POST', data=data) + print (data['message']) + + def repo_getacl(self, name): + status, reason, headers, data = self.request('/repository/' + name + '/acls', method='GET') + for i in data.keys(): + print (i + ':' + data[i]) + + def sshkey_upload(self, keyfile): + try: + f = open(keyfile, 'r') + except (PermissionError, FileNotFoundError): + print ("Can't open file : " + keyfile) + return + key = urllib.parse.quote(f.read().strip('\n')) + f.close() + data = {'sshkey' : key} + status, reason, headers, data = self.request('/sshkeys', method='POST', data=data) + print (data['message']) + + def sshkey_delete(self, sshkey): + status, reason, headers, data = self.request('/sshkey/' + sshkey, method='DELETE') + print (data['message']) + + def sshkey_list(self): + status, reason, headers, data = self.request('/sshkeys', method='GET') + for i in data.keys(): + print (data[i] + ' ' + i) + + def whoami(self): + status, reason, headers, data = self.request('/whoami', method='GET') + print (data['message']) + +def usage_repository(): + print ('Usage: ' + sys.argv[0] + ' [options] repository command ...') + print () + print ('Commands :') + print ('\tcreate repo\t\t\t-- Create a repository named "repo"') + print ('\tinfo repo\t\t\t-- Get the repository metadata') + print ('\tgetacl repo\t\t\t-- Get the acls set for the repository') + print ('\tlist\t\t\t\t-- List the repositories created') + print ('\tsetacl repo user [acl]\t\t-- Set (or remove) an acl for "user" on "repo"') + print ('\t\t\t\t\tACL format:') + print ('\t\t\t\t\tr for read') + print ('\t\t\t\t\tw for write') + print ('\t\t\t\t\ta for admin') + sys.exit(1) + +def repository(args, baseurl, user, token, verbose, user_agent): + if len(args) == 0: + usage_repository() + if args[0] == 'create': + if len(args) != 2: + usage_repository() + handle = blih(baseurl=baseurl, user=user, token=token, verbose=verbose, user_agent=user_agent) + handle.repo_create(args[1]) + elif args[0] == 'list': + if len(args) != 1: + usage_repository() + handle = blih(baseurl=baseurl, user=user, token=token, verbose=verbose, user_agent=user_agent) + handle.repo_list() + elif args[0] == 'info': + if len(args) != 2: + usage_repository() + handle = blih(baseurl=baseurl, user=user, token=token, verbose=verbose, user_agent=user_agent) + handle.repo_info(args[1]) + elif args[0] == 'delete': + if len(args) != 2: + usage_repository() + handle = blih(baseurl=baseurl, user=user, token=token, verbose=verbose, user_agent=user_agent) + handle.repo_delete(args[1]) + elif args[0] == 'setacl': + if len(args) != 4 and len(args) != 3: + usage_repository() + if len(args) == 3: + acl = '' + else: + acl = args[3] + handle = blih(baseurl=baseurl, user=user, token=token, verbose=verbose, user_agent=user_agent) + handle.repo_setacl(args[1], args[2], acl) + elif args[0] == 'getacl': + if len(args) != 2: + usage_repository() + handle = blih(baseurl=baseurl, user=user, token=token, verbose=verbose, user_agent=user_agent) + handle.repo_getacl(args[1]) + else: + usage_repository() + +def usage_sshkey(): + print ('Usage: ' + sys.argv[0] + ' [options] sshkey command ...') + print () + print ('Commands :') + print ('\tupload [file]\t\t\t-- Upload a new ssh-key') + print ('\tlist\t\t\t\t-- List the ssh-keys') + print ('\tdelete <sshkey>\t\t\t-- Delete the sshkey with comment <sshkey>') + sys.exit(1) + +def sshkey(args, baseurl, user, token, verbose, user_agent): + if len(args) == 0: + usage_sshkey() + if args[0] == 'list': + handle = blih(baseurl=baseurl, user=user, token=token, verbose=verbose, user_agent=user_agent) + handle.sshkey_list() + elif args[0] == 'upload': + key = None + if len(args) == 1: + key = os.getenv('HOME') + '/.ssh/id_rsa.pub' + elif len(args) == 2: + key = args[1] + else: + usage_sshkey() + handle = blih(baseurl=baseurl, user=user, token=token, verbose=verbose, user_agent=user_agent) + handle.sshkey_upload(key) + elif args[0] == 'delete': + if len(args) != 2: + usage_sshkey() + handle = blih(baseurl=baseurl, user=user, token=token, verbose=verbose, user_agent=user_agent) + handle.sshkey_delete(args[1]) + else: + usage_sshkey() + +def whoami(args, baseurl, user, token, verbose, user_agent): + handle = blih(baseurl=baseurl, user=user, token=token, verbose=verbose, user_agent=user_agent) + handle.whoami() + +def usage(): + print ('Usage: ' + sys.argv[0] + ' [options] command ...') + print () + print ('Global Options :') + print ('\t-u user | --user=user\t\t-- Run as user') + print ('\t-v | --verbose\t\t\t-- Verbose') + print ('\t-b url | --baseurl=url\t\t-- Base URL for BLIH') + print ('\t-t | --token\t\t\t-- Specify token in the cmdline') + print () + print ('Commands :') + print ('\trepository\t\t\t-- Repository management') + print ('\tsshkey\t\t\t\t-- SSH-KEYS management') + print ('\twhoami\t\t\t\t-- Print who you are') + sys.exit(1) + +if __name__ == "__main__": + try: + opts, args = getopt.getopt(sys.argv[1:], 'hvu:b:t:VU:', ['help', 'verbose', 'user=', 'baseurl=', 'token=', 'version', 'useragent=']) + except getopt.GetoptError as e: + print (e) + usage() + + verbose = False + user = None + baseurl = 'http://127.0.0.1/' + token = None + user_agent = 'blih-' + str(version) + + for o, a in opts: + if o in ('-h', '--help'): + usage() + elif o in ('-v', '--verbose'): + verbose = True + elif o in ('-u', '--user'): + user = a + elif o in ('-b', '--baseurl'): + baseurl = a + elif o in ('-t', '--token'): + token = bytes(a, 'utf8') + elif o in ('-V', '--version'): + print ('blih version ' + str(version)) + sys.exit(0) + elif o in ('-U', '--useragent'): + user_agent = a + else: + usage() + + if len(args) == 0: + usage() + + if args[0] == 'repository': + repository(args[1:], baseurl, user, token, verbose, user_agent) + elif args[0] == 'sshkey': + sshkey(args[1:], baseurl, user, token, verbose, user_agent) + elif args[0] == 'whoami': + whoami(args[1:], baseurl, user, token, verbose, user_agent) + else: + usage() diff --git a/bin/blih-openssl b/bin/blih-openssl @@ -0,0 +1,31 @@ +#!/bin/sh +# bocal lightweight interface for human client + +usr=$BLIH +host=blih.epitech.eu + +printf 'password: ' 1>&2 +stty -echo +IFS= read -r pwd +stty echo +printf '\n' 1>&2 + +tok=$(printf %s "$pwd" | openssl dgst -sha512 | cut -d ' ' -f 2) +sig=$(printf %s "$usr" | openssl dgst -sha512 -hmac "$tok" | cut -d ' ' -f 2) +data='{"user": "'$usr'", "signature": "'$sig'"}' +method='GET' +request=$1 + +openssl s_client -connect "$host:443" -quiet << EOF 2>/dev/null | sed '1,/^.$/d' +$method //$request HTTP/1.1 +Accept-Encoding: identity +Content-Length: ${#data} +Host: $host +Content-Type: application/json +User-Agent: blih-1.7 +Connection: close + +$data +EOF + +printf '\n' diff --git a/toread b/toread @@ -2,3 +2,5 @@ https://security.stackexchange.com/questions/91725/dnscrypt-vs-dnscurve https://www.icann.org/resources/pages/dnssec-qaa-2014-01-29-en https://www.openbsd.org/events.html gopher://dataswamp.org/0/~solene/article-gentoo-portoftheweek-slrn.txt +http://anidb.net/perl-bin/animedb.pl?show=anime&aid=1050 +http://anidb.net/perl-bin/animedb.pl?show=anime&aid=13436