-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathcurling-with-secrets.py
115 lines (95 loc) · 3.89 KB
/
curling-with-secrets.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
#!/usr/bin/env python3.3
# Guy Hughes, 2014
# GNU General Public License Version 3, 29 June 2007
from sys import stdin
from sys import stdout
import os
import argparse
#from sys import os.environ
#from sys import os.access
#from sys import os.mkdirs
#from sys import os.path
import subprocess
import errno
import getpass
def init():
global args
global secretfile
global secretfiledir
# parse args
parser = argparse.ArgumentParser(description='This is curling-with-secrets by Guy Hughes.')
parser.add_argument('--secretfile',nargs='?',help='specify an alternative secret file',type=str)
parser.add_argument('user', help='the username to pass to curl',type=str)
parser.add_argument('url', help='the url to pass to curl',type=str)
args=parser.parse_args()
#secretfile=os.path.abspath(os.environ.get('XDG_CONFIG_HOME',os.environ.get('HOME') + "/.config") + "/secretcurl/secret.enc")
if args.secretfile:
secretfile = os.path.abspath(args.secretfile)
else:
secretfile=os.path.abspath('./secret.enc')
secretfiledir=os.path.dirname(secretfile)
if check():
curl()
def check():
if os.path.isfile(secretfile) and os.access(secretfile, os.R_OK):
print("I found secretfile at %s. [OK]" % secretfile)
return True
else:
print("I did not find the secretfile at %s. We'll now create it..." % secretfile)
return createfile()
def token():
echop=subprocess.Popen(["echo", secretfile], stdout=subprocess.PIPE)
shap=subprocess.Popen(['sha512sum'],stdout=subprocess.PIPE,stdin=echop.stdout)
grepp=subprocess.Popen(['grep', '-Eo','\'^.{40}\''],stdout=subprocess.PIPE,stdin=shap.stdout)
echop.stdout.close()
shap.stdout.close()
result=grepp.communicate()[0]
return result
def createfile():
# safety check
if os.path.isfile(secretfile):
print("FATAL: secretfile exists at %s" % secretfile)
print("Stopping, to prevent secretfile from being overriden.")
print("If you wish to overwrite the secretfile, first delete it yourself this run this command again.")
exit(1)
print("Creating the secretfile at %s" % secretfile)
print("Remember: Once the secret file is created, this script"
" will only be able to decrypt while it is in the same directory and filename."
"If you ever wish to rename the secretfile, you'd need to modify this script "
"or recreate the secretfile using this script.")
print("Checking for directory %s" % secretfiledir)
if not os.path.exists(secretfiledir):
sys.stdout.write("Making directories...")
os.makedirs(secretfiledir, exist_ok=True)
else:
print("Parent directories are OK")
print("Please enter the secret password to be passed to curl:")
password=getpass.getpass()
thetoken = token()
echop=subprocess.Popen(['echo',password],stdout=subprocess.PIPE)
opensslp=subprocess.Popen(['openssl', 'enc', '-aes-256-cbc',
'-salt', '-a',
'-k', thetoken,
'-out', secretfile
], stdin=echop.stdout)
echop.stdout.close()
del password
del thetoken
print("Createfile done.")
return True
def curl():
print("Decrypting the password...")
thetoken=token()
opensslp=subprocess.Popen(['openssl','enc','-aes-256-cbc','-d', '-a','-k',thetoken,
'-in', secretfile],stdout=subprocess.PIPE)
password=opensslp.communicate()[0].decode('utf-8')
print(args)
print(args.url)
print(password)
curlconfig="user = " + args.user + "\:" + password + "\nurl = " + args.url
curlp=subprocess.Popen(['curl','--basic', '-K', '-'],
stdin=subprocess.PIPE,stderr=subprocess.STDOUT,shell=False)
result=curlp.communicate(input=bytes(curlconfig, 'UTF-8'))
print(result)
del password
init()