Skip to content

Commit

Permalink
8.8 auto-commit
Browse files Browse the repository at this point in the history
  • Loading branch information
@rev1si0n
rev1si0n committed Feb 23, 2025
1 parent 14a9ff1 commit 7544a4e
Show file tree
Hide file tree
Showing 3 changed files with 97 additions and 60 deletions.
5 changes: 5 additions & 0 deletions CHANGELOG.txt
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,8 @@
8.8
* Frida 数据上报支持 AMQP
* 修复 cert.py 上游库变更导致的证书问题
* 修复服务重启资源释放的问题

8.5
* 优化剪切板共享逻辑
* 新增 Frida 脚本崩溃日志
Expand Down
2 changes: 1 addition & 1 deletion lamda/__init__.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,4 +2,4 @@
#
# Distributed under MIT license.
# See file LICENSE for detail or copy at https://opensource.org/licenses/MIT
__version__ = "8.5"
__version__ = "8.8"
150 changes: 91 additions & 59 deletions tools/cert.py
View file
Original file line number Diff line number Diff line change
@@ -1,80 +1,112 @@
#!/usr/bin/env python3
#encoding=utf-8
import os
import sys
import random
import datetime

from hashlib import sha256
from OpenSSL import crypto
from cryptography.hazmat.primitives.asymmetric import rsa
from cryptography.hazmat.primitives import hashes, serialization
from cryptography.hazmat.backends import default_backend
from cryptography.x509 import (
Name,
NameAttribute,
CertificateBuilder,
CertificateSigningRequestBuilder,
DNSName,
SubjectAlternativeName,
load_pem_x509_certificate,
BasicConstraints,
KeyUsage,
)
from cryptography.x509.oid import NameOID

CN = "lamda"
if len(sys.argv) == 2:
CN = sys.argv[1]

if os.path.isfile("root.key"):
data = open("root.key", "rb").read()
rk = crypto.load_privatekey(crypto.FILETYPE_PEM, data)
with open("root.key", "rb") as f:
rk = serialization.load_pem_private_key(
f.read(), password=None, backend=default_backend()
)
else:
rk = crypto.PKey()
rk.generate_key(crypto.TYPE_RSA, 2048)

data = crypto.dump_privatekey(crypto.FILETYPE_PEM, rk)
open("root.key", "wb").write(data)
rk = rsa.generate_private_key(
public_exponent=65537, key_size=2048, backend=default_backend()
)
with open("root.key", "wb") as f:
f.write(
rk.private_bytes(
encoding=serialization.Encoding.PEM,
format=serialization.PrivateFormat.TraditionalOpenSSL,
encryption_algorithm=serialization.NoEncryption(),
)
)

if os.path.isfile("root.crt"):
data = open("root.crt", "rb").read()
root = crypto.load_certificate(crypto.FILETYPE_PEM, data)
with open("root.crt", "rb") as f:
root = load_pem_x509_certificate(f.read(), default_backend())
else:
root = crypto.X509()

root.get_subject().O = "LAMDA"

root.gmtime_adj_notBefore(0)
root.gmtime_adj_notAfter(315360000)
root.set_issuer(root.get_subject())
root.set_pubkey(rk)
root.sign(rk, "sha256")

data = crypto.dump_certificate(crypto.FILETYPE_PEM, root)
open("root.crt", "wb").write(data)

if not os.path.isfile("{}.pem".format(CN)):
pk = crypto.PKey()
pk.generate_key(crypto.TYPE_RSA, 2048)
subject = issuer = Name(
[
NameAttribute(NameOID.ORGANIZATION_NAME, "LAMDA"),
NameAttribute(NameOID.COMMON_NAME, "FireRPA LAMDA Root Trust"),
]
)
root = (
CertificateBuilder()
.subject_name(subject)
.issuer_name(issuer)
.not_valid_before(datetime.datetime.utcnow())
.not_valid_after(datetime.datetime.utcnow() + datetime.timedelta(days=3650))
.public_key(rk.public_key())
.serial_number(random.randint(1, 2**128))
.add_extension(BasicConstraints(ca=True, path_length=None), critical=True)
.sign(rk, hashes.SHA256(), default_backend())
)
with open("root.crt", "wb") as f:
f.write(root.public_bytes(serialization.Encoding.PEM))

req = crypto.X509Req()
req.set_version(0)
req.get_subject().CN = CN
req.set_pubkey(pk)
req.sign(pk, "sha256")

cert = crypto.X509()
cert.set_version(2)
cert.set_subject(req.get_subject())
cert.set_serial_number(random.randint(1, 2**128))
cert.gmtime_adj_notBefore(0)
cert.gmtime_adj_notAfter(315360000)
cert.set_issuer(root.get_subject())
cert.set_pubkey(req.get_pubkey())
cert.sign(rk, "sha256")
if not os.path.isfile(f"{CN}.pem"):
pk = rsa.generate_private_key(
public_exponent=65537, key_size=2048, backend=default_backend()
)
csr = (
CertificateSigningRequestBuilder()
.subject_name(Name([NameAttribute(NameOID.COMMON_NAME, CN)]))
.sign(pk, hashes.SHA256(), default_backend())
)

pkey = crypto.dump_privatekey(crypto.FILETYPE_PEM, pk)
cert = crypto.dump_certificate(crypto.FILETYPE_PEM, cert)
root = crypto.dump_certificate(crypto.FILETYPE_PEM, root)
cert = (
CertificateBuilder()
.subject_name(csr.subject)
.issuer_name(root.subject)
.not_valid_before(datetime.datetime.utcnow())
.not_valid_after(datetime.datetime.utcnow() + datetime.timedelta(days=3650))
.public_key(csr.public_key())
.serial_number(random.randint(1, 2**128))
.sign(rk, hashes.SHA256(), default_backend())
)

d = pk.to_cryptography_key().private_numbers().d
pd = d.to_bytes((d.bit_length() + 7) // 8, "little")
cred = sha256(pd).hexdigest()[::3]
with open(f"{CN}.pem", "wb") as output:
pem_private_key = pk.private_bytes(
encoding=serialization.Encoding.PEM,
format=serialization.PrivateFormat.TraditionalOpenSSL,
encryption_algorithm=serialization.NoEncryption(),
)
pem_cert = cert.public_bytes(serialization.Encoding.PEM)
pem_root = root.public_bytes(serialization.Encoding.PEM)

f = open("{}.pem".format(CN), "wb")
hdr = "LAMDA SSL CERTIFICATE (CN={},PASSWD={})".format(CN, cred)
os.chmod(f.name, 0o600)
d = pk.private_numbers().d
pd = d.to_bytes((d.bit_length() + 7) // 8, "little")
cred = sha256(pd).hexdigest()[::3]

f.write(hdr.encode())
f.write(b"\n")
f.write(pkey.strip())
f.write(b"\n")
f.write(cert.strip())
f.write(b"\n")
f.write(root.strip())
f.write(b"\n")
f.close()
header = f"LAMDA SSL CERTIFICATE (CN={CN},PASSWD={cred})\n"
output.write(header.encode())
output.write(pem_private_key.strip())
output.write(b"\n")
output.write(pem_cert.strip())
output.write(b"\n")
output.write(pem_root.strip())
output.write(b"\n")

0 comments on commit 7544a4e

Please # to comment.