import hashlib
import os
import sys
from base64 import urlsafe_b64encode as encode
from base64 import urlsafe_b64decode as decode

def makeSecret(password):
    salt = os.urandom(4)
    h = hashlib.sha1(password)
    h.update(salt)
    return "{SSHA}" + encode(h.digest() + salt)

def checkPassword(password, challenge_password):
    challenge_bytes = decode(challenge_password[6:])
    digest = challenge_bytes[:20]
    salt = challenge_bytes[20:]
    hr = hashlib.sha1(password)
    hr.update(salt)
    return digest == hr.digest()

if __name__=='__main__':
    if len(sys.argv) < 3:
        print 'Usage: %s <encode or check> <password> <ssha string>' % __file__
        sys.exit(1)
    if sys.argv[1] == 'encode':
        print makeSecret('%s' % sys.argv[2])
    if sys.argv[1] == 'check':
        print checkPassword('%s' % sys.argv[2], '%s' % sys.argv[3])