import base64 import secrets from hashlib import sha256 from typing import Tuple import mysql.connector as mysql from Crypto.Cipher import AES def get_password( version_name: str, version_code: int, db_host: str, db_user: str, db_pass: str, db_name: str, ) -> Tuple[str, bytes]: db = mysql.connect( host=db_host, user=db_user, password=db_pass, database=db_name, auth_plugin="mysql_native_password", ) print(f"Generating passwords for version {version_name} ({version_code})") password = base64.b64encode(secrets.token_bytes(16)).decode() iv = secrets.token_bytes(16) key = f"{version_name}.{password}.{version_code}" key = sha256(key.encode()).digest() data = "ThisIsOurHardWorkPleaseDoNotCopyOrSteal(c)2019.KubaSz" data = sha256(data.encode()).digest() data = data + (chr(16) * 16).encode() aes = AES.new(key=key, mode=AES.MODE_CBC, iv=iv) app_password = base64.b64encode(aes.encrypt(data)).decode() c = db.cursor() c.execute( "INSERT IGNORE INTO _appPasswords (versionCode, appPassword, password, iv) VALUES (%s, %s, %s, %s);", (version_code, app_password, password, iv), ) db.commit() c = db.cursor() c.execute( "SELECT password, iv FROM _appPasswords WHERE versionCode = %s;", (version_code,), ) row = c.fetchone() db.close() return (row[0], row[1])