mirror of
https://gitea.com/bipinkrish/DeGourou.git
synced 2024-11-17 10:30:22 +00:00
Add files via upload
This commit is contained in:
parent
11e1c4b5ba
commit
cb5526a735
7 changed files with 3154 additions and 0 deletions
118
setup/customRSA.py
Normal file
118
setup/customRSA.py
Normal file
|
@ -0,0 +1,118 @@
|
|||
#!/usr/bin/env python3
|
||||
# -*- coding: utf-8 -*-
|
||||
|
||||
'''
|
||||
Use my own small RSA code so we don't have to include the huge
|
||||
python3-rsa just for these small bits.
|
||||
The original code used blinding and this one doesn't,
|
||||
but we don't really care about side-channel attacks ...
|
||||
'''
|
||||
|
||||
import sys
|
||||
|
||||
try:
|
||||
from Cryptodome.PublicKey import RSA
|
||||
except ImportError:
|
||||
# Some distros still ship this as Crypto
|
||||
from Crypto.PublicKey import RSA
|
||||
|
||||
class CustomRSA:
|
||||
|
||||
@staticmethod
|
||||
def encrypt_for_adobe_signature(signing_key, message):
|
||||
key = RSA.importKey(signing_key)
|
||||
keylen = CustomRSA.byte_size(key.n)
|
||||
padded = CustomRSA.pad_message(message, keylen)
|
||||
payload = CustomRSA.transform_bytes2int(padded)
|
||||
encrypted = CustomRSA.normal_encrypt(key, payload)
|
||||
block = CustomRSA.transform_int2bytes(encrypted, keylen)
|
||||
return bytearray(block)
|
||||
|
||||
@staticmethod
|
||||
def byte_size(number):
|
||||
# type: (int) -> int
|
||||
return (number.bit_length() + 7) // 8
|
||||
|
||||
@staticmethod
|
||||
def pad_message(message, target_len):
|
||||
# type: (bytes, int) -> bytes
|
||||
|
||||
# Padding always uses 0xFF
|
||||
# Returns: 00 01 PADDING 00 MESSAGE
|
||||
|
||||
max_message_length = target_len - 11
|
||||
message_length = len(message)
|
||||
|
||||
if message_length > max_message_length:
|
||||
raise OverflowError("Message too long, has %d bytes but only space for %d" % (message_length, max_message_length))
|
||||
|
||||
padding_len = target_len - message_length - 3
|
||||
|
||||
ret = bytearray(b"".join([b"\x00\x01", padding_len * b"\xff", b"\x00"]))
|
||||
ret.extend(bytes(message))
|
||||
|
||||
return ret
|
||||
|
||||
@staticmethod
|
||||
def normal_encrypt(key, message):
|
||||
|
||||
if message < 0 or message > key.n:
|
||||
raise ValueError("Invalid message")
|
||||
|
||||
encrypted = pow(message, key.d, key.n)
|
||||
return encrypted
|
||||
|
||||
@staticmethod
|
||||
def py2_int_to_bytes(value, length, big_endian = True):
|
||||
result = []
|
||||
|
||||
for i in range(0, length):
|
||||
result.append(value >> (i * 8) & 0xff)
|
||||
|
||||
if big_endian:
|
||||
result.reverse()
|
||||
|
||||
return result
|
||||
|
||||
@staticmethod
|
||||
def py2_bytes_to_int(bytes, big_endian = True):
|
||||
# type: (bytes, bool) -> int
|
||||
|
||||
my_bytes = bytes
|
||||
if not big_endian:
|
||||
my_bytes.reverse()
|
||||
|
||||
result = 0
|
||||
for b in my_bytes:
|
||||
result = result * 256 + int(b)
|
||||
|
||||
return result
|
||||
|
||||
@staticmethod
|
||||
def transform_bytes2int(raw_bytes):
|
||||
# type: (bytes) -> int
|
||||
|
||||
if sys.version_info[0] >= 3:
|
||||
return int.from_bytes(raw_bytes, "big", signed=False)
|
||||
|
||||
return CustomRSA.py2_bytes_to_int(raw_bytes, True)
|
||||
|
||||
|
||||
@staticmethod
|
||||
def transform_int2bytes(number, fill_size = 0):
|
||||
# type: (int, int) -> bytes
|
||||
|
||||
if number < 0:
|
||||
raise ValueError("Negative number")
|
||||
|
||||
size = None
|
||||
|
||||
if fill_size > 0:
|
||||
size = fill_size
|
||||
else:
|
||||
size = max(1, CustomRSA.byte_size(number))
|
||||
|
||||
if sys.version_info[0] >= 3:
|
||||
return number.to_bytes(size, "big")
|
||||
|
||||
return CustomRSA.py2_int_to_bytes(number, size, True)
|
130
setup/fulfill.py
Normal file
130
setup/fulfill.py
Normal file
|
@ -0,0 +1,130 @@
|
|||
#!/usr/bin/env python3
|
||||
# -*- coding: utf-8 -*-
|
||||
|
||||
'''
|
||||
This is an experimental Python version of libgourou.
|
||||
'''
|
||||
|
||||
# pyright: reportUndefinedVariable=false
|
||||
|
||||
import os, time, shutil
|
||||
|
||||
import zipfile
|
||||
from lxml import etree
|
||||
|
||||
from setup.libadobe import sendHTTPRequest_DL2FILE
|
||||
from setup.libadobeFulfill import buildRights, fulfill
|
||||
from setup.libpdf import patch_drm_into_pdf
|
||||
|
||||
FILE_DEVICEKEY = "devicesalt"
|
||||
FILE_DEVICEXML = "device.xml"
|
||||
FILE_ACTIVATIONXML = "activation.xml"
|
||||
|
||||
#######################################################################
|
||||
|
||||
|
||||
def download(replyData):
|
||||
# replyData: str
|
||||
adobe_fulfill_response = etree.fromstring(replyData)
|
||||
NSMAP = { "adept" : "http://ns.adobe.com/adept" }
|
||||
adNS = lambda tag: '{%s}%s' % ('http://ns.adobe.com/adept', tag)
|
||||
adDC = lambda tag: '{%s}%s' % ('http://purl.org/dc/elements/1.1/', tag)
|
||||
|
||||
# print (replyData)
|
||||
|
||||
download_url = adobe_fulfill_response.find("./%s/%s/%s" % (adNS("fulfillmentResult"), adNS("resourceItemInfo"), adNS("src"))).text
|
||||
resource_id = adobe_fulfill_response.find("./%s/%s/%s" % (adNS("fulfillmentResult"), adNS("resourceItemInfo"), adNS("resource"))).text
|
||||
license_token_node = adobe_fulfill_response.find("./%s/%s/%s" % (adNS("fulfillmentResult"), adNS("resourceItemInfo"), adNS("licenseToken")))
|
||||
|
||||
rights_xml_str = buildRights(license_token_node)
|
||||
|
||||
if (rights_xml_str is None):
|
||||
print("Building rights.xml failed!")
|
||||
return False
|
||||
|
||||
book_name = None
|
||||
|
||||
try:
|
||||
metadata_node = adobe_fulfill_response.find("./%s/%s/%s" % (adNS("fulfillmentResult"), adNS("resourceItemInfo"), adNS("metadata")))
|
||||
book_name = metadata_node.find("./%s" % (adDC("title"))).text
|
||||
except:
|
||||
book_name = "Book"
|
||||
|
||||
|
||||
# Download eBook:
|
||||
|
||||
print(download_url)
|
||||
filename_tmp = book_name + ".tmp"
|
||||
|
||||
dl_start_time = int(time.time() * 1000)
|
||||
ret = sendHTTPRequest_DL2FILE(download_url, filename_tmp)
|
||||
dl_end_time = int(time.time() * 1000)
|
||||
print("Download took %d milliseconds" % (dl_end_time - dl_start_time))
|
||||
|
||||
if (ret != 200):
|
||||
print("Download failed with error %d" % (ret))
|
||||
return False
|
||||
|
||||
with open(filename_tmp, "rb") as f:
|
||||
book_content = f.read(10)
|
||||
|
||||
filetype = ".bin"
|
||||
|
||||
if (book_content.startswith(b"PK")):
|
||||
print("That's a ZIP file -> EPUB")
|
||||
filetype = ".epub"
|
||||
elif (book_content.startswith(b"%PDF")):
|
||||
print("That's a PDF file")
|
||||
filetype = ".pdf"
|
||||
|
||||
filename = book_name + filetype
|
||||
shutil.move(filename_tmp, filename)
|
||||
|
||||
if filetype == ".epub":
|
||||
# Store EPUB rights / encryption stuff
|
||||
zf = zipfile.ZipFile(filename, "a")
|
||||
zf.writestr("META-INF/rights.xml", rights_xml_str)
|
||||
zf.close()
|
||||
|
||||
print("File successfully fulfilled")
|
||||
return filename
|
||||
|
||||
elif filetype == ".pdf":
|
||||
print("Successfully downloaded PDF, patching encryption ...")
|
||||
|
||||
adobe_fulfill_response = etree.fromstring(rights_xml_str)
|
||||
NSMAP = { "adept" : "http://ns.adobe.com/adept" }
|
||||
adNS = lambda tag: '{%s}%s' % ('http://ns.adobe.com/adept', tag)
|
||||
resource = adobe_fulfill_response.find("./%s/%s" % (adNS("licenseToken"), adNS("resource"))).text
|
||||
|
||||
os.rename(filename, "tmp_" + filename)
|
||||
ret = patch_drm_into_pdf("tmp_" + filename, rights_xml_str, filename, resource)
|
||||
os.remove("tmp_" + filename)
|
||||
if (ret):
|
||||
print("File successfully fulfilled")
|
||||
return filename
|
||||
else:
|
||||
print("Errors occurred while patching " + filename)
|
||||
return False
|
||||
|
||||
else:
|
||||
print("Error: Weird filetype")
|
||||
return False
|
||||
|
||||
|
||||
def downloadFile(file="URLLink.acsm"):
|
||||
|
||||
print("Fulfilling book '" + file + "' ...")
|
||||
success, replyData = fulfill(file)
|
||||
if (success is False):
|
||||
print("Hey, that didn't work!")
|
||||
print(replyData)
|
||||
else:
|
||||
print("Downloading book '" + file + "' ...")
|
||||
success = download(replyData)
|
||||
if (success is False):
|
||||
print("That didn't work!")
|
||||
else:
|
||||
return success
|
||||
|
||||
|
654
setup/libadobe.py
Normal file
654
setup/libadobe.py
Normal file
|
@ -0,0 +1,654 @@
|
|||
#!/usr/bin/env python3
|
||||
# -*- coding: utf-8 -*-
|
||||
|
||||
'''
|
||||
Helper library with code needed for Adobe stuff.
|
||||
'''
|
||||
|
||||
from uuid import getnode
|
||||
import sys, os, hashlib, base64
|
||||
import ssl
|
||||
|
||||
import urllib.request as ulib
|
||||
import urllib.error as uliberror
|
||||
|
||||
from datetime import datetime, timedelta
|
||||
|
||||
from lxml import etree
|
||||
|
||||
try:
|
||||
from Cryptodome import Random
|
||||
from Cryptodome.Cipher import AES
|
||||
from Cryptodome.Hash import SHA
|
||||
|
||||
except ImportError:
|
||||
# Some distros still ship Crypto
|
||||
from Crypto import Random
|
||||
from Crypto.Cipher import AES
|
||||
from Crypto.Hash import SHA
|
||||
|
||||
|
||||
#@@CALIBRE_COMPAT_CODE@@
|
||||
|
||||
|
||||
from setup.customRSA import CustomRSA
|
||||
|
||||
from oscrypto import keys
|
||||
from oscrypto.asymmetric import dump_certificate, dump_private_key
|
||||
|
||||
|
||||
VAR_ACS_SERVER_HTTP = "http://adeactivate.adobe.com/adept"
|
||||
VAR_ACS_SERVER_HTTPS = "https://adeactivate.adobe.com/adept"
|
||||
|
||||
FILE_DEVICEKEY = "devicesalt"
|
||||
FILE_DEVICEXML = "device.xml"
|
||||
FILE_ACTIVATIONXML = "activation.xml"
|
||||
|
||||
|
||||
# Lists of different ADE "versions" we know about
|
||||
VAR_VER_SUPP_CONFIG_NAMES = [ "ADE 1.7.2", "ADE 2.0.1", "ADE 3.0.1", "ADE 4.0.3", "ADE 4.5.10", "ADE 4.5.11" ]
|
||||
VAR_VER_SUPP_VERSIONS = [ "ADE WIN 9,0,1131,27", "2.0.1.78765", "3.0.1.91394", "4.0.3.123281",
|
||||
"com.adobe.adobedigitaleditions.exe v4.5.10.186048",
|
||||
"com.adobe.adobedigitaleditions.exe v4.5.11.187303" ]
|
||||
VAR_VER_HOBBES_VERSIONS = [ "9.0.1131.27", "9.3.58046", "10.0.85385", "12.0.123217", "12.5.4.186049", "12.5.4.187298" ]
|
||||
VAR_VER_OS_IDENTIFIERS = [ "Windows Vista", "Windows Vista", "Windows 8", "Windows 8", "Windows 8", "Windows 8" ]
|
||||
|
||||
|
||||
# "Missing" versions:
|
||||
# 1.7.1, 2.0, 3.0, 4.0, 4.0.1, 4.0.2, 4.5 to 4.5.9
|
||||
# 4.5.7.179634
|
||||
|
||||
# This is a list of ALL versions we know (and can potentially use if present in a config file).
|
||||
# Must have the same length / size as the four lists above.
|
||||
VAR_VER_BUILD_IDS = [ 1131, 78765, 91394, 123281, 186048, 187303 ]
|
||||
# Build ID 185749 also exists, that's a different (older) variant of 4.5.10.
|
||||
|
||||
# This is a list of versions that can be used for new authorizations:
|
||||
VAR_VER_ALLOWED_BUILD_IDS_AUTHORIZE = [ 78765, 91394, 123281, 187303 ]
|
||||
|
||||
# This is a list of versions to be displayed in the version changer.
|
||||
VAR_VER_ALLOWED_BUILD_IDS_SWITCH_TO = [ 1131, 78765, 91394, 123281, 187303 ]
|
||||
|
||||
# Versions >= this one are using HTTPS
|
||||
# According to changelogs, this is implemented as of ADE 4.0.1 - no idea what build ID that is.
|
||||
VAR_VER_NEED_HTTPS_BUILD_ID_LIMIT = 123281
|
||||
|
||||
# Versions >= this are using a different order for the XML elements in a FulfillmentNotification.
|
||||
# This doesn't matter for fulfillment at all, but I want to emulate ADE as accurately as possible.
|
||||
# Implemented as of ADE 4.0.0, no idea what exact build number that is.
|
||||
VAR_VER_USE_DIFFERENT_NOTIFICATION_XML_ORDER = 123281
|
||||
|
||||
# Default build ID to use - ADE 2.0.1
|
||||
VAR_VER_DEFAULT_BUILD_ID = 78765
|
||||
|
||||
|
||||
|
||||
def are_ade_version_lists_valid():
|
||||
# These five lists MUST all have the same amount of elements.
|
||||
# Otherwise that will cause all kinds of issues.
|
||||
|
||||
fail = False
|
||||
if len(VAR_VER_SUPP_CONFIG_NAMES) != len(VAR_VER_SUPP_VERSIONS):
|
||||
fail = True
|
||||
if len(VAR_VER_SUPP_CONFIG_NAMES) != len(VAR_VER_HOBBES_VERSIONS):
|
||||
fail = True
|
||||
if len(VAR_VER_SUPP_CONFIG_NAMES) != len(VAR_VER_OS_IDENTIFIERS):
|
||||
fail = True
|
||||
if len(VAR_VER_SUPP_CONFIG_NAMES) != len(VAR_VER_BUILD_IDS):
|
||||
fail = True
|
||||
|
||||
if fail:
|
||||
print("Internal error in ACSM Input: Mismatched version list lenghts.")
|
||||
print("This should never happen, please open a bug report.")
|
||||
return False
|
||||
|
||||
return True
|
||||
|
||||
|
||||
devkey_bytes = None
|
||||
|
||||
|
||||
|
||||
def get_devkey_path():
|
||||
global FILE_DEVICEKEY
|
||||
return FILE_DEVICEKEY
|
||||
def get_device_path():
|
||||
global FILE_DEVICEXML
|
||||
return FILE_DEVICEXML
|
||||
def get_activation_xml_path():
|
||||
global FILE_ACTIVATIONXML
|
||||
return FILE_ACTIVATIONXML
|
||||
|
||||
|
||||
def update_account_path(folder_path):
|
||||
# type: (str) -> None
|
||||
|
||||
global FILE_DEVICEKEY, FILE_DEVICEXML, FILE_ACTIVATIONXML
|
||||
|
||||
FILE_DEVICEKEY = os.path.join(folder_path, "devicesalt")
|
||||
FILE_DEVICEXML = os.path.join(folder_path, "device.xml")
|
||||
FILE_ACTIVATIONXML = os.path.join(folder_path, "activation.xml")
|
||||
|
||||
|
||||
def createDeviceKeyFile():
|
||||
# Original implementation: Device::createDeviceKeyFile()
|
||||
|
||||
DEVICE_KEY_SIZE = 16
|
||||
global devkey_bytes
|
||||
devkey_bytes = Random.get_random_bytes(DEVICE_KEY_SIZE)
|
||||
|
||||
f = open(FILE_DEVICEKEY, "wb")
|
||||
f.write(devkey_bytes)
|
||||
f.close()
|
||||
|
||||
def int_to_bytes(value, length, big_endian = True):
|
||||
# Helper function for Python2 only (big endian)
|
||||
# Python3 uses int.to_bytes()
|
||||
result = []
|
||||
|
||||
for i in range(0, length):
|
||||
result.append(value >> (i * 8) & 0xff)
|
||||
|
||||
if big_endian:
|
||||
result.reverse()
|
||||
|
||||
return result
|
||||
|
||||
def get_mac_address():
|
||||
mac1 = getnode()
|
||||
mac2 = getnode()
|
||||
if (mac1 != mac2) or ((mac1 >> 40) % 2):
|
||||
if sys.version_info[0] >= 3:
|
||||
return bytes([1, 2, 3, 4, 5, 0])
|
||||
else:
|
||||
return bytearray([1, 2, 3, 4, 5, 0])
|
||||
|
||||
if sys.version_info[0] >= 3:
|
||||
return mac1.to_bytes(6, byteorder='big')
|
||||
|
||||
return int_to_bytes(mac1, 6)
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
def makeSerial(random):
|
||||
# type: (bool) -> str
|
||||
|
||||
# Original implementation: std::string Device::makeSerial(bool random)
|
||||
|
||||
# It doesn't look like this implementation results in the same fingerprint Adobe is using in ADE.
|
||||
# Given that Adobe only ever sees the SHA1 hash of this value, that probably doesn't matter.
|
||||
|
||||
sha_out = None
|
||||
|
||||
if not random:
|
||||
try:
|
||||
# Linux
|
||||
uid = os.getuid()
|
||||
import pwd
|
||||
username = pwd.getpwuid(uid).pw_name.encode("utf-8").decode("latin-1")
|
||||
except:
|
||||
# Windows
|
||||
uid = 1000
|
||||
try:
|
||||
username = os.getlogin().encode("utf-8").decode("latin-1")
|
||||
except:
|
||||
import getpass
|
||||
username = getpass.getuser().encode("utf-8").decode("latin-1")
|
||||
|
||||
mac_address = get_mac_address()
|
||||
|
||||
dataToHash = "%d:%s:%02x:%02x:%02x:%02x:%02x:%02x\x00" % (uid, username,
|
||||
mac_address[0], mac_address[1], mac_address[2],
|
||||
mac_address[3], mac_address[4], mac_address[5])
|
||||
|
||||
sha_out = hashlib.sha1(dataToHash.encode('latin-1')).hexdigest().lower()
|
||||
else:
|
||||
import binascii
|
||||
sha_out = binascii.hexlify(Random.get_random_bytes(20)).lower()
|
||||
|
||||
return sha_out
|
||||
|
||||
def makeFingerprint(serial):
|
||||
# type: (str) -> str
|
||||
|
||||
# Original implementation: std::string Device::makeFingerprint(const std::string& serial)
|
||||
# base64(sha1(serial + privateKey))
|
||||
# Fingerprint must be 20 bytes or less.
|
||||
|
||||
global devkey_bytes
|
||||
if devkey_bytes is None:
|
||||
f = open(FILE_DEVICEKEY, "rb")
|
||||
devkey_bytes = f.read()
|
||||
f.close()
|
||||
|
||||
str_to_hash = serial.decode('latin-1') + devkey_bytes.decode('latin-1')
|
||||
hashed_str = hashlib.sha1(str_to_hash.encode('latin-1')).digest()
|
||||
b64str = base64.b64encode(hashed_str)
|
||||
|
||||
return b64str
|
||||
|
||||
|
||||
############################################## HTTP stuff:
|
||||
|
||||
def sendHTTPRequest_DL2FILE(URL, outputfile):
|
||||
# type: (str, str) -> int
|
||||
|
||||
headers = {
|
||||
"Accept": "*/*",
|
||||
"User-Agent": "book2png",
|
||||
# MacOS uses different User-Agent. Good thing we're emulating a Windows client.
|
||||
}
|
||||
req = ulib.Request(url=URL, headers=headers)
|
||||
handler = ulib.urlopen(req)
|
||||
|
||||
chunksize = 16 * 1024
|
||||
|
||||
ret_code = handler.getcode()
|
||||
|
||||
|
||||
loc = None
|
||||
try:
|
||||
loc = req.headers.get("Location")
|
||||
except:
|
||||
pass
|
||||
|
||||
if loc is not None:
|
||||
return sendHTTPRequest_DL2FILE(loc)
|
||||
|
||||
if ret_code != 200:
|
||||
return ret_code
|
||||
|
||||
with open(outputfile, "wb") as f:
|
||||
while True:
|
||||
chunk = handler.read(chunksize)
|
||||
if not chunk:
|
||||
break
|
||||
f.write(chunk)
|
||||
|
||||
return 200
|
||||
|
||||
def sendHTTPRequest_getSimple(URL):
|
||||
# type: (str) -> str
|
||||
|
||||
headers = {
|
||||
"Accept": "*/*",
|
||||
"User-Agent": "book2png",
|
||||
# MacOS uses different User-Agent. Good thing we're emulating a Windows client.
|
||||
}
|
||||
|
||||
# Ignore SSL:
|
||||
# It appears as if lots of book distributors have either invalid or expired certs ...
|
||||
# No idea how Adobe handles that (pinning?), but we can just ignore SSL errors and continue anyways.
|
||||
# Not the best solution, but it works.
|
||||
ctx = ssl.create_default_context()
|
||||
ctx.check_hostname = False
|
||||
ctx.verify_mode = ssl.CERT_NONE
|
||||
|
||||
req = ulib.Request(url=URL, headers=headers)
|
||||
handler = ulib.urlopen(req, context=ctx)
|
||||
|
||||
content = handler.read()
|
||||
|
||||
loc = None
|
||||
try:
|
||||
loc = req.headers.get("Location")
|
||||
except:
|
||||
pass
|
||||
|
||||
if loc is not None:
|
||||
return sendHTTPRequest_getSimple(loc)
|
||||
|
||||
return content
|
||||
|
||||
def sendPOSTHTTPRequest(URL, document, type, returnRC = False):
|
||||
# type: (str, bytes, str, bool) -> str
|
||||
|
||||
headers = {
|
||||
"Accept": "*/*",
|
||||
"User-Agent": "book2png",
|
||||
# MacOS uses different User-Agent. Good thing we're emulating a Windows client.
|
||||
"Content-Type": type
|
||||
}
|
||||
|
||||
# Ignore SSL:
|
||||
# It appears as if lots of book distributors have either invalid or expired certs ...
|
||||
# No idea how Adobe handles that (pinning?), but we can just ignore SSL errors and continue anyways.
|
||||
# Not the best solution, but it works.
|
||||
ctx = ssl.create_default_context()
|
||||
ctx.check_hostname = False
|
||||
ctx.verify_mode = ssl.CERT_NONE
|
||||
|
||||
# Make sure URL has a protocol
|
||||
# Some vendors (see issue #22) apparently don't include "http://" in some of their URLs.
|
||||
# Python returns an error when it encounters such a URL, so just add that prefix if it's not present.
|
||||
|
||||
if not "://" in URL:
|
||||
print("Provider is using malformed URL %s, fixing." % (URL))
|
||||
URL = "http://" + URL
|
||||
|
||||
req = ulib.Request(url=URL, headers=headers, data=document)
|
||||
try:
|
||||
handler = ulib.urlopen(req, context=ctx)
|
||||
except uliberror.HTTPError as err:
|
||||
# This happens with HTTP 500 and related errors.
|
||||
print("Post request caused HTTPError %d" % (err.code))
|
||||
if returnRC:
|
||||
return err.code, "Post request caused HTTPException"
|
||||
else:
|
||||
return None
|
||||
|
||||
except uliberror.URLError as err:
|
||||
# This happens if the hostname cannot be resolved.
|
||||
print("Post request failed with URLError")
|
||||
if returnRC:
|
||||
return 900, "Post request failed with URLError"
|
||||
else:
|
||||
return None
|
||||
|
||||
ret_code = handler.getcode()
|
||||
if (ret_code == 204 and returnRC):
|
||||
return 204, ""
|
||||
if (ret_code != 200):
|
||||
print("Post request returned something other than 200 - returned %d" % (ret_code))
|
||||
|
||||
content = handler.read()
|
||||
|
||||
loc = None
|
||||
try:
|
||||
loc = req.headers.get("Location")
|
||||
except:
|
||||
pass
|
||||
|
||||
if loc is not None:
|
||||
return sendPOSTHTTPRequest(loc, document, type, returnRC)
|
||||
|
||||
if returnRC:
|
||||
return ret_code, content
|
||||
|
||||
return content
|
||||
|
||||
|
||||
def sendHTTPRequest(URL):
|
||||
# type: (str) -> str
|
||||
return sendHTTPRequest_getSimple(URL)
|
||||
|
||||
|
||||
def sendRequestDocu(document, URL):
|
||||
# type: (str, str) -> str
|
||||
return sendPOSTHTTPRequest(URL, document.encode("utf-8"), "application/vnd.adobe.adept+xml", False)
|
||||
|
||||
def sendRequestDocuRC(document, URL):
|
||||
# type: (str, str) -> str
|
||||
return sendPOSTHTTPRequest(URL, document.encode("utf-8"), "application/vnd.adobe.adept+xml", True)
|
||||
|
||||
|
||||
|
||||
######### Encryption and signing ###################
|
||||
|
||||
|
||||
def encrypt_with_device_key(data):
|
||||
|
||||
data = bytearray(data)
|
||||
|
||||
global devkey_bytes
|
||||
if devkey_bytes is None:
|
||||
f = open(FILE_DEVICEKEY, "rb")
|
||||
devkey_bytes = f.read()
|
||||
f.close()
|
||||
|
||||
remain = 16
|
||||
if (len(data) % 16):
|
||||
remain = 16 - (len(data) % 16)
|
||||
|
||||
for _ in range(remain):
|
||||
data.append(remain)
|
||||
|
||||
data = bytes(data)
|
||||
|
||||
|
||||
iv = Random.get_random_bytes(16)
|
||||
cip = AES.new(devkey_bytes, AES.MODE_CBC, iv)
|
||||
encrypted = cip.encrypt(data)
|
||||
|
||||
res = iv + encrypted
|
||||
return res
|
||||
|
||||
def decrypt_with_device_key(data):
|
||||
|
||||
if isinstance(data, str):
|
||||
# Python2
|
||||
data = bytes(data)
|
||||
|
||||
global devkey_bytes
|
||||
if devkey_bytes is None:
|
||||
f = open(FILE_DEVICEKEY, "rb")
|
||||
devkey_bytes = f.read()
|
||||
f.close()
|
||||
|
||||
cip = AES.new(devkey_bytes, AES.MODE_CBC, data[:16])
|
||||
decrypted = bytearray(cip.decrypt(data[16:]))
|
||||
|
||||
# Remove padding
|
||||
decrypted = decrypted[:-decrypted[-1]]
|
||||
|
||||
return decrypted
|
||||
|
||||
|
||||
def addNonce():
|
||||
|
||||
# TODO: Update nonce calculation
|
||||
# Currently, the plugin always uses the current time, and the counter (tmp) is always 0.
|
||||
# What Adobe does instead is save the current time on program start, then increase tmp
|
||||
# every time a Nonce is needed.
|
||||
|
||||
dt = datetime.utcnow()
|
||||
sec = (dt - datetime(1970,1,1)).total_seconds()
|
||||
Ntime = int(sec * 1000)
|
||||
# Ntime is now milliseconds since 1970
|
||||
|
||||
# Unixtime to gregorian timestamp
|
||||
Ntime += 62167219200000
|
||||
|
||||
# Something is fishy with this tmp value. It usually is 0 in ADE, but not always.
|
||||
# I haven't yet figured out what it means ...
|
||||
tmp = 0
|
||||
|
||||
if sys.version_info[0] >= 3:
|
||||
final = bytearray(Ntime.to_bytes(8, 'little'))
|
||||
final.extend(tmp.to_bytes(4, 'little'))
|
||||
else:
|
||||
final = bytearray(int_to_bytes(Ntime, 8, False))
|
||||
final.extend(int_to_bytes(tmp, 4, True))
|
||||
|
||||
|
||||
ret = ""
|
||||
|
||||
ret += "<adept:nonce>%s</adept:nonce>" % (base64.b64encode(final).decode("utf-8"))
|
||||
|
||||
m10m = dt + timedelta(minutes=10)
|
||||
m10m_str = m10m.strftime("%Y-%m-%dT%H:%M:%SZ")
|
||||
|
||||
ret += "<adept:expiration>%s</adept:expiration>" % (m10m_str)
|
||||
|
||||
return ret
|
||||
|
||||
|
||||
def get_cert_from_pkcs12(_pkcs12, _key):
|
||||
|
||||
_, cert, _ = keys.parse_pkcs12(_pkcs12, _key)
|
||||
return dump_certificate(cert, encoding="der")
|
||||
|
||||
|
||||
|
||||
|
||||
def sign_node(node):
|
||||
|
||||
sha_hash = hash_node(node)
|
||||
sha_hash = sha_hash.digest()
|
||||
|
||||
# print("Hash is " + sha_hash.hex())
|
||||
|
||||
global devkey_bytes
|
||||
global pkcs12
|
||||
|
||||
if devkey_bytes is None:
|
||||
f = open(FILE_DEVICEKEY, "rb")
|
||||
devkey_bytes = f.read()
|
||||
f.close()
|
||||
|
||||
# Get private key
|
||||
|
||||
try:
|
||||
activationxml = etree.parse(FILE_ACTIVATIONXML)
|
||||
adNS = lambda tag: '{%s}%s' % ('http://ns.adobe.com/adept', tag)
|
||||
pkcs12 = activationxml.find("./%s/%s" % (adNS("credentials"), adNS("pkcs12"))).text
|
||||
except:
|
||||
return None
|
||||
|
||||
my_pkcs12 = base64.b64decode(pkcs12)
|
||||
my_priv_key, _, _ = keys.parse_pkcs12(my_pkcs12, base64.b64encode(devkey_bytes))
|
||||
my_priv_key = dump_private_key(my_priv_key, None, "der")
|
||||
|
||||
# textbook RSA with that private key
|
||||
|
||||
block = CustomRSA.encrypt_for_adobe_signature(my_priv_key, sha_hash)
|
||||
signature = base64.b64encode(block).decode()
|
||||
|
||||
# Debug
|
||||
# print("sig is %s\n" % block.hex())
|
||||
|
||||
return signature
|
||||
|
||||
|
||||
|
||||
|
||||
def hash_node(node):
|
||||
|
||||
hash_ctx = SHA.new()
|
||||
hash_node_ctx(node, hash_ctx)
|
||||
return hash_ctx
|
||||
|
||||
|
||||
|
||||
ASN_NONE = 0
|
||||
ASN_NS_TAG = 1 # aka "BEGIN_ELEMENT"
|
||||
ASN_CHILD = 2 # aka "END_ATTRIBUTES"
|
||||
ASN_END_TAG = 3 # aka "END_ELEMENT"
|
||||
ASN_TEXT = 4 # aka "TEXT_NODE"
|
||||
ASN_ATTRIBUTE = 5 # aka "ATTRIBUTE"
|
||||
|
||||
debug = False
|
||||
|
||||
def hash_node_ctx(node, hash_ctx):
|
||||
|
||||
qtag = etree.QName(node.tag)
|
||||
|
||||
if (qtag.localname == "hmac" or qtag.localname == "signature"):
|
||||
if (qtag.namespace == "http://ns.adobe.com/adept"):
|
||||
# Adobe HMAC and signature are not hashed
|
||||
return
|
||||
else:
|
||||
print("Warning: Found hmac or signature node in unexpected namespace " + qtag.namespace)
|
||||
|
||||
hash_do_append_tag(hash_ctx, ASN_NS_TAG)
|
||||
|
||||
if qtag.namespace is None:
|
||||
hash_do_append_string(hash_ctx, "")
|
||||
else:
|
||||
hash_do_append_string(hash_ctx, qtag.namespace)
|
||||
hash_do_append_string(hash_ctx, qtag.localname)
|
||||
|
||||
|
||||
attrKeys = node.keys()
|
||||
|
||||
# Attributes need to be sorted
|
||||
attrKeys.sort()
|
||||
# TODO Implement UTF-8 bytewise sorting:
|
||||
# "Attributes are sorted first by their namespaces and
|
||||
# then by their names; sorting is done bytewise on UTF-8
|
||||
# representations."
|
||||
|
||||
for attribute in attrKeys:
|
||||
# Hash all the attributes
|
||||
hash_do_append_tag(hash_ctx, ASN_ATTRIBUTE)
|
||||
|
||||
# Check for element namespace and hash that, if present:
|
||||
q_attribute = etree.QName(attribute)
|
||||
|
||||
# Hash element namespace (usually "")
|
||||
# If namespace is none, use "". Else, use namespace.
|
||||
hash_do_append_string(hash_ctx, "" if q_attribute.namespace is None else q_attribute.namespace)
|
||||
|
||||
# Hash (local) name and value
|
||||
hash_do_append_string(hash_ctx, q_attribute.localname)
|
||||
hash_do_append_string(hash_ctx, node.get(attribute))
|
||||
|
||||
hash_do_append_tag(hash_ctx, ASN_CHILD)
|
||||
|
||||
if (node.text is not None):
|
||||
# If there's raw text, hash that.
|
||||
|
||||
# This code block used to just be the following:
|
||||
# hash_do_append_tag(hash_ctx, ASN_TEXT)
|
||||
# hash_do_append_string(hash_ctx, node.text.strip())
|
||||
# though that only works with text nodes < 0x7fff.
|
||||
# While I doubt we'll ever encounter text nodes larger than 32k in
|
||||
# this application, I want to implement the spec correctly.
|
||||
# So there's a loop going over the text, hashing 32k chunks.
|
||||
|
||||
text = node.text.strip()
|
||||
textlen = len(text)
|
||||
if textlen > 0:
|
||||
done = 0
|
||||
remaining = 0
|
||||
while True:
|
||||
remaining = textlen - done
|
||||
if remaining > 0x7fff:
|
||||
#print("Warning: Why are we hashing a node larger than 32k?")
|
||||
remaining = 0x7fff
|
||||
|
||||
hash_do_append_tag(hash_ctx, ASN_TEXT)
|
||||
hash_do_append_string(hash_ctx, text[done:done+remaining])
|
||||
|
||||
done += remaining
|
||||
if done >= textlen:
|
||||
break
|
||||
|
||||
for child in node:
|
||||
# If there's child nodes, hash these as well.
|
||||
hash_node_ctx(child, hash_ctx)
|
||||
|
||||
|
||||
|
||||
hash_do_append_tag(hash_ctx, ASN_END_TAG)
|
||||
|
||||
|
||||
|
||||
def hash_do_append_string(hash_ctx, string):
|
||||
# type: (SHA.SHA1Hash, str) -> None
|
||||
|
||||
if sys.version_info[0] >= 3:
|
||||
str_bytes = bytes(string, encoding="utf-8")
|
||||
else:
|
||||
str_bytes = bytes(string)
|
||||
|
||||
length = len(str_bytes)
|
||||
len_upper = int(length / 256)
|
||||
len_lower = int(length & 0xFF)
|
||||
|
||||
hash_do_append_raw_bytes(hash_ctx, [len_upper, len_lower])
|
||||
hash_do_append_raw_bytes(hash_ctx, str_bytes)
|
||||
|
||||
def hash_do_append_tag(hash_ctx, tag):
|
||||
# type: (SHA.SHA1Hash, int) -> None
|
||||
|
||||
if (tag > 5):
|
||||
return
|
||||
|
||||
hash_do_append_raw_bytes(hash_ctx, [tag])
|
||||
|
||||
def hash_do_append_raw_bytes(hash_ctx, data):
|
||||
# type: (SHA.SHA1Hash, bytes) -> None
|
||||
hash_ctx.update(bytearray(data))
|
910
setup/libadobeAccount.py
Normal file
910
setup/libadobeAccount.py
Normal file
|
@ -0,0 +1,910 @@
|
|||
from lxml import etree
|
||||
import base64
|
||||
import locale, platform
|
||||
|
||||
try:
|
||||
from Cryptodome.PublicKey import RSA
|
||||
from Cryptodome.Util.asn1 import DerSequence
|
||||
from Cryptodome.Cipher import PKCS1_v1_5
|
||||
except ImportError:
|
||||
# Some distros ship this as Crypto still.
|
||||
from Crypto.PublicKey import RSA
|
||||
from Crypto.Util.asn1 import DerSequence
|
||||
from Crypto.Cipher import PKCS1_v1_5
|
||||
|
||||
#@@CALIBRE_COMPAT_CODE@@
|
||||
|
||||
|
||||
from setup.libadobe import addNonce, sign_node, sendRequestDocu, sendHTTPRequest
|
||||
from setup.libadobe import makeFingerprint, makeSerial, encrypt_with_device_key, decrypt_with_device_key
|
||||
from setup.libadobe import get_devkey_path, get_device_path, get_activation_xml_path
|
||||
from setup.libadobe import VAR_VER_SUPP_CONFIG_NAMES, VAR_VER_HOBBES_VERSIONS, VAR_VER_OS_IDENTIFIERS
|
||||
from setup.libadobe import VAR_VER_ALLOWED_BUILD_IDS_SWITCH_TO, VAR_VER_SUPP_VERSIONS, VAR_ACS_SERVER_HTTP
|
||||
from setup.libadobe import VAR_ACS_SERVER_HTTPS, VAR_VER_BUILD_IDS, VAR_VER_NEED_HTTPS_BUILD_ID_LIMIT, VAR_VER_ALLOWED_BUILD_IDS_AUTHORIZE
|
||||
|
||||
|
||||
def createDeviceFile(randomSerial, useVersionIndex = 0):
|
||||
# type: (bool, int) -> bool
|
||||
|
||||
# Original implementation: Device::createDeviceFile(const std::string& hobbes, bool randomSerial)
|
||||
|
||||
if useVersionIndex >= len(VAR_VER_SUPP_CONFIG_NAMES):
|
||||
return False
|
||||
|
||||
try:
|
||||
build_id = VAR_VER_BUILD_IDS[useVersionIndex]
|
||||
except:
|
||||
return False
|
||||
|
||||
if build_id not in VAR_VER_ALLOWED_BUILD_IDS_AUTHORIZE:
|
||||
# ADE 1.7.2 or another version that authorization is disabled for
|
||||
return False
|
||||
|
||||
serial = makeSerial(randomSerial)
|
||||
fingerprint = makeFingerprint(serial)
|
||||
|
||||
NSMAP = { "adept" : "http://ns.adobe.com/adept" }
|
||||
etree.register_namespace("adept", NSMAP["adept"])
|
||||
|
||||
root = etree.Element(etree.QName(NSMAP["adept"], "deviceInfo"))
|
||||
etree.SubElement(root, etree.QName(NSMAP["adept"], "deviceType")).text = "standalone"
|
||||
|
||||
# These three elements are not supposed to be sent to Adobe:
|
||||
etree.SubElement(root, etree.QName(NSMAP["adept"], "deviceClass")).text = "Desktop"
|
||||
etree.SubElement(root, etree.QName(NSMAP["adept"], "deviceSerial")).text = serial
|
||||
etree.SubElement(root, etree.QName(NSMAP["adept"], "deviceName")).text = platform.uname()[1]
|
||||
# ##
|
||||
|
||||
atr_ver = etree.SubElement(root, etree.QName(NSMAP["adept"], "version"))
|
||||
atr_ver.set("name", "hobbes")
|
||||
atr_ver.set("value", VAR_VER_HOBBES_VERSIONS[useVersionIndex])
|
||||
|
||||
atr_ver2 = etree.SubElement(root, etree.QName(NSMAP["adept"], "version"))
|
||||
atr_ver2.set("name", "clientOS")
|
||||
|
||||
# This used to contain code to actually read the user's operating system.
|
||||
# That's probably not a good idea because then Adobe sees a bunch of requests from "Linux"
|
||||
#atr_ver2.set("value", platform.system() + " " + platform.release())
|
||||
atr_ver2.set("value", VAR_VER_OS_IDENTIFIERS[useVersionIndex])
|
||||
|
||||
atr_ver3 = etree.SubElement(root, etree.QName(NSMAP["adept"], "version"))
|
||||
atr_ver3.set("name", "clientLocale")
|
||||
|
||||
language = None
|
||||
try:
|
||||
language = locale.getdefaultlocale()[0].split('_')[0]
|
||||
except:
|
||||
pass
|
||||
if language is None or language == "":
|
||||
# Can sometimes happen on MacOS with default English language
|
||||
language = "en"
|
||||
|
||||
atr_ver3.set("value", language)
|
||||
|
||||
etree.SubElement(root, etree.QName(NSMAP["adept"], "fingerprint")).text = fingerprint
|
||||
|
||||
f = open(get_device_path(), "w")
|
||||
f.write("<?xml version=\"1.0\"?>\n")
|
||||
f.write(etree.tostring(root, encoding="utf-8", pretty_print=True, xml_declaration=False).decode("latin-1"))
|
||||
f.close()
|
||||
|
||||
return True
|
||||
|
||||
def getAuthMethodsAndCert():
|
||||
# Queries the /AuthenticationServiceInfo endpoint to get a list
|
||||
# of available ID providers.
|
||||
# Returns a list of providers, and the login certificate.
|
||||
|
||||
# The login certificate stuff would usually be handled elsewhere,
|
||||
# but that would require another request to Adobe's servers
|
||||
# which is not what we want (as ADE only performs one request, too),
|
||||
# so we need to store this cert.
|
||||
|
||||
# If you DO call this method before calling createUser,
|
||||
# it is your responsibility to pass the authCert returned by this function
|
||||
# to the createUser function call.
|
||||
# Otherwise the plugin will not look 100% like ADE to Adobe.
|
||||
|
||||
authenticationURL = VAR_ACS_SERVER_HTTP + "/AuthenticationServiceInfo"
|
||||
response2 = sendHTTPRequest(authenticationURL)
|
||||
|
||||
adobe_response_xml2 = etree.fromstring(response2)
|
||||
|
||||
adNS = lambda tag: '{%s}%s' % ('http://ns.adobe.com/adept', tag)
|
||||
|
||||
try:
|
||||
authCert = None
|
||||
authCert = adobe_response_xml2.find("./%s" % (adNS("certificate"))).text
|
||||
except:
|
||||
pass
|
||||
|
||||
# Get sign-in methods.
|
||||
sign_in_methods = adobe_response_xml2.findall("./%s/%s" % (adNS("signInMethods"), adNS("signInMethod")))
|
||||
|
||||
aid_ids = []
|
||||
aid_names = []
|
||||
|
||||
for method in sign_in_methods:
|
||||
mid = method.get("method", None)
|
||||
txt = method.text
|
||||
|
||||
if mid != "anonymous":
|
||||
aid_ids.append(mid)
|
||||
aid_names.append(txt)
|
||||
|
||||
return [aid_ids, aid_names], authCert
|
||||
|
||||
|
||||
|
||||
|
||||
def createUser(useVersionIndex = 0, authCert = None):
|
||||
|
||||
if useVersionIndex >= len(VAR_VER_SUPP_CONFIG_NAMES):
|
||||
return False, "Invalid Version index", [[], []]
|
||||
|
||||
NSMAP = { "adept" : "http://ns.adobe.com/adept" }
|
||||
|
||||
root = etree.Element("activationInfo")
|
||||
root.set("xmlns", NSMAP["adept"])
|
||||
|
||||
etree.register_namespace("adept", NSMAP["adept"])
|
||||
|
||||
activationServiceInfo = etree.SubElement(root, etree.QName(NSMAP["adept"], "activationServiceInfo"))
|
||||
|
||||
useHTTPS = False
|
||||
if VAR_VER_BUILD_IDS[useVersionIndex] >= VAR_VER_NEED_HTTPS_BUILD_ID_LIMIT:
|
||||
useHTTPS = True
|
||||
|
||||
|
||||
if useHTTPS:
|
||||
# ADE 4.X uses HTTPS
|
||||
activationURL = VAR_ACS_SERVER_HTTPS + "/ActivationServiceInfo"
|
||||
else:
|
||||
activationURL = VAR_ACS_SERVER_HTTP + "/ActivationServiceInfo"
|
||||
|
||||
response = sendHTTPRequest(activationURL)
|
||||
|
||||
#print("======================================================")
|
||||
#print("Sending request to " + activationURL)
|
||||
#print("got response:")
|
||||
#print(response)
|
||||
#print("======================================================")
|
||||
|
||||
adobe_response_xml = etree.fromstring(response)
|
||||
|
||||
adNS = lambda tag: '{%s}%s' % ('http://ns.adobe.com/adept', tag)
|
||||
|
||||
authURL = adobe_response_xml.find("./%s" % (adNS("authURL"))).text
|
||||
userInfoURL = adobe_response_xml.find("./%s" % (adNS("userInfoURL"))).text
|
||||
certificate = adobe_response_xml.find("./%s" % (adNS("certificate"))).text
|
||||
|
||||
if (authURL is None or userInfoURL is None or certificate is None):
|
||||
return False, "Error: Unexpected reply from Adobe.", [[], []]
|
||||
|
||||
etree.SubElement(activationServiceInfo, etree.QName(NSMAP["adept"], "authURL")).text = authURL
|
||||
etree.SubElement(activationServiceInfo, etree.QName(NSMAP["adept"], "userInfoURL")).text = userInfoURL
|
||||
if useHTTPS:
|
||||
# ADE 4.X uses HTTPS
|
||||
etree.SubElement(activationServiceInfo, etree.QName(NSMAP["adept"], "activationURL")).text = VAR_ACS_SERVER_HTTPS
|
||||
else:
|
||||
etree.SubElement(activationServiceInfo, etree.QName(NSMAP["adept"], "activationURL")).text = VAR_ACS_SERVER_HTTP
|
||||
etree.SubElement(activationServiceInfo, etree.QName(NSMAP["adept"], "certificate")).text = certificate
|
||||
|
||||
|
||||
if authCert is None:
|
||||
# This is not supposed to happen, but if it does, then just query it again from Adobe.
|
||||
authenticationURL = authURL + "/AuthenticationServiceInfo"
|
||||
response2 = sendHTTPRequest(authenticationURL)
|
||||
|
||||
adobe_response_xml2 = etree.fromstring(response2)
|
||||
authCert = adobe_response_xml2.find("./%s" % (adNS("certificate"))).text
|
||||
|
||||
|
||||
etree.SubElement(activationServiceInfo, etree.QName(NSMAP["adept"], "authenticationCertificate")).text = authCert
|
||||
|
||||
|
||||
f = open(get_activation_xml_path(), "w")
|
||||
f.write("<?xml version=\"1.0\"?>\n")
|
||||
f.write(etree.tostring(root, encoding="utf-8", pretty_print=True, xml_declaration=False).decode("latin-1"))
|
||||
f.close()
|
||||
|
||||
return True, "Done"
|
||||
|
||||
def encryptLoginCredentials(username, password, authenticationCertificate):
|
||||
# type: (str, str, str) -> bytes
|
||||
|
||||
from setup.libadobe import devkey_bytes as devkey_adobe
|
||||
import struct
|
||||
|
||||
if devkey_adobe is not None:
|
||||
devkey_bytes = devkey_adobe
|
||||
else:
|
||||
f = open(get_devkey_path(), "rb")
|
||||
devkey_bytes = f.read()
|
||||
f.close()
|
||||
|
||||
_authenticationCertificate = base64.b64decode(authenticationCertificate)
|
||||
|
||||
# Build buffer <devkey_bytes> <len username> <username> <len password> <password>
|
||||
|
||||
ar = bytearray(devkey_bytes)
|
||||
ar.extend(bytearray(struct.pack("B", len(username))))
|
||||
ar.extend(bytearray(username.encode("latin-1")))
|
||||
ar.extend(bytearray(struct.pack("B", len(password))))
|
||||
ar.extend(bytearray(password.encode("latin-1")))
|
||||
|
||||
# Crypt code from https://stackoverflow.com/a/12921889/4991648
|
||||
cert = DerSequence()
|
||||
cert.decode(_authenticationCertificate)
|
||||
tbsCertificate = DerSequence()
|
||||
tbsCertificate.decode(cert[0])
|
||||
subjectPublicKeyInfo = tbsCertificate[6]
|
||||
|
||||
rsakey = RSA.importKey(subjectPublicKeyInfo)
|
||||
cipherAC = PKCS1_v1_5.new(rsakey)
|
||||
crypted_msg = cipherAC.encrypt(bytes(ar))
|
||||
|
||||
return crypted_msg
|
||||
|
||||
|
||||
def buildSignInRequestForAnonAuthConvert(username, password, authenticationCertificate):
|
||||
# type: (str, str, str) -> str
|
||||
|
||||
NSMAP = { "adept" : "http://ns.adobe.com/adept" }
|
||||
etree.register_namespace("adept", NSMAP["adept"])
|
||||
|
||||
root = etree.Element(etree.QName(NSMAP["adept"], "signIn"))
|
||||
root.set("method", "AdobeID")
|
||||
|
||||
crypted_msg = encryptLoginCredentials(username, password, authenticationCertificate)
|
||||
|
||||
etree.SubElement(root, etree.QName(NSMAP["adept"], "signInData")).text = base64.b64encode(crypted_msg)
|
||||
|
||||
try:
|
||||
activationxml = etree.parse(get_activation_xml_path())
|
||||
adNS = lambda tag: '{%s}%s' % ('http://ns.adobe.com/adept', tag)
|
||||
user_uuid = activationxml.find("./%s/%s" % (adNS("credentials"), adNS("user"))).text
|
||||
except:
|
||||
return None
|
||||
|
||||
# Note: I tried replacing the user_uuid with the UUID of another (anonymous) authorization
|
||||
# to see if it was possible to take over another account, but that didn't work. That's the reason
|
||||
# why this request has the signature node, the payload needs to be signed with the user certificate
|
||||
# that matches the UUID in the <adept:user> tag.
|
||||
|
||||
etree.SubElement(root, etree.QName(NSMAP["adept"], "user")).text = user_uuid
|
||||
signature = sign_node(root)
|
||||
etree.SubElement(root, etree.QName(NSMAP["adept"], "signature")).text = signature
|
||||
|
||||
return "<?xml version=\"1.0\"?>\n" + etree.tostring(root, encoding="utf-8", pretty_print=True, xml_declaration=False).decode("latin-1")
|
||||
|
||||
|
||||
def buildSignInRequest(type, username, password, authenticationCertificate):
|
||||
# type: (str, str, str, str) -> str
|
||||
|
||||
NSMAP = { "adept" : "http://ns.adobe.com/adept" }
|
||||
etree.register_namespace("adept", NSMAP["adept"])
|
||||
|
||||
root = etree.Element(etree.QName(NSMAP["adept"], "signIn"))
|
||||
root.set("method", type)
|
||||
|
||||
crypted_msg = encryptLoginCredentials(username, password, authenticationCertificate)
|
||||
|
||||
etree.SubElement(root, etree.QName(NSMAP["adept"], "signInData")).text = base64.b64encode(crypted_msg)
|
||||
|
||||
# Generate Auth key and License Key
|
||||
authkey = RSA.generate(1024, e=65537)
|
||||
licensekey = RSA.generate(1024, e=65537)
|
||||
|
||||
authkey_pub = authkey.publickey().exportKey("DER")
|
||||
authkey_priv = authkey.exportKey("DER", pkcs=8)
|
||||
authkey_priv_enc = encrypt_with_device_key(authkey_priv)
|
||||
|
||||
licensekey_pub = licensekey.publickey().exportKey("DER")
|
||||
licensekey_priv = licensekey.exportKey("DER", pkcs=8)
|
||||
licensekey_priv_enc = encrypt_with_device_key(licensekey_priv)
|
||||
|
||||
|
||||
etree.SubElement(root, etree.QName(NSMAP["adept"], "publicAuthKey")).text = base64.b64encode(authkey_pub)
|
||||
etree.SubElement(root, etree.QName(NSMAP["adept"], "encryptedPrivateAuthKey")).text = base64.b64encode(authkey_priv_enc)
|
||||
|
||||
etree.SubElement(root, etree.QName(NSMAP["adept"], "publicLicenseKey")).text = base64.b64encode(licensekey_pub)
|
||||
etree.SubElement(root, etree.QName(NSMAP["adept"], "encryptedPrivateLicenseKey")).text = base64.b64encode(licensekey_priv_enc)
|
||||
|
||||
return "<?xml version=\"1.0\"?>\n" + etree.tostring(root, encoding="utf-8", pretty_print=True, xml_declaration=False).decode("latin-1")
|
||||
|
||||
|
||||
def convertAnonAuthToAccount(username, passwd):
|
||||
|
||||
# If you have an anonymous authorization, you can convert that to an AdobeID.
|
||||
# Important: You can only do this ONCE for each AdobeID.
|
||||
# The AdobeID you are using for this must not be connected to any ADE install.
|
||||
|
||||
# This is intended for cases where people install ADE, use an anonymous auth,
|
||||
# buy a couple books, and then decide to get a fresh AdobeID.
|
||||
|
||||
# Get authenticationCertificate
|
||||
try:
|
||||
activationxml = etree.parse(get_activation_xml_path())
|
||||
adNS = lambda tag: '{%s}%s' % ('http://ns.adobe.com/adept', tag)
|
||||
authenticationCertificate = activationxml.find("./%s/%s" % (adNS("activationServiceInfo"), adNS("authenticationCertificate"))).text
|
||||
except:
|
||||
return False, "Missing authenticationCertificate"
|
||||
|
||||
if authenticationCertificate == "":
|
||||
return False, "Empty authenticationCertificate"
|
||||
|
||||
linkRequest = buildSignInRequestForAnonAuthConvert(username, passwd, authenticationCertificate)
|
||||
signInURL = activationxml.find("./%s/%s" % (adNS("activationServiceInfo"), adNS("authURL"))).text + "/AddSignInDirect"
|
||||
linkResponse = sendRequestDocu(linkRequest, signInURL)
|
||||
|
||||
try:
|
||||
credentialsXML = etree.fromstring(linkResponse)
|
||||
|
||||
if (credentialsXML.tag == adNS("error")):
|
||||
err = credentialsXML.get("data")
|
||||
err_parts = err.split(' ')
|
||||
if err_parts[0] == "E_AUTH_USER_ALREADY_REGISTERED":
|
||||
# This error happens when you're not using a "fresh" AdobeID.
|
||||
# The AdobeID already has an UUID and authentication data, thus
|
||||
# it cannot be set up using the data from the anonymous authorization.
|
||||
try:
|
||||
return False, "Can't link anon auth " + err_parts[2] + " to account, account already has user ID " + err_parts[3]
|
||||
except:
|
||||
pass
|
||||
|
||||
elif err_parts[0] == "E_AUTH_USERID_INUSE":
|
||||
# This error happens when the UUID of the anonymous auth is already
|
||||
# in use by a given AdobeID.
|
||||
# This can happen if you have one anonymous auth, export that,
|
||||
# then convert it to AdobeID A, then re-import the backed-up anonymous auth
|
||||
# (or use another computer that has the identical cloned anonymous auth)
|
||||
# and then try to link that auth to another AdobeID B.
|
||||
# Adobe then notices that the anonymous authorization you're trying to link
|
||||
# has already been linked to an Adobe account.
|
||||
try:
|
||||
return False, "Can't link anon auth: Anon auth " + err_parts[3] + " has already been linked to another AdobeID"
|
||||
except:
|
||||
pass
|
||||
|
||||
return False, "Can't link anon auth to account: " + err
|
||||
|
||||
elif (credentialsXML.tag != adNS("success")):
|
||||
return False, "Invalid main tag " + credentialsXML.tag
|
||||
except:
|
||||
return False, "Invalid response to login request"
|
||||
|
||||
|
||||
# If we end up here, the account linking was successful. Now we just need to update the activation.xml accordingly.
|
||||
|
||||
activationxml = etree.parse(get_activation_xml_path())
|
||||
adNS = lambda tag: '{%s}%s' % ('http://ns.adobe.com/adept', tag)
|
||||
cred_node = activationxml.find("./%s" % (adNS("credentials")))
|
||||
|
||||
|
||||
NSMAP = { "adept" : "http://ns.adobe.com/adept" }
|
||||
tmp_node = etree.SubElement(cred_node, etree.QName(NSMAP["adept"], "username"))
|
||||
|
||||
# Adobe / ADE only supports this account linking for AdobeID accounts, not for any Vendor IDs.
|
||||
tmp_node.set("method", "AdobeID")
|
||||
tmp_node.text = username
|
||||
|
||||
# Write to file
|
||||
f = open(get_activation_xml_path(), "w")
|
||||
f.write("<?xml version=\"1.0\"?>\n")
|
||||
f.write(etree.tostring(activationxml, encoding="utf-8", pretty_print=True, xml_declaration=False).decode("latin-1"))
|
||||
f.close()
|
||||
|
||||
|
||||
return True, "Account linking successful"
|
||||
|
||||
|
||||
|
||||
|
||||
def signIn(account_type, username, passwd):
|
||||
|
||||
|
||||
# Get authenticationCertificate
|
||||
activationxml = etree.parse(get_activation_xml_path())
|
||||
adNS = lambda tag: '{%s}%s' % ('http://ns.adobe.com/adept', tag)
|
||||
authenticationCertificate = activationxml.find("./%s/%s" % (adNS("activationServiceInfo"), adNS("authenticationCertificate"))).text
|
||||
|
||||
|
||||
# Type = "AdobeID" or "anonymous". For "anonymous", username and passwd need to be the empty string.
|
||||
signInRequest = buildSignInRequest(account_type, username, passwd, authenticationCertificate)
|
||||
|
||||
signInURL = activationxml.find("./%s/%s" % (adNS("activationServiceInfo"), adNS("authURL"))).text + "/SignInDirect"
|
||||
|
||||
credentials = sendRequestDocu(signInRequest, signInURL)
|
||||
|
||||
|
||||
#print("======================================================")
|
||||
#print("Sending request to " + signInURL)
|
||||
#print("Payload:")
|
||||
#print(signInRequest)
|
||||
#print("got response:")
|
||||
#print(credentials)
|
||||
#print("======================================================")
|
||||
|
||||
|
||||
try:
|
||||
credentialsXML = etree.fromstring(credentials)
|
||||
|
||||
if (credentialsXML.tag == adNS("error")):
|
||||
err = credentialsXML.get("data")
|
||||
if ("E_AUTH_FAILED" in err and "CUS05051" in err):
|
||||
return False, "Invalid username or password!"
|
||||
elif ("E_AUTH_FAILED" in err and "LOGIN_FAILED" in err):
|
||||
return False, "E_AUTH_FAILED/LOGIN_FAILED. If you have 2FA enabled, please disable that and try again."
|
||||
else:
|
||||
return False, "Unknown Adobe error:" + credentials
|
||||
|
||||
elif (credentialsXML.tag == adNS("credentials")):
|
||||
pass
|
||||
#print("Login successful")
|
||||
else:
|
||||
return False, "Invalid main tag " + credentialsXML.tag
|
||||
|
||||
|
||||
except:
|
||||
return False, "Invalid response to login request"
|
||||
|
||||
# Got correct credentials
|
||||
|
||||
private_key_data_encrypted = credentialsXML.find("./%s" % (adNS("encryptedPrivateLicenseKey"))).text
|
||||
private_key_data_encrypted = base64.b64decode(private_key_data_encrypted)
|
||||
private_key_data = decrypt_with_device_key(private_key_data_encrypted)
|
||||
|
||||
|
||||
# Okay, now we got the credential response correct. Now "just" apply all these to the main activation.xml
|
||||
|
||||
f = open(get_activation_xml_path(), "w")
|
||||
|
||||
f.write("<?xml version=\"1.0\"?>\n")
|
||||
f.write(etree.tostring(activationxml, encoding="utf-8", pretty_print=True, xml_declaration=False).decode("latin-1").replace("</activationInfo>", ""))
|
||||
|
||||
# Yeah, that's ugly, but I didn't get etree to work with the different Namespaces ...
|
||||
|
||||
f.write("<adept:credentials xmlns:adept=\"http://ns.adobe.com/adept\">\n")
|
||||
f.write("<adept:user>%s</adept:user>\n" % (credentialsXML.find("./%s" % (adNS("user"))).text))
|
||||
if account_type != "anonymous":
|
||||
f.write("<adept:username method=\"%s\">%s</adept:username>\n" % (credentialsXML.find("./%s" % (adNS("username"))).get("method", account_type), credentialsXML.find("./%s" % (adNS("username"))).text))
|
||||
f.write("<adept:pkcs12>%s</adept:pkcs12>\n" % (credentialsXML.find("./%s" % (adNS("pkcs12"))).text))
|
||||
f.write("<adept:licenseCertificate>%s</adept:licenseCertificate>\n" % (credentialsXML.find("./%s" % (adNS("licenseCertificate"))).text))
|
||||
f.write("<adept:privateLicenseKey>%s</adept:privateLicenseKey>\n" % (base64.b64encode(private_key_data).decode("latin-1")))
|
||||
f.write("<adept:authenticationCertificate>%s</adept:authenticationCertificate>\n" % (authenticationCertificate))
|
||||
f.write("</adept:credentials>\n")
|
||||
f.write("</activationInfo>\n")
|
||||
|
||||
f.close()
|
||||
|
||||
return True, "Done"
|
||||
|
||||
def exportProxyAuth(act_xml_path, activationToken):
|
||||
# This authorizes a tethered device.
|
||||
# ret, data = exportProxyAuth(act_xml_path, data)
|
||||
|
||||
activationxml = etree.parse(get_activation_xml_path())
|
||||
adNS = lambda tag: '{%s}%s' % ('http://ns.adobe.com/adept', tag)
|
||||
|
||||
# At some point I should probably rewrite this, but I want to be sure the format is
|
||||
# correct so I'm recreating the whole XML myself.
|
||||
|
||||
rt_si_authURL = activationxml.find("./%s/%s" % (adNS("activationServiceInfo"), adNS("authURL"))).text
|
||||
rt_si_userInfoURL = activationxml.find("./%s/%s" % (adNS("activationServiceInfo"), adNS("userInfoURL"))).text
|
||||
rt_si_activationURL = activationxml.find("./%s/%s" % (adNS("activationServiceInfo"), adNS("activationURL"))).text
|
||||
rt_si_certificate = activationxml.find("./%s/%s" % (adNS("activationServiceInfo"), adNS("certificate"))).text
|
||||
|
||||
rt_c_user = activationxml.find("./%s/%s" % (adNS("credentials"), adNS("user"))).text
|
||||
rt_c_licenseCertificate = activationxml.find("./%s/%s" % (adNS("credentials"), adNS("licenseCertificate"))).text
|
||||
rt_c_privateLicenseKey = activationxml.find("./%s/%s" % (adNS("credentials"), adNS("privateLicenseKey"))).text
|
||||
rt_c_authenticationCertificate = activationxml.find("./%s/%s" % (adNS("credentials"), adNS("authenticationCertificate"))).text
|
||||
|
||||
rt_c_username = None
|
||||
rt_c_usernameMethod = None
|
||||
|
||||
try:
|
||||
rt_c_username = activationxml.find("./%s/%s" % (adNS("credentials"), adNS("username"))).text
|
||||
rt_c_usernameMethod = activationxml.find("./%s/%s" % (adNS("credentials"), adNS("username"))).get("method", "AdobeID")
|
||||
except:
|
||||
pass
|
||||
|
||||
|
||||
ret = "<?xml version=\"1.0\"?>"
|
||||
ret += "<activationInfo xmlns=\"http://ns.adobe.com/adept\">"
|
||||
ret += "<adept:activationServiceInfo xmlns:adept=\"http://ns.adobe.com/adept\">"
|
||||
ret += "<adept:authURL>%s</adept:authURL>" % (rt_si_authURL)
|
||||
ret += "<adept:userInfoURL>%s</adept:userInfoURL>" % (rt_si_userInfoURL)
|
||||
ret += "<adept:activationURL>%s</adept:activationURL>" % (rt_si_activationURL)
|
||||
ret += "<adept:certificate>%s</adept:certificate>" % (rt_si_certificate)
|
||||
ret += "</adept:activationServiceInfo>"
|
||||
|
||||
ret += "<adept:credentials xmlns:adept=\"http://ns.adobe.com/adept\">"
|
||||
ret += "<adept:user>%s</adept:user>" % (rt_c_user)
|
||||
ret += "<adept:licenseCertificate>%s</adept:licenseCertificate>" % (rt_c_licenseCertificate)
|
||||
ret += "<adept:privateLicenseKey>%s</adept:privateLicenseKey>" % (rt_c_privateLicenseKey)
|
||||
ret += "<adept:authenticationCertificate>%s</adept:authenticationCertificate>" % (rt_c_authenticationCertificate)
|
||||
|
||||
if rt_c_username is not None:
|
||||
ret += "<adept:username method=\"%s\">%s</adept:username>" % (rt_c_usernameMethod, rt_c_username)
|
||||
|
||||
ret += "</adept:credentials>"
|
||||
|
||||
activationToken = activationToken.decode("latin-1")
|
||||
# Yeah, terrible hack, but Adobe sends the token with namespace but exports it without.
|
||||
activationToken = activationToken.replace(' xmlns="http://ns.adobe.com/adept"', '')
|
||||
|
||||
ret += activationToken
|
||||
|
||||
ret += "</activationInfo>"
|
||||
|
||||
# Okay, now we can finally write this to the device.
|
||||
|
||||
try:
|
||||
f = open(act_xml_path, "w")
|
||||
f.write(ret)
|
||||
f.close()
|
||||
except:
|
||||
return False, "Can't write file"
|
||||
|
||||
return True, "Done"
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
def buildActivateReqProxy(useVersionIndex = 0, proxyData = None):
|
||||
|
||||
if proxyData is None:
|
||||
return False
|
||||
|
||||
if useVersionIndex >= len(VAR_VER_SUPP_CONFIG_NAMES):
|
||||
return False
|
||||
|
||||
try:
|
||||
build_id = VAR_VER_BUILD_IDS[useVersionIndex]
|
||||
except:
|
||||
return False
|
||||
|
||||
if build_id not in VAR_VER_ALLOWED_BUILD_IDS_AUTHORIZE:
|
||||
# ADE 1.7.2 or another version that authorization is disabled for
|
||||
return False
|
||||
|
||||
local_device_xml = etree.parse(get_device_path())
|
||||
local_activation_xml = etree.parse(get_activation_xml_path())
|
||||
adNS = lambda tag: '{%s}%s' % ('http://ns.adobe.com/adept', tag)
|
||||
|
||||
version = None
|
||||
clientOS = None
|
||||
clientLocale = None
|
||||
|
||||
ver = local_device_xml.findall("./%s" % (adNS("version")))
|
||||
|
||||
|
||||
for f in ver:
|
||||
if f.get("name") == "hobbes":
|
||||
version = f.get("value")
|
||||
elif f.get("name") == "clientOS":
|
||||
clientOS = f.get("value")
|
||||
elif f.get("name") == "clientLocale":
|
||||
clientLocale = f.get("value")
|
||||
|
||||
if (version is None or clientOS is None or clientLocale is None):
|
||||
return False, "Required version information missing"
|
||||
|
||||
|
||||
ret = ""
|
||||
|
||||
ret += "<?xml version=\"1.0\"?>"
|
||||
ret += "<adept:activate xmlns:adept=\"http://ns.adobe.com/adept\" requestType=\"initial\">"
|
||||
ret += "<adept:fingerprint>%s</adept:fingerprint>" % (proxyData.find("./%s" % (adNS("fingerprint"))).text)
|
||||
ret += "<adept:deviceType>%s</adept:deviceType>" % (proxyData.find("./%s" % (adNS("deviceType"))).text)
|
||||
ret += "<adept:clientOS>%s</adept:clientOS>" % (clientOS)
|
||||
ret += "<adept:clientLocale>%s</adept:clientLocale>" % (clientLocale)
|
||||
ret += "<adept:clientVersion>%s</adept:clientVersion>" % (VAR_VER_SUPP_VERSIONS[useVersionIndex])
|
||||
|
||||
ret += "<adept:proxyDevice>"
|
||||
ret += "<adept:softwareVersion>%s</adept:softwareVersion>" % (version)
|
||||
ret += "<adept:clientOS>%s</adept:clientOS>" % (clientOS)
|
||||
ret += "<adept:clientLocale>%s</adept:clientLocale>" % (clientLocale)
|
||||
ret += "<adept:clientVersion>%s</adept:clientVersion>" % (VAR_VER_SUPP_VERSIONS[useVersionIndex])
|
||||
ret += "<adept:deviceType>%s</adept:deviceType>" % (local_device_xml.find("./%s" % (adNS("deviceType"))).text)
|
||||
ret += "<adept:productName>%s</adept:productName>" % ("ADOBE Digitial Editions")
|
||||
# YES, this typo ("Digitial" instead of "Digital") IS present in ADE!!
|
||||
|
||||
ret += "<adept:fingerprint>%s</adept:fingerprint>" % (local_device_xml.find("./%s" % (adNS("fingerprint"))).text)
|
||||
|
||||
ret += "<adept:activationToken>"
|
||||
ret += "<adept:user>%s</adept:user>" % (local_activation_xml.find("./%s/%s" % (adNS("activationToken"), adNS("user"))).text)
|
||||
ret += "<adept:device>%s</adept:device>" % (local_activation_xml.find("./%s/%s" % (adNS("activationToken"), adNS("device"))).text)
|
||||
ret += "</adept:activationToken>"
|
||||
ret += "</adept:proxyDevice>"
|
||||
|
||||
ret += "<adept:targetDevice>"
|
||||
|
||||
target_hobbes_vers = proxyData.findall("./%s" % (adNS("version")))
|
||||
hobbes_version = None
|
||||
for f in target_hobbes_vers:
|
||||
if f.get("name") == "hobbes":
|
||||
hobbes_version = f.get("value")
|
||||
break
|
||||
|
||||
if hobbes_version is not None:
|
||||
ret += "<adept:softwareVersion>%s</adept:softwareVersion>" % (hobbes_version)
|
||||
|
||||
ret += "<adept:clientVersion>%s</adept:clientVersion>" % (proxyData.find("./%s" % (adNS("deviceClass"))).text)
|
||||
ret += "<adept:deviceType>%s</adept:deviceType>" % (proxyData.find("./%s" % (adNS("deviceType"))).text)
|
||||
ret += "<adept:productName>%s</adept:productName>" % ("ADOBE Digitial Editions")
|
||||
ret += "<adept:fingerprint>%s</adept:fingerprint>" % (proxyData.find("./%s" % (adNS("fingerprint"))).text)
|
||||
|
||||
|
||||
ret += "</adept:targetDevice>"
|
||||
|
||||
ret += addNonce()
|
||||
|
||||
ret += "<adept:user>%s</adept:user>" % (local_activation_xml.find("./%s/%s" % (adNS("activationToken"), adNS("user"))).text)
|
||||
|
||||
ret += "</adept:activate>"
|
||||
|
||||
return True, ret
|
||||
|
||||
|
||||
def buildActivateReq(useVersionIndex = 0):
|
||||
|
||||
if useVersionIndex >= len(VAR_VER_SUPP_CONFIG_NAMES):
|
||||
return False
|
||||
|
||||
try:
|
||||
build_id = VAR_VER_BUILD_IDS[useVersionIndex]
|
||||
except:
|
||||
return False
|
||||
|
||||
if build_id not in VAR_VER_ALLOWED_BUILD_IDS_AUTHORIZE:
|
||||
# ADE 1.7.2 or another version that authorization is disabled for
|
||||
return False
|
||||
|
||||
devicexml = etree.parse(get_device_path())
|
||||
activationxml = etree.parse(get_activation_xml_path())
|
||||
adNS = lambda tag: '{%s}%s' % ('http://ns.adobe.com/adept', tag)
|
||||
|
||||
|
||||
version = None
|
||||
clientOS = None
|
||||
clientLocale = None
|
||||
|
||||
ver = devicexml.findall("./%s" % (adNS("version")))
|
||||
|
||||
|
||||
for f in ver:
|
||||
if f.get("name") == "hobbes":
|
||||
version = f.get("value")
|
||||
elif f.get("name") == "clientOS":
|
||||
clientOS = f.get("value")
|
||||
elif f.get("name") == "clientLocale":
|
||||
clientLocale = f.get("value")
|
||||
|
||||
if (version is None or clientOS is None or clientLocale is None):
|
||||
return False, "Required version information missing"
|
||||
|
||||
ret = ""
|
||||
|
||||
ret += "<?xml version=\"1.0\"?>"
|
||||
ret += "<adept:activate xmlns:adept=\"http://ns.adobe.com/adept\" requestType=\"initial\">"
|
||||
ret += "<adept:fingerprint>%s</adept:fingerprint>" % (devicexml.find("./%s" % (adNS("fingerprint"))).text)
|
||||
ret += "<adept:deviceType>%s</adept:deviceType>" % (devicexml.find("./%s" % (adNS("deviceType"))).text)
|
||||
ret += "<adept:clientOS>%s</adept:clientOS>" % (clientOS)
|
||||
ret += "<adept:clientLocale>%s</adept:clientLocale>" % (clientLocale)
|
||||
ret += "<adept:clientVersion>%s</adept:clientVersion>" % (VAR_VER_SUPP_VERSIONS[useVersionIndex])
|
||||
ret += "<adept:targetDevice>"
|
||||
|
||||
|
||||
ret += "<adept:softwareVersion>%s</adept:softwareVersion>" % (version)
|
||||
ret += "<adept:clientOS>%s</adept:clientOS>" % (clientOS)
|
||||
ret += "<adept:clientLocale>%s</adept:clientLocale>" % (clientLocale)
|
||||
ret += "<adept:clientVersion>%s</adept:clientVersion>" % (VAR_VER_SUPP_VERSIONS[useVersionIndex])
|
||||
ret += "<adept:deviceType>%s</adept:deviceType>" % (devicexml.find("./%s" % (adNS("deviceType"))).text)
|
||||
ret += "<adept:productName>%s</adept:productName>" % ("ADOBE Digitial Editions")
|
||||
# YES, this typo ("Digitial" instead of "Digital") IS present in ADE!!
|
||||
|
||||
ret += "<adept:fingerprint>%s</adept:fingerprint>" % (devicexml.find("./%s" % (adNS("fingerprint"))).text)
|
||||
|
||||
# TODO: Here's where multiple <adept:activationToken>s, each with a user and a device,
|
||||
# TODO: would show up if the client was already activated and just adds an additional activation.
|
||||
# TODO: Not sure if I want to replicate this, or if I'd rather replicate independant installations ...
|
||||
|
||||
ret += "</adept:targetDevice>"
|
||||
|
||||
ret += addNonce()
|
||||
|
||||
ret += "<adept:user>%s</adept:user>" % (activationxml.find("./%s/%s" % (adNS("credentials"), adNS("user"))).text)
|
||||
|
||||
ret += "</adept:activate>"
|
||||
|
||||
return True, ret
|
||||
|
||||
|
||||
# Call this function to change from ADE2 to ADE3 and vice versa.
|
||||
def changeDeviceVersion(useVersionIndex = 0):
|
||||
if useVersionIndex >= len(VAR_VER_SUPP_CONFIG_NAMES):
|
||||
return False, "Invalid Version index"
|
||||
|
||||
try:
|
||||
build_id = VAR_VER_BUILD_IDS[useVersionIndex]
|
||||
except:
|
||||
return False, "Unknown build ID"
|
||||
|
||||
if build_id not in VAR_VER_ALLOWED_BUILD_IDS_SWITCH_TO:
|
||||
# A version that we no longer want to allow switching to
|
||||
return False, "BuildID not supported"
|
||||
|
||||
try:
|
||||
devicexml = etree.parse(get_device_path())
|
||||
new_hobbes = VAR_VER_HOBBES_VERSIONS[useVersionIndex]
|
||||
new_os = VAR_VER_OS_IDENTIFIERS[useVersionIndex]
|
||||
except:
|
||||
return False, "Error preparing version change"
|
||||
|
||||
|
||||
adNS = lambda tag: '{%s}%s' % ('http://ns.adobe.com/adept', tag)
|
||||
ver = devicexml.findall("./%s" % (adNS("version")))
|
||||
|
||||
for f in ver:
|
||||
if f.get("name") == "hobbes":
|
||||
#print("Changing hobbes from {0} to {1}".format(f.attrib["value"], new_hobbes))
|
||||
f.attrib["value"] = new_hobbes
|
||||
if f.get("name") == "clientOS":
|
||||
#print("Changing OS from {0} to {1}".format(f.attrib["value"], new_os))
|
||||
f.attrib["value"] = new_os
|
||||
|
||||
try:
|
||||
f = open(get_device_path(), "w")
|
||||
f.write("<?xml version=\"1.0\"?>\n")
|
||||
f.write(etree.tostring(devicexml, encoding="utf-8", pretty_print=True, xml_declaration=False).decode("latin-1"))
|
||||
f.close()
|
||||
except:
|
||||
return False, "Failed to update device file."
|
||||
|
||||
return True, ""
|
||||
|
||||
|
||||
|
||||
def activateDevice(useVersionIndex = 0, proxyData = None):
|
||||
|
||||
if useVersionIndex >= len(VAR_VER_SUPP_CONFIG_NAMES):
|
||||
return False, "Invalid Version index"
|
||||
|
||||
try:
|
||||
build_id = VAR_VER_BUILD_IDS[useVersionIndex]
|
||||
except:
|
||||
return False, "error checking build ID"
|
||||
|
||||
if build_id not in VAR_VER_ALLOWED_BUILD_IDS_AUTHORIZE:
|
||||
# ADE 1.7.2 or another version that authorization is disabled for
|
||||
return False, "Authorization not supported for this build ID"
|
||||
|
||||
verbose_logging = False
|
||||
try:
|
||||
import calibre_plugins.deacsm.prefs as prefs
|
||||
deacsmprefs = prefs.ACSMInput_Prefs()
|
||||
verbose_logging = deacsmprefs["detailed_logging"]
|
||||
except:
|
||||
pass
|
||||
|
||||
if proxyData is not None:
|
||||
result, activate_req = buildActivateReqProxy(useVersionIndex, proxyData)
|
||||
else:
|
||||
result, activate_req = buildActivateReq(useVersionIndex)
|
||||
if (result is False):
|
||||
return False, "Building activation request failed: " + activate_req
|
||||
|
||||
|
||||
NSMAP = { "adept" : "http://ns.adobe.com/adept" }
|
||||
etree.register_namespace("adept", NSMAP["adept"])
|
||||
|
||||
req_xml = etree.fromstring(activate_req)
|
||||
|
||||
signature = sign_node(req_xml)
|
||||
|
||||
etree.SubElement(req_xml, etree.QName(NSMAP["adept"], "signature")).text = signature
|
||||
|
||||
if verbose_logging:
|
||||
print ("Activation request:")
|
||||
print(etree.tostring(req_xml, encoding="utf-8", pretty_print=True, xml_declaration=False).decode("latin-1"))
|
||||
|
||||
data = "<?xml version=\"1.0\"?>\n" + etree.tostring(req_xml, encoding="utf-8", pretty_print=True, xml_declaration=False).decode("latin-1")
|
||||
|
||||
useHTTPS = False
|
||||
if VAR_VER_BUILD_IDS[useVersionIndex] >= VAR_VER_NEED_HTTPS_BUILD_ID_LIMIT:
|
||||
useHTTPS = True
|
||||
|
||||
if useHTTPS:
|
||||
# ADE 4.X uses HTTPS
|
||||
ret = sendRequestDocu(data, VAR_ACS_SERVER_HTTPS + "/Activate")
|
||||
else:
|
||||
ret = sendRequestDocu(data, VAR_ACS_SERVER_HTTP + "/Activate")
|
||||
|
||||
try:
|
||||
credentialsXML = etree.fromstring(ret)
|
||||
adNS = lambda tag: '{%s}%s' % ('http://ns.adobe.com/adept', tag)
|
||||
|
||||
|
||||
if (credentialsXML.tag == adNS("error")):
|
||||
err = credentialsXML.get("data")
|
||||
return False, "Adobe error: " + err.split(' ')[0] + "\n" + err
|
||||
|
||||
elif (credentialsXML.tag == adNS("activationToken")):
|
||||
pass
|
||||
#print("Login successful")
|
||||
else:
|
||||
return False, "Invalid main tag " + credentialsXML.tag
|
||||
except:
|
||||
return False, "Error parsing Adobe /Activate response"
|
||||
|
||||
if verbose_logging:
|
||||
print("Response from server: ")
|
||||
print(ret)
|
||||
|
||||
if proxyData is not None:
|
||||
# If we have a proxy device, this function doesn't know where to store the activation.
|
||||
# Just return the data and have the caller figure that out.
|
||||
return True, ret
|
||||
|
||||
# Soooo, lets go and append that to the XML:
|
||||
|
||||
f = open(get_activation_xml_path(), "r")
|
||||
old_xml = f.read().replace("</activationInfo>", "")
|
||||
f.close()
|
||||
|
||||
f = open(get_activation_xml_path(), "w")
|
||||
|
||||
f.write(old_xml)
|
||||
f.write(ret.decode("latin-1"))
|
||||
f.write("</activationInfo>\n")
|
||||
f.close()
|
||||
|
||||
return True, ret
|
||||
|
||||
def getAccountUUID():
|
||||
try:
|
||||
activationxml = etree.parse(get_activation_xml_path())
|
||||
adNS = lambda tag: '{%s}%s' % ('http://ns.adobe.com/adept', tag)
|
||||
user_uuid = activationxml.find("./%s/%s" % (adNS("credentials"), adNS("user"))).text
|
||||
|
||||
if not user_uuid.startswith("urn:uuid:"):
|
||||
return None
|
||||
|
||||
return user_uuid[9:]
|
||||
except Exception as e:
|
||||
print(e)
|
||||
return None
|
||||
|
||||
|
||||
def exportAccountEncryptionKeyDER(output_file):
|
||||
# type: (str) -> bool
|
||||
try:
|
||||
activationxml = etree.parse(get_activation_xml_path())
|
||||
adNS = lambda tag: '{%s}%s' % ('http://ns.adobe.com/adept', tag)
|
||||
privatekey = activationxml.find("./%s/%s" % (adNS("credentials"), adNS("privateLicenseKey"))).text
|
||||
privatekey = base64.b64decode(privatekey)
|
||||
privatekey = privatekey[26:]
|
||||
|
||||
f = open(output_file, "wb")
|
||||
f.write(privatekey)
|
||||
f.close()
|
||||
return True
|
||||
except Exception as e:
|
||||
print(e)
|
||||
return False
|
||||
|
||||
def exportAccountEncryptionKeyBytes():
|
||||
try:
|
||||
activationxml = etree.parse(get_activation_xml_path())
|
||||
adNS = lambda tag: '{%s}%s' % ('http://ns.adobe.com/adept', tag)
|
||||
privatekey = activationxml.find("./%s/%s" % (adNS("credentials"), adNS("privateLicenseKey"))).text
|
||||
privatekey = base64.b64decode(privatekey)
|
||||
privatekey = privatekey[26:]
|
||||
return privatekey
|
||||
except:
|
||||
return None
|
961
setup/libadobeFulfill.py
Normal file
961
setup/libadobeFulfill.py
Normal file
|
@ -0,0 +1,961 @@
|
|||
from lxml import etree
|
||||
import base64
|
||||
import random
|
||||
import time
|
||||
|
||||
#@@CALIBRE_COMPAT_CODE@@
|
||||
|
||||
from setup.libadobe import addNonce, sign_node, get_cert_from_pkcs12, sendRequestDocu, sendRequestDocuRC, sendHTTPRequest
|
||||
from setup.libadobe import get_devkey_path, get_device_path, get_activation_xml_path
|
||||
from setup.libadobe import VAR_VER_SUPP_VERSIONS, VAR_VER_HOBBES_VERSIONS
|
||||
from setup.libadobe import VAR_VER_BUILD_IDS, VAR_VER_USE_DIFFERENT_NOTIFICATION_XML_ORDER
|
||||
|
||||
|
||||
def buildFulfillRequest(acsm):
|
||||
|
||||
adNS = lambda tag: '{%s}%s' % ('http://ns.adobe.com/adept', tag)
|
||||
|
||||
|
||||
activationxml = etree.parse(get_activation_xml_path())
|
||||
devicexml = etree.parse(get_device_path())
|
||||
|
||||
|
||||
user_uuid = activationxml.find("./%s/%s" % (adNS("credentials"), adNS("user"))).text
|
||||
device_uuid = activationxml.find("./%s/%s" % (adNS("activationToken"), adNS("device"))).text
|
||||
try:
|
||||
fingerprint = None
|
||||
device_type = None
|
||||
fingerprint = activationxml.find("./%s/%s" % (adNS("activationToken"), adNS("fingerprint"))).text
|
||||
device_type = activationxml.find("./%s/%s" % (adNS("activationToken"), adNS("deviceType"))).text
|
||||
except:
|
||||
pass
|
||||
|
||||
if (fingerprint is None or fingerprint == "" or device_type is None or device_type == ""):
|
||||
# This should usually never happen with a proper activation, but just in case it does,
|
||||
# I'll leave this code in - it loads the fingerprint from the device data instead.
|
||||
fingerprint = devicexml.find("./%s" % (adNS("fingerprint"))).text
|
||||
device_type = devicexml.find("./%s" % (adNS("deviceType"))).text
|
||||
|
||||
|
||||
|
||||
version = None
|
||||
clientOS = None
|
||||
clientLocale = None
|
||||
|
||||
ver = devicexml.findall("./%s" % (adNS("version")))
|
||||
|
||||
|
||||
for f in ver:
|
||||
if f.get("name") == "hobbes":
|
||||
version = f.get("value")
|
||||
elif f.get("name") == "clientOS":
|
||||
clientOS = f.get("value")
|
||||
elif f.get("name") == "clientLocale":
|
||||
clientLocale = f.get("value")
|
||||
|
||||
# Find matching client version depending on the Hobbes version.
|
||||
# This way we don't need to store and re-load it for each fulfillment.
|
||||
|
||||
try:
|
||||
v_idx = VAR_VER_HOBBES_VERSIONS.index(version)
|
||||
clientVersion = VAR_VER_SUPP_VERSIONS[v_idx]
|
||||
|
||||
except:
|
||||
# Version not present, probably the "old" 10.0.4 entry.
|
||||
# As 10.X is in the 3.0 range, assume we're on ADE 3.0
|
||||
clientVersion = "3.0.1.91394"
|
||||
|
||||
if clientVersion == "ADE WIN 9,0,1131,27":
|
||||
# Ancient ADE 1.7.2 does this request differently
|
||||
request = "<fulfill xmlns=\"http://ns.adobe.com/adept\">\n"
|
||||
request += "<user>%s</user>\n" % (user_uuid)
|
||||
request += "<device>%s</device>\n" % (device_uuid)
|
||||
request += "<deviceType>%s</deviceType>\n" % (device_type)
|
||||
request += etree.tostring(acsm, encoding="utf-8", pretty_print=True, xml_declaration=False).decode("utf-8")
|
||||
request += "</fulfill>"
|
||||
return request, False
|
||||
|
||||
else:
|
||||
request = ""
|
||||
request += "<?xml version=\"1.0\"?>"
|
||||
request += "<adept:fulfill xmlns:adept=\"http://ns.adobe.com/adept\">"
|
||||
request += "<adept:user>%s</adept:user>" % (user_uuid)
|
||||
request += "<adept:device>%s</adept:device>" % (device_uuid)
|
||||
request += "<adept:deviceType>%s</adept:deviceType>" % (device_type)
|
||||
request += etree.tostring(acsm, encoding="utf-8", pretty_print=True, xml_declaration=False).decode("utf-8")
|
||||
request += "<adept:targetDevice>"
|
||||
|
||||
request += "<adept:softwareVersion>%s</adept:softwareVersion>" % (version)
|
||||
request += "<adept:clientOS>%s</adept:clientOS>" % (clientOS)
|
||||
request += "<adept:clientLocale>%s</adept:clientLocale>" % (clientLocale)
|
||||
request += "<adept:clientVersion>%s</adept:clientVersion>" % (clientVersion)
|
||||
request += "<adept:deviceType>%s</adept:deviceType>" % (device_type)
|
||||
request += "<adept:productName>%s</adept:productName>" % ("ADOBE Digitial Editions")
|
||||
# YES, this typo ("Digitial" instead of "Digital") IS present in ADE!!
|
||||
request += "<adept:fingerprint>%s</adept:fingerprint>" % (fingerprint)
|
||||
|
||||
request += "<adept:activationToken>"
|
||||
request += "<adept:user>%s</adept:user>" % (user_uuid)
|
||||
request += "<adept:device>%s</adept:device>" % (device_uuid)
|
||||
request += "</adept:activationToken>"
|
||||
request += "</adept:targetDevice>"
|
||||
request += "</adept:fulfill>"
|
||||
return request, True
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
def buildInitLicenseServiceRequest(authURL):
|
||||
# type: (str) -> str
|
||||
|
||||
|
||||
adNS = lambda tag: '{%s}%s' % ('http://ns.adobe.com/adept', tag)
|
||||
NSMAP = { "adept" : "http://ns.adobe.com/adept" }
|
||||
etree.register_namespace("adept", NSMAP["adept"])
|
||||
|
||||
activationxml = etree.parse(get_activation_xml_path())
|
||||
user_uuid = activationxml.find("./%s/%s" % (adNS("credentials"), adNS("user"))).text
|
||||
|
||||
ret = ""
|
||||
ret += "<?xml version=\"1.0\"?>"
|
||||
ret += "<adept:licenseServiceRequest xmlns:adept=\"http://ns.adobe.com/adept\" identity=\"user\">"
|
||||
ret += "<adept:operatorURL>%s</adept:operatorURL>" % (authURL)
|
||||
ret += addNonce()
|
||||
ret += "<adept:user>%s</adept:user>" % (user_uuid)
|
||||
ret += "</adept:licenseServiceRequest>"
|
||||
|
||||
NSMAP = { "adept" : "http://ns.adobe.com/adept" }
|
||||
etree.register_namespace("adept", NSMAP["adept"])
|
||||
|
||||
req_xml = etree.fromstring(ret)
|
||||
|
||||
signature = sign_node(req_xml)
|
||||
if (signature is None):
|
||||
return None
|
||||
|
||||
etree.SubElement(req_xml, etree.QName(NSMAP["adept"], "signature")).text = signature
|
||||
|
||||
return "<?xml version=\"1.0\"?>\n" + etree.tostring(req_xml, encoding="utf-8", pretty_print=True, xml_declaration=False).decode("utf-8")
|
||||
|
||||
|
||||
def getDecryptedCert(pkcs12_b64_string = None):
|
||||
|
||||
if pkcs12_b64_string is None:
|
||||
activationxml = etree.parse(get_activation_xml_path())
|
||||
adNS = lambda tag: '{%s}%s' % ('http://ns.adobe.com/adept', tag)
|
||||
|
||||
pkcs12_b64_string = activationxml.find("./%s/%s" % (adNS("credentials"), adNS("pkcs12"))).text
|
||||
|
||||
pkcs12_data = base64.b64decode(pkcs12_b64_string)
|
||||
|
||||
try:
|
||||
from setup.libadobe import devkey_bytes as devkey_adobe
|
||||
except:
|
||||
pass
|
||||
|
||||
if devkey_adobe is not None:
|
||||
devkey_bytes = devkey_adobe
|
||||
else:
|
||||
f = open(get_devkey_path(), "rb")
|
||||
devkey_bytes = f.read()
|
||||
f.close()
|
||||
|
||||
try:
|
||||
return get_cert_from_pkcs12(pkcs12_data, base64.b64encode(devkey_bytes))
|
||||
except:
|
||||
return None
|
||||
|
||||
def buildAuthRequest():
|
||||
|
||||
activationxml = etree.parse(get_activation_xml_path())
|
||||
adNS = lambda tag: '{%s}%s' % ('http://ns.adobe.com/adept', tag)
|
||||
|
||||
my_cert = getDecryptedCert()
|
||||
if my_cert is None:
|
||||
print("Can't decrypt pkcs12 with devkey!")
|
||||
return None
|
||||
|
||||
|
||||
ret = "<?xml version=\"1.0\"?>\n"
|
||||
ret += "<adept:credentials xmlns:adept=\"http://ns.adobe.com/adept\">\n"
|
||||
ret += "<adept:user>%s</adept:user>\n" % (activationxml.find("./%s/%s" % (adNS("credentials"), adNS("user"))).text)
|
||||
ret += "<adept:certificate>%s</adept:certificate>\n" % (base64.b64encode(my_cert).decode("utf-8"))
|
||||
ret += "<adept:licenseCertificate>%s</adept:licenseCertificate>\n" % (activationxml.find("./%s/%s" % (adNS("credentials"), adNS("licenseCertificate"))).text)
|
||||
ret += "<adept:authenticationCertificate>%s</adept:authenticationCertificate>\n" % (activationxml.find("./%s/%s" % (adNS("credentials"), adNS("authenticationCertificate"))).text)
|
||||
ret += "</adept:credentials>"
|
||||
|
||||
|
||||
return ret
|
||||
|
||||
|
||||
def doOperatorAuth(operatorURL):
|
||||
# type: (str) -> str
|
||||
|
||||
auth_req = buildAuthRequest()
|
||||
|
||||
if auth_req is None:
|
||||
return "Failed to create auth request"
|
||||
|
||||
|
||||
authURL = operatorURL
|
||||
if authURL.endswith("Fulfill"):
|
||||
authURL = authURL.replace("/Fulfill", "")
|
||||
|
||||
|
||||
replyData = sendRequestDocu(auth_req, authURL + "/Auth").decode("utf-8")
|
||||
|
||||
if not "<success" in replyData:
|
||||
return "ERROR: Operator responded with %s\n" % replyData
|
||||
|
||||
adNS = lambda tag: '{%s}%s' % ('http://ns.adobe.com/adept', tag)
|
||||
NSMAP = { "adept" : "http://ns.adobe.com/adept" }
|
||||
etree.register_namespace("adept", NSMAP["adept"])
|
||||
|
||||
activationxml = etree.parse(get_activation_xml_path())
|
||||
|
||||
activationURL = activationxml.find("./%s/%s" % (adNS("activationToken"), adNS("activationURL"))).text
|
||||
|
||||
init_license_service_request = buildInitLicenseServiceRequest(authURL)
|
||||
|
||||
if (init_license_service_request is None):
|
||||
return "Creating license request failed!"
|
||||
|
||||
|
||||
resp = sendRequestDocu(init_license_service_request, activationURL + "/InitLicenseService").decode("utf-8")
|
||||
if "<error" in resp:
|
||||
return "Looks like that failed: %s" % resp
|
||||
elif "<success" in resp:
|
||||
return None
|
||||
else:
|
||||
return "Useless response: %s" % resp
|
||||
|
||||
|
||||
|
||||
def operatorAuth(operatorURL):
|
||||
# type: (str) -> str
|
||||
|
||||
adNS = lambda tag: '{%s}%s' % ('http://ns.adobe.com/adept', tag)
|
||||
NSMAP = { "adept" : "http://ns.adobe.com/adept" }
|
||||
etree.register_namespace("adept", NSMAP["adept"])
|
||||
|
||||
activationxml = etree.parse(get_activation_xml_path())
|
||||
try:
|
||||
operator_url_list = activationxml.findall("./%s/%s" % (adNS("operatorURLList"), adNS("operatorURL")))
|
||||
|
||||
for member in operator_url_list:
|
||||
if member.text.strip() == operatorURL:
|
||||
#print("Already authenticated to operator")
|
||||
return None
|
||||
except:
|
||||
pass
|
||||
|
||||
|
||||
ret = doOperatorAuth(operatorURL)
|
||||
if (ret is not None):
|
||||
return "doOperatorAuth error: %s" % ret
|
||||
|
||||
# Check if list exists:
|
||||
list = activationxml.find("./%s" % (adNS("operatorURLList")))
|
||||
user_uuid = activationxml.find("./%s/%s" % (adNS("credentials"), adNS("user"))).text
|
||||
|
||||
if list is None:
|
||||
x = etree.SubElement(activationxml.getroot(), etree.QName(NSMAP["adept"], "operatorURLList"), nsmap=NSMAP)
|
||||
etree.SubElement(x, etree.QName(NSMAP["adept"], "user")).text = user_uuid
|
||||
list = activationxml.find("./%s" % (adNS("operatorURLList")))
|
||||
if list is None:
|
||||
return "Err, this list should not be none right now ..."
|
||||
|
||||
etree.SubElement(list, etree.QName(NSMAP["adept"], "operatorURL")).text = operatorURL
|
||||
|
||||
f = open(get_activation_xml_path(), "w")
|
||||
f.write("<?xml version=\"1.0\"?>\n")
|
||||
f.write(etree.tostring(activationxml, encoding="utf-8", pretty_print=True, xml_declaration=False).decode("utf-8"))
|
||||
f.close()
|
||||
|
||||
return None
|
||||
|
||||
|
||||
|
||||
def buildRights(license_token_node):
|
||||
ret = "<?xml version=\"1.0\"?>\n"
|
||||
ret += "<adept:rights xmlns:adept=\"http://ns.adobe.com/adept\">\n"
|
||||
|
||||
# Add license token
|
||||
ret += etree.tostring(license_token_node, encoding="utf-8", pretty_print=True, xml_declaration=False).decode("utf-8")
|
||||
|
||||
ret += "<adept:licenseServiceInfo>\n"
|
||||
|
||||
NSMAP = { "adept" : "http://ns.adobe.com/adept" }
|
||||
adNS = lambda tag: '{%s}%s' % ('http://ns.adobe.com/adept', tag)
|
||||
lic_token_url = license_token_node.find("./%s" % (adNS("licenseURL"))).text
|
||||
|
||||
ret += "<adept:licenseURL>%s</adept:licenseURL>\n" % lic_token_url
|
||||
|
||||
# Get cert for this license URL:
|
||||
activationxml = etree.parse(get_activation_xml_path())
|
||||
|
||||
try:
|
||||
licInfo = activationxml.findall("./%s/%s" % (adNS("licenseServices"), adNS("licenseServiceInfo")))
|
||||
|
||||
found = False
|
||||
|
||||
for member in licInfo:
|
||||
if member.find("./%s" % (adNS("licenseURL"))).text == lic_token_url:
|
||||
ret += "<adept:certificate>%s</adept:certificate>\n" % (member.find("./%s" % (adNS("certificate"))).text)
|
||||
found = True
|
||||
break
|
||||
except:
|
||||
pass
|
||||
|
||||
if not found:
|
||||
print("Did not find the licenseService certificate in the activation data.")
|
||||
print("This usually means it failed to download from the distributor's servers.")
|
||||
print("Please try to download an ACSM book from the Adobe Sample Library, then if that was successful, ")
|
||||
print("try your ACSM book file again.")
|
||||
return None
|
||||
|
||||
ret += "</adept:licenseServiceInfo>\n"
|
||||
ret += "</adept:rights>\n"
|
||||
|
||||
return ret
|
||||
|
||||
|
||||
def fulfill(acsm_file, do_notify = False):
|
||||
|
||||
verbose_logging = False
|
||||
try:
|
||||
import prefs
|
||||
deacsmprefs = prefs.ACSMInput_Prefs()
|
||||
verbose_logging = deacsmprefs["detailed_logging"]
|
||||
except:
|
||||
pass
|
||||
|
||||
# Get pkcs12:
|
||||
|
||||
pkcs12 = None
|
||||
acsmxml = None
|
||||
try:
|
||||
activationxml = etree.parse(get_activation_xml_path())
|
||||
adNS = lambda tag: '{%s}%s' % ('http://ns.adobe.com/adept', tag)
|
||||
pkcs12 = activationxml.find("./%s/%s" % (adNS("credentials"), adNS("pkcs12"))).text
|
||||
except:
|
||||
return False, "Activation not found or invalid"
|
||||
|
||||
if pkcs12 is None or len(pkcs12) == 0:
|
||||
return False, "Activation missing"
|
||||
|
||||
try:
|
||||
acsmxml = etree.parse(acsm_file)
|
||||
except:
|
||||
return False, "ACSM not found or invalid"
|
||||
|
||||
#print(etree.tostring(acsmxml, encoding="utf-8", pretty_print=True, xml_declaration=False).decode("utf-8"))
|
||||
|
||||
adNS = lambda tag: '{%s}%s' % ('http://ns.adobe.com/adept', tag)
|
||||
dcNS = lambda tag: '{%s}%s' % ('http://purl.org/dc/elements/1.1/', tag)
|
||||
|
||||
try:
|
||||
mimetype = acsmxml.find("./%s/%s/%s" % (adNS("resourceItemInfo"), adNS("metadata"), dcNS("format"))).text
|
||||
|
||||
if (mimetype == "application/pdf"):
|
||||
#print("You're trying to fulfill a PDF file.")
|
||||
pass
|
||||
elif (mimetype == "application/epub+zip"):
|
||||
#print("Trying to fulfill an EPUB file ...")
|
||||
pass
|
||||
else:
|
||||
print("Weird mimetype: %s" % (mimetype))
|
||||
print("Continuing anyways ...")
|
||||
|
||||
except:
|
||||
# Some books, like from Google Play books, use a different format and don't have that metadata tag.
|
||||
pass
|
||||
|
||||
|
||||
fulfill_request, adept_ns = buildFulfillRequest(acsmxml)
|
||||
|
||||
if verbose_logging:
|
||||
print("Fulfill request:")
|
||||
print(fulfill_request)
|
||||
|
||||
fulfill_request_xml = etree.fromstring(fulfill_request)
|
||||
# Sign the request:
|
||||
signature = sign_node(fulfill_request_xml)
|
||||
if (signature is None):
|
||||
return False, "Signing failed!"
|
||||
|
||||
NSMAP = { "adept" : "http://ns.adobe.com/adept" }
|
||||
adNS = lambda tag: '{%s}%s' % ('http://ns.adobe.com/adept', tag)
|
||||
|
||||
if adept_ns:
|
||||
# "new" ADE
|
||||
etree.SubElement(fulfill_request_xml, etree.QName(NSMAP["adept"], "signature")).text = signature
|
||||
else:
|
||||
# ADE 1.7.2
|
||||
etree.SubElement(fulfill_request_xml, etree.QName("signature")).text = signature
|
||||
|
||||
# Get operator URL:
|
||||
operatorURL = None
|
||||
try:
|
||||
operatorURL = acsmxml.find("./%s" % (adNS("operatorURL"))).text.strip()
|
||||
except:
|
||||
pass
|
||||
|
||||
if (operatorURL is None or len(operatorURL) == 0):
|
||||
return False, "OperatorURL missing in ACSM"
|
||||
|
||||
fulfillURL = operatorURL + "/Fulfill"
|
||||
|
||||
ret = operatorAuth(fulfillURL)
|
||||
if (ret is not None):
|
||||
return False, "operatorAuth error: %s" % ret
|
||||
|
||||
if adept_ns:
|
||||
# "new" ADE
|
||||
fulfill_req_signed = "<?xml version=\"1.0\"?>\n" + etree.tostring(fulfill_request_xml, encoding="utf-8", pretty_print=True, xml_declaration=False).decode("utf-8")
|
||||
else:
|
||||
# ADE 1.7.2
|
||||
fulfill_req_signed = etree.tostring(fulfill_request_xml, encoding="utf-8", pretty_print=True, xml_declaration=False).decode("utf-8")
|
||||
|
||||
#print("will send:\n %s" % fulfill_req_signed)
|
||||
#print("Sending fulfill request to %s" % fulfillURL)
|
||||
|
||||
# For debugging only
|
||||
# fulfillURL = fulfillURL.replace("https:", "http:")
|
||||
|
||||
replyData = sendRequestDocu(fulfill_req_signed, fulfillURL).decode("utf-8")
|
||||
|
||||
if "<error" in replyData:
|
||||
if "E_ADEPT_DISTRIBUTOR_AUTH" in replyData:
|
||||
# This distributor *always* wants authentication, so force that again
|
||||
ret = doOperatorAuth(fulfillURL)
|
||||
|
||||
if (ret is not None):
|
||||
return False, "doOperatorAuth error: %s" % ret
|
||||
|
||||
replyData = sendRequestDocu(fulfill_req_signed, fulfillURL).decode("utf-8")
|
||||
if "<error" in replyData:
|
||||
return False, "Looks like there's been an error during Fulfillment even after auth: %s" % replyData
|
||||
else:
|
||||
return False, "Looks like there's been an error during Fulfillment: %s" % replyData
|
||||
|
||||
if verbose_logging:
|
||||
print("fulfillmentResult:")
|
||||
print(replyData)
|
||||
|
||||
adobe_fulfill_response = etree.fromstring(replyData)
|
||||
NSMAP = { "adept" : "http://ns.adobe.com/adept" }
|
||||
adNS = lambda tag: '{%s}%s' % ('http://ns.adobe.com/adept', tag)
|
||||
|
||||
licenseURL = adobe_fulfill_response.find("./%s/%s/%s/%s" % (adNS("fulfillmentResult"), adNS("resourceItemInfo"), adNS("licenseToken"), adNS("licenseURL"))).text
|
||||
|
||||
if adept_ns:
|
||||
if do_notify:
|
||||
print("Notifying server ...")
|
||||
success, response = performFulfillmentNotification(adobe_fulfill_response)
|
||||
if not success:
|
||||
print("Some errors occurred during notify: ")
|
||||
print(response)
|
||||
print("The book was probably still downloaded correctly.")
|
||||
else:
|
||||
print("Not notifying any server since that was disabled.")
|
||||
else:
|
||||
print("Skipping notify, not supported properly with ADE 1.7.2")
|
||||
|
||||
|
||||
is_returnable = False
|
||||
try:
|
||||
is_returnable_tx = adobe_fulfill_response.find("./%s/%s" % (adNS("fulfillmentResult"), adNS("returnable"))).text
|
||||
if is_returnable_tx.lower() == "true":
|
||||
is_returnable = True
|
||||
except:
|
||||
pass
|
||||
|
||||
if (is_returnable and do_notify and adept_ns):
|
||||
# Only support loan returning if we also notified ACS.
|
||||
# Otherwise the server gets confused and we don't want that.
|
||||
# Also, only do that for new-ish ADE and not for ADE 1.7.2
|
||||
updateLoanReturnData(adobe_fulfill_response)
|
||||
|
||||
success, response = fetchLicenseServiceCertificate(licenseURL, operatorURL)
|
||||
|
||||
if success is False:
|
||||
print("Why did the license download fail?")
|
||||
print("This is probably a temporary error on the distributor's server")
|
||||
return False, response
|
||||
|
||||
return True, replyData
|
||||
|
||||
|
||||
|
||||
def updateLoanReturnData(fulfillmentResultToken, forceTestBehaviour=False):
|
||||
|
||||
NSMAP = { "adept" : "http://ns.adobe.com/adept" }
|
||||
adNS = lambda tag: '{%s}%s' % ('http://ns.adobe.com/adept', tag)
|
||||
dcNS = lambda tag: '{%s}%s' % ('http://purl.org/dc/elements/1.1/', tag)
|
||||
|
||||
try:
|
||||
fulfillment_id = fulfillmentResultToken.find("./%s/%s/%s/%s" % (adNS("fulfillmentResult"), adNS("resourceItemInfo"), adNS("licenseToken"), adNS("fulfillment"))).text
|
||||
if (fulfillment_id is None):
|
||||
print("Fulfillment ID not found, can't generate loan token")
|
||||
return False
|
||||
|
||||
except:
|
||||
print("Loan token error")
|
||||
return False
|
||||
|
||||
try:
|
||||
operatorURL = fulfillmentResultToken.find("./%s/%s/%s/%s" % (adNS("fulfillmentResult"), adNS("resourceItemInfo"), adNS("licenseToken"), adNS("operatorURL"))).text
|
||||
except:
|
||||
print("OperatorURL missing")
|
||||
return False
|
||||
|
||||
|
||||
book_name = fulfillmentResultToken.find("./%s/%s/%s/%s" % (adNS("fulfillmentResult"), adNS("resourceItemInfo"), adNS("metadata"), dcNS("title"))).text
|
||||
|
||||
userUUID = fulfillmentResultToken.find("./%s/%s/%s/%s" % (adNS("fulfillmentResult"), adNS("resourceItemInfo"), adNS("licenseToken"), adNS("user"))).text
|
||||
try:
|
||||
deviceUUID = fulfillmentResultToken.find("./%s/%s/%s/%s" % (adNS("fulfillmentResult"), adNS("resourceItemInfo"), adNS("licenseToken"), adNS("device"))).text
|
||||
except:
|
||||
activationxml = etree.parse(get_activation_xml_path())
|
||||
deviceUUID = activationxml.find("./%s/%s" % (adNS("activationToken"), adNS("device"))).text
|
||||
|
||||
|
||||
permissions = fulfillmentResultToken.find("./%s/%s/%s/%s" % (adNS("fulfillmentResult"), adNS("resourceItemInfo"), adNS("licenseToken"), adNS("permissions")))
|
||||
|
||||
display = permissions.findall("./%s" % (adNS("display")))[0]
|
||||
|
||||
try:
|
||||
dsp_until = display.find("./%s" % (adNS("until"))).text
|
||||
except:
|
||||
print("error with DSP")
|
||||
return False
|
||||
|
||||
if (dsp_until is None):
|
||||
print("No validUntil thing")
|
||||
return False
|
||||
|
||||
|
||||
# "userUUID" is the user UUID
|
||||
# "deviceUUID" is the device UUID
|
||||
# "loanID" is the loan ID
|
||||
# "validUntil" is how long it's valid
|
||||
|
||||
new_loan_record = {
|
||||
"book_name": book_name,
|
||||
"user": userUUID,
|
||||
"device": deviceUUID,
|
||||
"loanID": fulfillment_id,
|
||||
"operatorURL": operatorURL,
|
||||
"validUntil": dsp_until
|
||||
}
|
||||
|
||||
if forceTestBehaviour:
|
||||
return new_loan_record
|
||||
|
||||
addLoanRecordToConfigFile(new_loan_record)
|
||||
|
||||
return True
|
||||
|
||||
|
||||
|
||||
|
||||
def addLoanRecordToConfigFile(new_loan_record):
|
||||
|
||||
try:
|
||||
import calibre_plugins.deacsm.prefs as prefs # type: ignore
|
||||
deacsmprefs = prefs.ACSMInput_Prefs()
|
||||
except:
|
||||
print("Exception while reading config file")
|
||||
return False
|
||||
|
||||
|
||||
error_counter = 0
|
||||
last_token = None
|
||||
random_identifier = None
|
||||
|
||||
while True:
|
||||
|
||||
if error_counter >= 10:
|
||||
print("Took us 10 attempts to acquire loan token lock, still didn't work.")
|
||||
print("(still the same token %s)" % (deacsmprefs["loan_identifier_token"]))
|
||||
print("If you see this error message please open a bug report.")
|
||||
|
||||
|
||||
# "Mark" the current access with a random token, to prevent multiple instances
|
||||
# of the plugin overwriting eachother's data.
|
||||
deacsmprefs.refresh()
|
||||
if deacsmprefs["loan_identifier_token"] == 0:
|
||||
random_identifier = random.getrandbits(64)
|
||||
deacsmprefs.set("loan_identifier_token", random_identifier)
|
||||
deacsmprefs.commit()
|
||||
deacsmprefs.refresh()
|
||||
if random_identifier != deacsmprefs["loan_identifier_token"]:
|
||||
#print("we broke another thread's token, try again")
|
||||
last_token = deacsmprefs["loan_identifier_token"]
|
||||
error_counter = error_counter + 1
|
||||
continue
|
||||
else:
|
||||
if last_token != deacsmprefs["loan_identifier_token"]:
|
||||
#print("Token changed in the meantime ...")
|
||||
# Give it another 5 tries
|
||||
error_counter = max(0, error_counter - 5)
|
||||
pass
|
||||
|
||||
last_token = deacsmprefs["loan_identifier_token"]
|
||||
#print("waiting on another thread ...")
|
||||
sleeptime = random.randrange(2, 10) / 1000
|
||||
print(str(sleeptime))
|
||||
time.sleep(sleeptime)
|
||||
error_counter = error_counter + 1
|
||||
continue
|
||||
|
||||
# Okay, now this thread can "use" the config list, and no other thread should overwrite it ...
|
||||
# Check if that exact loan is already in the list, and if so, delete it:
|
||||
done = False
|
||||
while not done:
|
||||
done = True
|
||||
for book in deacsmprefs["list_of_rented_books"]:
|
||||
if book["loanID"] == new_loan_record["loanID"]:
|
||||
done = False
|
||||
deacsmprefs["list_of_rented_books"].remove(book)
|
||||
break
|
||||
|
||||
|
||||
# Add all necessary information for a book return to the JSON array.
|
||||
# The config widget can then read this and present a list of not-yet-returned
|
||||
# books, and can then return them.
|
||||
# Also, the config widget is responsible for cleaning up that list once a book's validity period is up.
|
||||
deacsmprefs["list_of_rented_books"].append(new_loan_record)
|
||||
|
||||
# Okay, now we added our loan record.
|
||||
# Remove the identifier token so other threads can use the config again:
|
||||
deacsmprefs.commit()
|
||||
deacsmprefs.refresh()
|
||||
if deacsmprefs["loan_identifier_token"] != random_identifier:
|
||||
print("Another thread stole the loan token while we were working with it - that's not supposed to happen ...")
|
||||
print("If you see this message, please open a bug report.")
|
||||
return False
|
||||
|
||||
deacsmprefs.set("loan_identifier_token", 0)
|
||||
deacsmprefs.commit()
|
||||
|
||||
return True
|
||||
|
||||
|
||||
def tryReturnBook(bookData):
|
||||
|
||||
|
||||
verbose_logging = False
|
||||
try:
|
||||
import calibre_plugins.deacsm.prefs as prefs
|
||||
deacsmprefs = prefs.ACSMInput_Prefs()
|
||||
verbose_logging = deacsmprefs["detailed_logging"]
|
||||
except:
|
||||
pass
|
||||
|
||||
|
||||
try:
|
||||
user = bookData["user"]
|
||||
loanID = bookData["loanID"]
|
||||
device = bookData["device"]
|
||||
operatorURL = bookData["operatorURL"]
|
||||
except:
|
||||
print("Invalid book data!")
|
||||
return False, "Invalid book data"
|
||||
|
||||
|
||||
req_data = "<?xml version=\"1.0\"?>"
|
||||
req_data += "<adept:loanReturn xmlns:adept=\"http://ns.adobe.com/adept\">"
|
||||
req_data += "<adept:user>%s</adept:user>" % (user)
|
||||
if device is not None:
|
||||
req_data += "<adept:device>%s</adept:device>" % (device)
|
||||
req_data += "<adept:loan>%s</adept:loan>" % (loanID)
|
||||
req_data += addNonce()
|
||||
req_data += "</adept:loanReturn>"
|
||||
|
||||
NSMAP = { "adept" : "http://ns.adobe.com/adept" }
|
||||
etree.register_namespace("adept", NSMAP["adept"])
|
||||
|
||||
full_text_xml = etree.fromstring(req_data)
|
||||
|
||||
signature = sign_node(full_text_xml)
|
||||
if (signature is None):
|
||||
print("SIGN ERROR!")
|
||||
return False, "Sign error"
|
||||
|
||||
etree.SubElement(full_text_xml, etree.QName(NSMAP["adept"], "signature")).text = signature
|
||||
|
||||
print("Notifying loan return server %s" % (operatorURL + "/LoanReturn"))
|
||||
doc_send = "<?xml version=\"1.0\"?>\n" + etree.tostring(full_text_xml, encoding="utf-8", pretty_print=True, xml_declaration=False).decode("utf-8")
|
||||
if verbose_logging:
|
||||
print(doc_send)
|
||||
|
||||
|
||||
retval = sendRequestDocu(doc_send, operatorURL + "/LoanReturn").decode("utf-8")
|
||||
|
||||
if "<error" in retval:
|
||||
print("Loan return failed: %s" % (retval))
|
||||
return False, retval
|
||||
elif "<envelope" in retval:
|
||||
print("Loan return successful")
|
||||
if verbose_logging:
|
||||
print(retval)
|
||||
bl, txt = performFulfillmentNotification(etree.fromstring(retval), True, user=user, device=device)
|
||||
if not bl:
|
||||
print("Error while notifying of book return. Book's probably still been returned properly.")
|
||||
return True, retval
|
||||
else:
|
||||
print("Invalid loan return response: %s" % (retval))
|
||||
return False, retval
|
||||
|
||||
|
||||
|
||||
def performFulfillmentNotification(fulfillmentResultToken, forceOptional = False, user = None, device = None):
|
||||
|
||||
verbose_logging = False
|
||||
try:
|
||||
import calibre_plugins.deacsm.prefs as prefs
|
||||
deacsmprefs = prefs.ACSMInput_Prefs()
|
||||
verbose_logging = deacsmprefs["detailed_logging"]
|
||||
except:
|
||||
pass
|
||||
|
||||
NSMAP = { "adept" : "http://ns.adobe.com/adept" }
|
||||
adNS = lambda tag: '{%s}%s' % ('http://ns.adobe.com/adept', tag)
|
||||
|
||||
# Debug output for PassHash testing:
|
||||
# print(etree.tostring(fulfillmentResultToken, encoding="utf-8", pretty_print=True, xml_declaration=False).decode("utf-8"))
|
||||
|
||||
try:
|
||||
notifiers = fulfillmentResultToken.findall("./%s/%s" % (adNS("fulfillmentResult"), adNS("notify")))
|
||||
except:
|
||||
pass
|
||||
|
||||
if len(notifiers) == 0:
|
||||
try:
|
||||
notifiers = fulfillmentResultToken.findall("./%s" % (adNS("notify")))
|
||||
except:
|
||||
pass
|
||||
|
||||
if len(notifiers) == 0:
|
||||
try:
|
||||
notifiers = fulfillmentResultToken.findall("./%s/%s" % (adNS("envelope"), adNS("notify")))
|
||||
except:
|
||||
pass
|
||||
|
||||
if len(notifiers) == 0:
|
||||
print("<notify> tag not found. Guess nobody wants to be notified.")
|
||||
#print(etree.tostring(fulfillmentResultToken, encoding="utf-8", pretty_print=True, xml_declaration=False).decode("utf-8"))
|
||||
return True, ""
|
||||
|
||||
|
||||
errmsg = ""
|
||||
errmsg_crit = ""
|
||||
|
||||
for element in notifiers:
|
||||
|
||||
url = element.find("./%s" % (adNS("notifyURL"))).text
|
||||
body = element.find("./%s" % (adNS("body")))
|
||||
|
||||
critical = True
|
||||
|
||||
if element.get("critical", "yes") == "no":
|
||||
critical = False
|
||||
print("Notifying optional server %s" % (url))
|
||||
else:
|
||||
print("Notifying server %s" % (url))
|
||||
|
||||
|
||||
if (user is None):
|
||||
try:
|
||||
# "Normal" Adobe fulfillment
|
||||
user = fulfillmentResultToken.find("./%s/%s/%s/%s" % (adNS("fulfillmentResult"), adNS("resourceItemInfo"), adNS("licenseToken"), adNS("user"))).text
|
||||
except AttributeError:
|
||||
# B&N Adobe PassHash fulfillment. Doesn't use notifications usually ...
|
||||
#user = body.find("./%s" % (adNS("user"))).text
|
||||
print("Skipping notify due to passHash?")
|
||||
print("If this is not a passHash book pls open a bug report.")
|
||||
continue
|
||||
|
||||
if (device is None):
|
||||
try:
|
||||
# "Normal" Adobe fulfillment
|
||||
device = fulfillmentResultToken.find("./%s/%s/%s/%s" % (adNS("fulfillmentResult"), adNS("resourceItemInfo"), adNS("licenseToken"), adNS("device"))).text
|
||||
except:
|
||||
print("Missing deviceID for loan metadata ... why?")
|
||||
print("Reading from device.xml instead.")
|
||||
# Lets try to read this from the activation ...
|
||||
activationxml = etree.parse(get_activation_xml_path())
|
||||
device = activationxml.find("./%s/%s" % (adNS("activationToken"), adNS("device"))).text
|
||||
|
||||
|
||||
|
||||
|
||||
full_text = "<adept:notification xmlns:adept=\"http://ns.adobe.com/adept\">"
|
||||
full_text += "<adept:user>%s</adept:user>" % user
|
||||
full_text += "<adept:device>%s</adept:device>" % device
|
||||
|
||||
|
||||
# ADE 4.0 apparently changed the order of these two elements.
|
||||
# I still don't know exactly how this order is determined, but in most cases
|
||||
# ADE 4+ has the body first, then the nonce, while ADE 3 and lower usually has nonce first, then body.
|
||||
# It probably doesn't matter, but still, we want to behave exactly like ADE, so check the version number:
|
||||
|
||||
devicexml = etree.parse(get_device_path())
|
||||
for f in devicexml.findall("./%s" % (adNS("version"))):
|
||||
if f.get("name") == "hobbes":
|
||||
version = f.get("value")
|
||||
|
||||
try:
|
||||
v_idx = VAR_VER_HOBBES_VERSIONS.index(version)
|
||||
clientVersion = VAR_VER_BUILD_IDS[v_idx]
|
||||
except:
|
||||
clientVersion = 0
|
||||
|
||||
if (clientVersion >= VAR_VER_USE_DIFFERENT_NOTIFICATION_XML_ORDER):
|
||||
full_text += etree.tostring(body, encoding="utf-8", pretty_print=True, xml_declaration=False).decode("utf-8")
|
||||
full_text += addNonce()
|
||||
else:
|
||||
full_text += addNonce()
|
||||
full_text += etree.tostring(body, encoding="utf-8", pretty_print=True, xml_declaration=False).decode("utf-8")
|
||||
|
||||
|
||||
full_text += "</adept:notification>"
|
||||
|
||||
|
||||
NSMAP = { "adept" : "http://ns.adobe.com/adept" }
|
||||
etree.register_namespace("adept", NSMAP["adept"])
|
||||
|
||||
full_text_xml = etree.fromstring(full_text)
|
||||
|
||||
signature = sign_node(full_text_xml)
|
||||
if (signature is None):
|
||||
print("SIGN ERROR!")
|
||||
continue
|
||||
|
||||
etree.SubElement(full_text_xml, etree.QName(NSMAP["adept"], "signature")).text = signature
|
||||
|
||||
doc_send = "<?xml version=\"1.0\"?>\n" + etree.tostring(full_text_xml, encoding="utf-8", pretty_print=True, xml_declaration=False).decode("utf-8")
|
||||
|
||||
# Debug: Print notify request
|
||||
if (verbose_logging):
|
||||
print("Notify payload XML:")
|
||||
print(doc_send)
|
||||
|
||||
try:
|
||||
code, msg = sendRequestDocuRC(doc_send, url)
|
||||
except:
|
||||
if not critical:
|
||||
print("There was an error during an optional fulfillment notification:")
|
||||
import traceback
|
||||
traceback.print_exc()
|
||||
print("Continuing execution ...")
|
||||
continue
|
||||
else:
|
||||
print("Error during critical notification:")
|
||||
raise
|
||||
|
||||
try:
|
||||
msg = msg.decode("utf-8")
|
||||
except:
|
||||
pass
|
||||
|
||||
if verbose_logging:
|
||||
print("MSG:")
|
||||
print(msg)
|
||||
|
||||
if "<error" in msg:
|
||||
print("Fulfillment notification error: %s" % (msg))
|
||||
errmsg += "ERROR\n" + url + "\n" + msg + "\n\n"
|
||||
if critical:
|
||||
errmsg_crit += "ERROR\n" + url + "\n" + msg + "\n\n"
|
||||
|
||||
elif "<success" in msg:
|
||||
print("Fulfillment notification successful.")
|
||||
elif code == 204:
|
||||
print("Fulfillment notification successful (204).")
|
||||
else:
|
||||
print("Weird Fulfillment Notification response: %s" % (msg))
|
||||
errmsg += "ERROR\n" + url + "\n" + msg + "\n\n"
|
||||
if critical:
|
||||
errmsg_crit += "ERROR\n" + url + "\n" + msg + "\n\n"
|
||||
|
||||
|
||||
if device is None and errmsg_crit != "":
|
||||
errmsg_crit = ""
|
||||
print("Skipping critical notification failure due to weird book.")
|
||||
|
||||
|
||||
if errmsg_crit == "":
|
||||
return True, ""
|
||||
|
||||
return False, errmsg
|
||||
|
||||
|
||||
|
||||
|
||||
def fetchLicenseServiceCertificate(licenseURL, operatorURL):
|
||||
|
||||
# Check if we already have a cert for this URL:
|
||||
adNS = lambda tag: '{%s}%s' % ('http://ns.adobe.com/adept', tag)
|
||||
NSMAP = { "adept" : "http://ns.adobe.com/adept" }
|
||||
etree.register_namespace("adept", NSMAP["adept"])
|
||||
|
||||
activationxml = etree.parse(get_activation_xml_path())
|
||||
|
||||
try:
|
||||
licInfo = activationxml.findall("./%s/%s" % (adNS("licenseServices"), adNS("licenseServiceInfo")))
|
||||
|
||||
for member in licInfo:
|
||||
if member.find("./%s" % (adNS("licenseURL"))).text == licenseURL:
|
||||
return True, "Done"
|
||||
except:
|
||||
pass
|
||||
|
||||
# Check if list exists:
|
||||
list = activationxml.find("./%s" % (adNS("licenseServices")))
|
||||
|
||||
if list is None:
|
||||
x = etree.SubElement(activationxml.getroot(), etree.QName(NSMAP["adept"], "licenseServices"), nsmap=NSMAP)
|
||||
list = activationxml.find("./%s" % (adNS("licenseServices")))
|
||||
if list is None:
|
||||
return False, "Err, this list should not be none right now ..."
|
||||
|
||||
info_entry = etree.SubElement(list, etree.QName(NSMAP["adept"], "licenseServiceInfo"))
|
||||
|
||||
licenseServiceInfoReq = operatorURL + "/LicenseServiceInfo?licenseURL=" + licenseURL
|
||||
|
||||
try:
|
||||
response = sendHTTPRequest(licenseServiceInfoReq).decode("utf-8")
|
||||
except:
|
||||
return False, "HTTP download for the licenseServiceInfo failed ... why?"
|
||||
|
||||
if "<error" in response:
|
||||
return False, "Looks like that failed: %s" % response
|
||||
elif "<licenseServiceInfo" in response:
|
||||
pass
|
||||
else:
|
||||
return False, "Looks like that failed: %s" % response
|
||||
|
||||
|
||||
#print(response)
|
||||
|
||||
responseXML = etree.fromstring(response)
|
||||
|
||||
server_cert = responseXML.find("./%s" % (adNS("certificate"))).text
|
||||
server_lic_url = responseXML.find("./%s" % (adNS("licenseURL"))).text
|
||||
|
||||
etree.SubElement(info_entry, etree.QName(NSMAP["adept"], "licenseURL")).text = server_lic_url
|
||||
etree.SubElement(info_entry, etree.QName(NSMAP["adept"], "certificate")).text = server_cert
|
||||
|
||||
f = open(get_activation_xml_path(), "w")
|
||||
f.write("<?xml version=\"1.0\"?>\n")
|
||||
f.write(etree.tostring(activationxml, encoding="utf-8", pretty_print=True, xml_declaration=False).decode("utf-8"))
|
||||
f.close()
|
||||
|
||||
return True, "Done"
|
||||
|
||||
|
||||
|
286
setup/libpdf.py
Normal file
286
setup/libpdf.py
Normal file
|
@ -0,0 +1,286 @@
|
|||
import sys, os, zlib, base64, time
|
||||
|
||||
class BackwardReader:
|
||||
|
||||
def __init__(self, file):
|
||||
self.file = file
|
||||
|
||||
|
||||
def readlines(self):
|
||||
BLKSIZE = 4096
|
||||
# Move reader to the end of file
|
||||
self.file.seek(0, os.SEEK_END)
|
||||
if sys.version_info[0] >= 3:
|
||||
buffer = bytearray()
|
||||
else:
|
||||
buffer = ""
|
||||
|
||||
while True:
|
||||
if sys.version_info[0] >= 3:
|
||||
pos_newline = buffer.rfind(bytes([0x0a]))
|
||||
else:
|
||||
pos_newline = buffer.rfind("\n")
|
||||
|
||||
# Get the current position of the reader
|
||||
current_pos = self.file.tell()
|
||||
if pos_newline != -1:
|
||||
# Newline is found
|
||||
line = buffer[pos_newline+1:]
|
||||
buffer = buffer[:pos_newline]
|
||||
if sys.version_info[0] >= 3:
|
||||
yield line.decode("latin-1")
|
||||
else:
|
||||
yield line
|
||||
|
||||
elif current_pos:
|
||||
# Need to fill the buffer
|
||||
to_read = min(BLKSIZE, current_pos)
|
||||
self.file.seek(current_pos-to_read, 0)
|
||||
buffer = self.file.read(to_read) + buffer
|
||||
self.file.seek(current_pos-to_read, 0)
|
||||
if current_pos is to_read:
|
||||
if sys.version_info[0] >= 3:
|
||||
buffer = bytes([0x0a]) + buffer
|
||||
else:
|
||||
buffer = "\n" + buffer
|
||||
else:
|
||||
# Start of file
|
||||
return
|
||||
|
||||
|
||||
|
||||
|
||||
def trim_encrypt_string(encrypt):
|
||||
|
||||
string_list = list(encrypt)
|
||||
strlen = len(encrypt)
|
||||
|
||||
i = 0
|
||||
bracket_count = 0
|
||||
while (i < strlen):
|
||||
if string_list[i] == "<" and string_list[i+1] == "<":
|
||||
bracket_count += 1
|
||||
|
||||
if string_list[i] == ">" and string_list[i+1] == ">":
|
||||
bracket_count -= 1
|
||||
|
||||
if bracket_count == 0:
|
||||
break
|
||||
|
||||
i = i + 1
|
||||
|
||||
len_to_use = i+2
|
||||
|
||||
return encrypt[0:len_to_use]
|
||||
|
||||
def cleanup_encrypt_element(element):
|
||||
|
||||
if element.startswith("ID[<"):
|
||||
element = element.replace("><", "> <")
|
||||
|
||||
element = ' '.join(element.split())
|
||||
element = element.replace("[ ", "[").replace("] ", "]")
|
||||
|
||||
return element
|
||||
|
||||
|
||||
|
||||
|
||||
def deflate_and_base64_encode( string_val ):
|
||||
zlibbed_str = zlib.compress( string_val )
|
||||
compressed_string = zlibbed_str[2:-4]
|
||||
return base64.b64encode( compressed_string )
|
||||
|
||||
def update_ebx_with_keys(ebx_data, adept_license, ebx_bookid):
|
||||
|
||||
b64data = deflate_and_base64_encode(adept_license.encode("utf-8")).decode("utf-8")
|
||||
|
||||
ebx_new = ebx_data[:-2]
|
||||
ebx_new += "/EBX_BOOKID(%s)/ADEPT_LICENSE(%s)>>" % (ebx_bookid, b64data)
|
||||
|
||||
return ebx_new
|
||||
|
||||
|
||||
def find_ebx(filename_in):
|
||||
find_ebx_start = int(time.time() * 1000)
|
||||
i = 0
|
||||
|
||||
fl = open(filename_in, "rb")
|
||||
br = BackwardReader(fl)
|
||||
|
||||
for line in br.readlines():
|
||||
i = i + 1
|
||||
if "/EBX_HANDLER/" in line:
|
||||
find_ebx_end = int(time.time() * 1000)
|
||||
print("Found EBX after %d attempts - took %d ms" % (i, find_ebx_end - find_ebx_start))
|
||||
print()
|
||||
return line
|
||||
|
||||
find_ebx_end = int(time.time() * 1000)
|
||||
print("Error: Did not find EBX_HANDLER - took %d ms" % (find_ebx_end - find_ebx_start))
|
||||
return None
|
||||
|
||||
def find_enc(filename_in):
|
||||
find_enc_start = int(time.time() * 1000)
|
||||
i = 0
|
||||
|
||||
fl = open(filename_in, "rb")
|
||||
br = BackwardReader(fl)
|
||||
|
||||
for line in br.readlines():
|
||||
i = i + 1
|
||||
is_encrypt_normal = "R/Encrypt" in line and "R/ID" in line
|
||||
is_encrypt_odd = "R" in line and "/Encrypt" in line and "/ID" in line
|
||||
if is_encrypt_normal or is_encrypt_odd:
|
||||
|
||||
find_enc_end = int(time.time() * 1000)
|
||||
print("Found ENC after %d attempts - took %d ms" % (i, find_enc_end - find_enc_start))
|
||||
if is_encrypt_odd:
|
||||
print("Odd formatting of encryption blob?")
|
||||
print("If this doesn't work correctly please open a bug report.")
|
||||
|
||||
return line
|
||||
|
||||
find_enc_end = int(time.time() * 1000)
|
||||
print("Error: Did not find ENC - took %d ms" % (find_enc_end - find_enc_start))
|
||||
return None
|
||||
|
||||
|
||||
|
||||
def patch_drm_into_pdf(filename_in, adept_license_string, filename_out, ebx_bookid):
|
||||
|
||||
drm_start_time = int(time.time() * 1000)
|
||||
|
||||
trailer = ""
|
||||
trailer_idx = 0
|
||||
|
||||
startxref_offset = 0
|
||||
prevline = ""
|
||||
|
||||
|
||||
fl = open(filename_in, "rb")
|
||||
br = BackwardReader(fl)
|
||||
|
||||
print("Searching for startxref ...")
|
||||
for line in br.readlines():
|
||||
trailer_idx += 1
|
||||
trailer = line + "\n" + trailer
|
||||
|
||||
#print ("LINE: " + line)
|
||||
|
||||
if (trailer_idx > 10):
|
||||
print("Took more than 10 attempts to find startxref ...")
|
||||
return False
|
||||
|
||||
if (line == "startxref"):
|
||||
startxref_offset = int(prevline)
|
||||
print("Got startxref: %d" % (startxref_offset))
|
||||
break
|
||||
prevline = line
|
||||
|
||||
|
||||
|
||||
r_encrypt_offs1 = 0
|
||||
r_encrypt_offs2 = 0
|
||||
|
||||
encrypt = None
|
||||
|
||||
|
||||
encrypt = find_enc(filename_in)
|
||||
if encrypt is None:
|
||||
print("Error, enc not found")
|
||||
return False
|
||||
|
||||
line_split = encrypt.split(' ')
|
||||
next = 0
|
||||
for element in line_split:
|
||||
if element == "R/Encrypt" or element == "/Encrypt":
|
||||
next = 2
|
||||
continue
|
||||
if next == 2:
|
||||
r_encrypt_offs1 = element
|
||||
next = 1
|
||||
continue
|
||||
if next == 1:
|
||||
r_encrypt_offs2 = element
|
||||
next = 0
|
||||
continue
|
||||
|
||||
|
||||
# read EBX element:
|
||||
ebx_elem = find_ebx(filename_in)
|
||||
|
||||
if (ebx_elem is None):
|
||||
print("Err: EBX is None")
|
||||
return False
|
||||
|
||||
|
||||
print("Encryption handler:")
|
||||
print(encrypt)
|
||||
print()
|
||||
print("EBX handler:")
|
||||
print(ebx_elem)
|
||||
print()
|
||||
|
||||
encrypt = trim_encrypt_string(encrypt)
|
||||
print("Trimmed encryption handler:")
|
||||
print(encrypt)
|
||||
print()
|
||||
|
||||
ebx_elem = update_ebx_with_keys(ebx_elem, adept_license_string, ebx_bookid)
|
||||
print("Updated EBX handler not logged due to sensitive data")
|
||||
#print(ebx_elem)
|
||||
|
||||
filesize_str = str(os.path.getsize(filename_in))
|
||||
filesize_pad = filesize_str.zfill(10)
|
||||
|
||||
additional_data = "\r"
|
||||
additional_data += r_encrypt_offs1 + " " + r_encrypt_offs2 + " " + "obj" + "\r"
|
||||
additional_data += ebx_elem
|
||||
additional_data += "\r"
|
||||
additional_data += "endobj"
|
||||
|
||||
ptr = int(filesize_str) + len(additional_data)
|
||||
|
||||
additional_data += "\rxref\r" + r_encrypt_offs1 + " " + str((int(r_encrypt_offs2) + 1)) + "\r"
|
||||
additional_data += filesize_pad + " 00000 n" + "\r\n"
|
||||
additional_data += "trailer"
|
||||
additional_data += "\r"
|
||||
|
||||
arr_root_str = encrypt.split('/')
|
||||
did_prev = False
|
||||
for elem in arr_root_str:
|
||||
if elem.startswith("Prev"):
|
||||
did_prev = True
|
||||
additional_data += "Prev " + str(startxref_offset)
|
||||
#print("Replacing prev from '%s' to '%s'" % (elem, "Prev " + startxref))
|
||||
else:
|
||||
additional_data += cleanup_encrypt_element(elem)
|
||||
additional_data += "/"
|
||||
|
||||
if not did_prev:
|
||||
# remove two >> at end
|
||||
additional_data = additional_data[:-3]
|
||||
additional_data += "/Prev " + str(startxref_offset) + ">>" + "/"
|
||||
#print("Faking Prev %s" % startxref)
|
||||
|
||||
additional_data = additional_data[:-1]
|
||||
|
||||
additional_data += "\r" + "startxref\r" + str(ptr) + "\r" + "%%EOF"
|
||||
|
||||
#print("Appending DRM data: %s" % (additional_data))
|
||||
|
||||
|
||||
inp = open(filename_in, "rb")
|
||||
|
||||
out = open(filename_out, "wb")
|
||||
out.write(inp.read())
|
||||
out.write(additional_data.encode("latin-1"))
|
||||
inp.close()
|
||||
out.close()
|
||||
|
||||
drm_end_time = int(time.time() * 1000)
|
||||
|
||||
print("Whole DRM patching took %d milliseconds." % (drm_end_time - drm_start_time))
|
||||
print()
|
||||
return True
|
95
setup/login_account.py
Normal file
95
setup/login_account.py
Normal file
|
@ -0,0 +1,95 @@
|
|||
#!/usr/bin/env python3
|
||||
# -*- coding: utf-8 -*-
|
||||
|
||||
'''
|
||||
This is an experimental Python version of libgourou.
|
||||
'''
|
||||
|
||||
from setup.libadobe import createDeviceKeyFile, FILE_DEVICEKEY, FILE_DEVICEXML, FILE_ACTIVATIONXML
|
||||
from setup.libadobeAccount import createDeviceFile, createUser, signIn, activateDevice, exportAccountEncryptionKeyDER, getAccountUUID
|
||||
from os.path import exists
|
||||
|
||||
VAR_MAIL = ""
|
||||
VAR_PASS = ""
|
||||
VAR_VER = 1 # None # 1 for ADE2.0.1, 2 for ADE3.0.1
|
||||
KEYPATH = "adobekey.der"
|
||||
|
||||
#################################################################
|
||||
|
||||
def takeInput():
|
||||
|
||||
global VAR_MAIL
|
||||
global VAR_PASS
|
||||
|
||||
VAR_MAIL = input("Enter Mail: ")
|
||||
VAR_PASS = input("Enter Password: ")
|
||||
|
||||
if VAR_MAIL == "" or VAR_MAIL == "":
|
||||
print("It cannot be empty")
|
||||
print()
|
||||
exit(1)
|
||||
|
||||
|
||||
def loginAndGetKey():
|
||||
|
||||
global VAR_MAIL
|
||||
global VAR_PASS
|
||||
global VAR_VER
|
||||
global KEYPATH
|
||||
|
||||
# acc files
|
||||
if (not exists(FILE_ACTIVATIONXML)) or (not exists(FILE_DEVICEXML)) or (not exists(FILE_DEVICEKEY)):
|
||||
|
||||
takeInput()
|
||||
print("Logging in")
|
||||
print()
|
||||
|
||||
createDeviceKeyFile()
|
||||
|
||||
success = createDeviceFile(True, VAR_VER)
|
||||
if (success is False):
|
||||
print("Error, couldn't create device file.")
|
||||
exit(1)
|
||||
|
||||
success, resp = createUser(VAR_VER, None)
|
||||
if (success is False):
|
||||
print("Error, couldn't create user: %s" % resp)
|
||||
exit(1)
|
||||
|
||||
success, resp = signIn("AdobeID", VAR_MAIL, VAR_PASS)
|
||||
|
||||
if (success is False):
|
||||
print("Login unsuccessful: " + resp)
|
||||
exit(1)
|
||||
|
||||
success, resp = activateDevice(VAR_VER, None)
|
||||
if (success is False):
|
||||
print("Couldn't activate device: " + resp)
|
||||
exit(1)
|
||||
|
||||
print("Authorized to account " + VAR_MAIL)
|
||||
|
||||
|
||||
# KEY
|
||||
if not exists(KEYPATH):
|
||||
print("Exporting keys ...")
|
||||
try:
|
||||
account_uuid = getAccountUUID()
|
||||
if (account_uuid is not None):
|
||||
filename = KEYPATH
|
||||
success = exportAccountEncryptionKeyDER(filename)
|
||||
if (success is False):
|
||||
print("Couldn't export key.")
|
||||
exit(1)
|
||||
print("Successfully exported key for account " + VAR_MAIL + " to file " + filename)
|
||||
|
||||
else:
|
||||
print("failed")
|
||||
exit(1)
|
||||
|
||||
except Exception as e:
|
||||
print(e)
|
||||
exit(1)
|
||||
|
||||
print('All Set')
|
||||
print()
|
Loading…
Reference in a new issue