From 15f5f2e9b06e3fd8e2d31f638696dc1171a2a160 Mon Sep 17 00:00:00 2001
From: cranberry <georg@lysergic.dev>
Date: Mon, 13 Dec 2021 01:18:41 +0000
Subject: [PATCH] anope2json certfp support (#1867)

* Advanced certfp support

Signed-off-by: Georg <georg@lysergic.dev>

* Moving certfp logic

Signed-off-by: Georg <georg@lysergic.dev>

* Cleaning up certfp logic

Signed-off-by: Georg <georg@lysergic.dev>
---
 distrib/anope/anope2json.py | 19 ++++++++++++++++++-
 1 file changed, 18 insertions(+), 1 deletion(-)

diff --git a/distrib/anope/anope2json.py b/distrib/anope/anope2json.py
index 02fb529b..d047b83b 100755
--- a/distrib/anope/anope2json.py
+++ b/distrib/anope/anope2json.py
@@ -1,8 +1,9 @@
 #!/usr/bin/python3
 
-import re
+import binascii
 import json
 import logging
+import re
 import sys
 from collections import defaultdict, namedtuple
 
@@ -83,6 +84,19 @@ ANOPE_MODENAME_TO_MODE = {
     'SECRET': 's',
 }
 
+# verify that a certfp appears to be a hex-encoded SHA-256 fingerprint;
+# if it's anything else, silently ignore it
+def validate_certfps(certobj):
+    certfps = []
+    for fingerprint in certobj.split():
+        try:
+            dec = binascii.unhexlify(fingerprint)
+        except:
+            continue
+        if len(dec) == 32:
+            certfps.append(fingerprint)
+    return certfps
+
 def convert(infile):
     out = {
         'version': 1,
@@ -99,6 +113,9 @@ def convert(infile):
         if obj.type == 'NickCore':
             username = obj.kv['display']
             userdata = {'name': username, 'hash': obj.kv['pass'], 'email': obj.kv['email']}
+            certobj = obj.kv.get('cert')
+            if certobj:
+                userdata['certfps'] = validate_certfps(certobj)
             out['users'][username] = userdata
         elif obj.type == 'NickAlias':
             username = obj.kv['nc']