anope2json certfp support (#1867)

* Advanced certfp support Signed-off-by: Georg <georg@lysergic.dev> * Moving certfp logic Signed-off-by: Georg <georg@lysergic.dev> * Cleaning up certfp logic Signed-off-by: Georg <georg@lysergic.dev>
2025-10-30 21:37:23 +01:00 · 2021-12-13 01:18:41 +00:00 · 2021-12-13 01:18:41 +00:00 · 15f5f2e9b0
commit 15f5f2e9b0
parent 0483e3f6ad
1 changed files with 18 additions and 1 deletions
--- a/distrib/anope/anope2json.py
+++ b/distrib/anope/anope2json.py
@ -1,8 +1,9 @@
 #!/usr/bin/python3

-import re
+import binascii
 import json
 import logging
+import re
 import sys
 from collections import defaultdict, namedtuple

@ -83,6 +84,19 @@ ANOPE_MODENAME_TO_MODE = {
    'SECRET': 's',
 }

+# verify that a certfp appears to be a hex-encoded SHA-256 fingerprint;
+# if it's anything else, silently ignore it
+def validate_certfps(certobj):
+    certfps = []
+    for fingerprint in certobj.split():
+        try:
+            dec = binascii.unhexlify(fingerprint)
+        except:
+            continue
+        if len(dec) == 32:
+            certfps.append(fingerprint)
+    return certfps
+
 def convert(infile):
    out = {
        'version': 1,
@ -99,6 +113,9 @@ def convert(infile):
        if obj.type == 'NickCore':
            username = obj.kv['display']
            userdata = {'name': username, 'hash': obj.kv['pass'], 'email': obj.kv['email']}
+            certobj = obj.kv.get('cert')
+            if certobj:
+                userdata['certfps'] = validate_certfps(certobj)
            out['users'][username] = userdata
        elif obj.type == 'NickAlias':
            username = obj.kv['nc']