Replace canlockcheck with canlockey.

- Rewrite. - Add functionalityx to create a Cancel-Key. - Update README. Signed-off-by: Thomas Hochstein <thh@thh.name>
2026-01-24 14:37:38 +01:00 · 2026-01-24 14:37:38 +01:00 · 5d910a9d76
commit 5d910a9d76
parent fcf1faa41c
3 changed files with 152 additions and 85 deletions
--- a/README.md
+++ b/README.md
@ -2,9 +2,11 @@
 This is a collection of tools around (managing) Netnews.
-## canlockcheck
+## canlockey
-`canlockcheck.pl` will check whether a given Cancel-Lock and Cancel-Key match.
+`canlockey.pl` will create a Cancel-Key for a given Message-ID with
 optional user, canlock-secret and hash (defaulting to `SHA1`) or
 check whether a given Cancel-Lock and Cancel-Key match.
 ## mew
--- a/canlockcheck.pl
+++ b/canlockcheck.pl
@ -1,83 +0,0 @@
 #! /usr/bin/perl -w
 #
 # canlockcheck.pl
 #
 # Check whether Cancel-Lock and Cancel-Key match.
 #
 # Copyright (c) 2023 Thomas Hochstein <thh@thh.name>
 use MIME::Base64();
 use Digest::SHA();
 use Digest::MD5();
 use Getopt::Long qw(GetOptions);
 Getopt::Long::config ('bundling');
 my $VERSION = "0.1";
 # read commandline options ############
 my ($OptCanLock,$OptCanKey);
 GetOptions ('l|lock=s'  => \$OptCanLock,
            'k|key=s'   => \$OptCanKey,
            'V|version' => \&ShowVersion) or exit 1;
 # subroutines #########################
 ### display version information and exit
 sub ShowVersion {
  print "canlockcheck v$VERSION\n";
  print "Copyright (c) 2023 Thomas Hochstein <thh\@thh.name>\n";
  print "This program is free software; you may redistribute it ".
        "and/or modify it under the same terms as Perl itself.\n";
  exit;
 };
 sub verify_cancel_key($$) {
  my $cancel_lock = shift;
  my $cancel_key  = shift;
  my %lock;
  for my $l(split(/\s+/, $cancel_lock)) {
    unless($l =~ m/^(sha512|sha256|sha1|md5):(\S+)/) {
      printf ("Invalid Cancel-Lock syntax '%s'\n", $l);
      next;
    }
    $lock{$2} = $1;
   }
  for my $k(split(/\s+/, $cancel_key)) {
    unless($k =~ m/^(sha512|sha256|sha1|md5):(\S+)/) { 
      printf ("Invalid Cancel-Key syntax '%s'\n", $k);
      next;
    }
    my $key;
    if ($1 eq 'sha512') {
      $key = Digest::SHA::sha512($2);
    } elsif ($1 eq 'sha256') {
       $key = Digest::SHA::sha256($2);
    } elsif($1 eq 'sha1') {
       $key = Digest::SHA::sha1($2);
    } elsif ($1 eq 'md5') {
       $key = Digest::MD5::md5($2);
    }
    $key = MIME::Base64::encode_base64($key, '');
    if (exists($lock{$key})) {
      return sprintf("Cancel-Key %s:%s matches Cancel-Lock %s:%s.", $1, $2, $lock{$key}, $key);
    }
  }
 return 'No Cancel-Key matches any Cancel-Lock.';
 }
 # Main program ########################
 if (!$OptCanLock or !$OptCanKey) {
  print "canlockcheck -l <Cancel-Lock> -k <Cancel-Key>\n";
  exit 2;
 }
 my $result = &verify_cancel_key($OptCanLock, $OptCanKey);
 printf ("%s\n", $result);
 exit;
--- a/canlockey.pl
+++ b/canlockey.pl
@ -0,0 +1,148 @@
 #! /usr/bin/perl -w
 #
 # canlockey.pl
 #
 # Generate a Cancel-Key for a given Message-ID with a given INN-User
 # and secret, or check if a given Cancel-Key matches the Cancel-Lock.
 #
 # Copyright (c) 2023, 2026 Thomas Hochstein <thh@thh.name>
 use MIME::Base64();
 use Digest::SHA();
 use Digest::MD5 qw(md5);
 use Digest::HMAC qw(hmac);
 use Getopt::Long qw(GetOptions);
 Getopt::Long::config ('bundling');
 my $VERSION = "0.2";
 # read commandline options ############
 my ($OptCanLock,$OptCanKey);
 GetOptions ('h|hash=s'   => \$OptCanHash,
            'k|key=s'    => \$OptCanKey,
            'l|lock=s'   => \$OptCanLock,
            'm|mid=s'    => \$OptMID,
            's|secret=s' => \$OptSecret,
            'u|user=s'   => \$OptUser,
            'V|version'  => \&ShowVersion) or exit 1;
 # subroutines #########################
 ### display version information and exit
 sub ShowVersion {
  print "canlockey.pl v$VERSION\n";
  print "Copyright (c) 2023, 2026 Thomas Hochstein <thh\@thh.name>\n";
  print "This program is free software; you may redistribute it ".
        "and/or modify it under the same terms as Perl itself.\n";
  exit;
 };
 sub create_cancel_key($$$) {
  my ( $message_id, $user, $secret, $hash ) = @_;
  # create Cancel-Key
  my $key;
  if ($hash eq 'sha512') {
    $key = Digest::SHA::hmac_sha512($message_id, $user . $secret);
  } elsif ($hash eq 'sha256') {
     $key = Digest::SHA::hmac_sha256($message_id, $user . $secret);
  } elsif($hash eq 'sha1') {
     $key = Digest::SHA::hmac_sha1($message_id, $user . $secret);
  } elsif ($hash eq 'md5') {
     $key = Digest::HMAC::hmac($message_id, $user . $secret);
  }
  $key = sprintf('%s:%s', $hash, MIME::Base64::encode_base64($key, ''));
  return $key;
 }
 sub verify_cancel_key($$) {
  my ( $cancel_lock, $cancel_key ) = @_;
  # split Cancel-Locks in a hash
  # key is Cancel-Lock, value is hash
  my %lock;
  for my $l(split(/\s+/, $cancel_lock)) {
    unless($l =~ m/^(sha512|sha256|sha1|md5):(\S+)/) {
      printf ("Invalid Cancel-Lock syntax '%s'\n", $l);
      next;
    }
    $lock{$2} = $1;
   }
  # split Cancel-Keys and iterate about the result
  # $1 is hash, $2 is Cancel-Key
  for my $k(split(/\s+/, $cancel_key)) {
    unless($k =~ m/^(sha512|sha256|sha1|md5):(\S+)/) { 
      printf ("Invalid Cancel-Key syntax '%s'\n", $k);
      next;
    }
    # calculate Cancel-Lock from Cancel-Key
    my $lock;
    if ($1 eq 'sha512') {
      $lock = Digest::SHA::sha512($2);
    } elsif ($1 eq 'sha256') {
       $lock = Digest::SHA::sha256($2);
    } elsif($1 eq 'sha1') {
       $lock = Digest::SHA::sha1($2);
    } elsif ($1 eq 'md5') {
       $lock = Digest::MD5::md5($2);
    }
    $lock = MIME::Base64::encode_base64($lock, '');
    if (exists($lock{$lock})) {
      return sprintf("Cancel-Key %s:%s matches Cancel-Lock %s:%s.", $1, $2, $lock{$lock}, $lock);
    }
  }
 return 'No Cancel-Key matches any Cancel-Lock.';
 }
 # Main program ########################
 if ($OptCanLock && $OptCanKey) {
  ### compare -k to -l
  print "Checking for Cancel-Key that matches Cancel-Lock ...\n";
  printf("%s\n", &verify_cancel_key($OptCanLock, $OptCanKey));
 } elsif ($OptMID) {
  ### create a Cancel-Key
  # die if no (valid) Message-ID has been submitted
  die sprintf("Invalid Message-ID: %s\n", $OptMID)
    if $OptMID !~ /^<[^\@<>]+\@[^\@<>]+>$/;
  # set defaults for options not given
  $OptUser    = '' if !$OptUser;
  $OptSecret  = '' if !$OptSecret;
  $OptCanHash = 'sha1' if !$OptCanHash;
  # die if no valid hash has been submitted
  die sprintf("Invalid hash type: %s\n", $OptCanHash)
    unless $OptCanHash =~ m/^(sha512|sha256|sha1|md5)$/;
  printf("Creating a %s Cancel-Key for user '%s'%sagainst %s ...\n",
    $OptCanHash, $OptUser, $OptSecret ? ' '  : ' without secret ', $OptMID);
  my $cancel_key = &create_cancel_key($OptMID, $OptUser, $OptSecret, $OptCanHash);
  printf("Cancel-Key: %s\n", $cancel_key);
  if($OptCanLock) {
    printf("%s\n", &verify_cancel_key($OptCanLock, $cancel_key));
  }
 } else {
  ### show usage
  print "canlockey.pl v$VERSION\n";
  print "Usage:\n";
  print "1) Check for a matching Cancel-Key:\n";
  print "   canlockey -l <Cancel-Lock> -k <Cancel-Key>\n";
  print "2) Create a Cancel-Key:\n";
  print "   canlockey -m <Message-ID> [-u <User>] [-s <secret>] [-h <hash>] [-l <Cancel-Lock>]\n";
  exit 2;
 }
 exit;