|
@@ -1,8 +1,9 @@
|
1
|
1
|
#!/usr/bin/python3
|
2
|
2
|
|
3
|
|
-import re
|
|
3
|
+import binascii
|
4
|
4
|
import json
|
5
|
5
|
import logging
|
|
6
|
+import re
|
6
|
7
|
import sys
|
7
|
8
|
from collections import defaultdict, namedtuple
|
8
|
9
|
|
|
@@ -83,6 +84,19 @@ ANOPE_MODENAME_TO_MODE = {
|
83
|
84
|
'SECRET': 's',
|
84
|
85
|
}
|
85
|
86
|
|
|
87
|
+# verify that a certfp appears to be a hex-encoded SHA-256 fingerprint;
|
|
88
|
+# if it's anything else, silently ignore it
|
|
89
|
+def validate_certfps(certobj):
|
|
90
|
+ certfps = []
|
|
91
|
+ for fingerprint in certobj.split():
|
|
92
|
+ try:
|
|
93
|
+ dec = binascii.unhexlify(fingerprint)
|
|
94
|
+ except:
|
|
95
|
+ continue
|
|
96
|
+ if len(dec) == 32:
|
|
97
|
+ certfps.append(fingerprint)
|
|
98
|
+ return certfps
|
|
99
|
+
|
86
|
100
|
def convert(infile):
|
87
|
101
|
out = {
|
88
|
102
|
'version': 1,
|
|
@@ -99,6 +113,9 @@ def convert(infile):
|
99
|
113
|
if obj.type == 'NickCore':
|
100
|
114
|
username = obj.kv['display']
|
101
|
115
|
userdata = {'name': username, 'hash': obj.kv['pass'], 'email': obj.kv['email']}
|
|
116
|
+ certobj = obj.kv.get('cert')
|
|
117
|
+ if certobj:
|
|
118
|
+ userdata['certfps'] = validate_certfps(certobj)
|
102
|
119
|
out['users'][username] = userdata
|
103
|
120
|
elif obj.type == 'NickAlias':
|
104
|
121
|
username = obj.kv['nc']
|