aboutsummaryrefslogtreecommitdiff
path: root/profanity-aesgcm-handler
blob: 0ea5e1965c4faffc4677eda4b9368aaa9d6123a9 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
#!/usr/bin/env python3

import os
import re
import sys
import urllib.parse
from pathlib import Path

import requests
from cryptography.hazmat.primitives.ciphers.aead import AESGCM


home = Path.home()
if (home / "downloads").exists():
    DOWNLOAD_DIR = home / "downloads" / "xmpp"
    DOWNLOAD_DIR.mkdir(parents=True, exist_ok=True)
else:
    DOWNLOAD_DIR = home / "Downloads" / "xmpp"
    DOWNLOAD_DIR.mkdir(parents=True, exist_ok=True)

def log(msg: str) -> None:
    log_file = Path.home() / ".local" / "share" / "profanity-aesgcm" / "handler.log"
    log_file.parent.mkdir(parents=True, exist_ok=True)
    with log_file.open("a", encoding="utf-8") as f:
        f.write(msg + "\n")


def extract_uri(message: str) -> str | None:
    m = re.search(r'(aesgcm://\S+)', message)
    return m.group(1) if m else None


def parse_aesgcm_uri(uri: str):
    parsed = urllib.parse.urlparse(uri)

    if parsed.scheme != "aesgcm":
        raise ValueError("Unsupported scheme")

    fragment = parsed.fragment.strip()
    frag_hex = "".join(fragment.split())  # remove accidental spaces/newlines

    # XEP-0454 style: 12-byte IV (24 hex chars) + 32-byte key (64 hex chars)
    if len(frag_hex) < 88:
        raise ValueError(f"Fragment too short: {len(frag_hex)} hex chars")

    iv_hex = frag_hex[:24]
    key_hex = frag_hex[24:88]

    iv = bytes.fromhex(iv_hex)
    key = bytes.fromhex(key_hex)

    https_url = urllib.parse.urlunparse(("https", parsed.netloc, parsed.path, "", "", ""))
    filename = os.path.basename(parsed.path) or "download.bin"

    return https_url, filename, key, iv


def download_file(url: str) -> bytes:
    r = requests.get(url, timeout=60)
    r.raise_for_status()
    return r.content


def decrypt_xmpp_aesgcm(data: bytes, key: bytes, iv: bytes) -> bytes:
    # AESGCM.decrypt expects ciphertext || tag
    aesgcm = AESGCM(key)
    return aesgcm.decrypt(iv, data, None)


def unique_path(path: Path) -> Path:
    if not path.exists():
        return path

    stem = path.stem
    suffix = path.suffix

    for i in range(1, 1000):
        candidate = path.with_name(f"{stem}-{i}{suffix}")
        if not candidate.exists():
            return candidate

    raise RuntimeError("Could not create unique filename")

def main():
    if len(sys.argv) < 2:
        sys.exit(0)

    message = sys.argv[1]
    uri = extract_uri(message)
    if not uri:
        sys.exit(0)

    try:
        https_url, filename, key, iv = parse_aesgcm_uri(uri)
        enc = download_file(https_url)
        plain = decrypt_xmpp_aesgcm(enc, key, iv)

        out_path = unique_path(DOWNLOAD_DIR / filename)
        out_path.write_bytes(plain)

        log(f"OK saved: {out_path}")
        print(str(out_path))

        # Optional: uncomment if you want auto-open on desktop
        # os.system(f'xdg-open "{out_path}" >/dev/null 2>&1 &')

    except Exception as e:
        log(f"ERROR: {e}")
        sys.exit(1)


if __name__ == "__main__":
    main()