First public version

LICENSE

@@ -0,0 +1,15 @@
+Copyright 2018 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+Copyright 2021 Ben Bridts. All Rights Reserved.
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of this
+software and associated documentation files (the "Software"), to deal in the Software
+without restriction, including without limitation the rights to use, copy, modify,
+merge, publish, distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,
+INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
+PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
+HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

README.md

@@ -0,0 +1,37 @@
+# SES SMTP Credentials Generation
+To use the SMTP interface of AWS SES, you need to generate credentials based on the secret access
+key of an IAM user. AWS does provide an example script in [the documentation][ses-smtp-doc], but
+copying code out of the documentation isn't very user friendly. This tool does the same thing, but
+its easier to install (if you already have a working python environment).
+
+## Installation
+This code can be installed from pypi. E.g. using pip or pipx.
+```shell
+# with pipx, recommended for a cli tool
+pipx install ses-smtp-credentials
+# with pip
+pip install ses-smtp-credentials
+```
+
+# Usage
+You need to supply the secret access key and the region.
+ses-smtp-credentials will ask you for missing information, so both are optional arguments.
+
+```
+# Interactive
+ses-smtp-credentials
+
+# Non-interactive
+ses-smtp-credentials --secret SECRET_ACCESS_KEY --region REGION 
+```
+
+## License
+This code was based on sample code from [the AWS documentation][ses-smtp-doc] that was released
+under a [modified MIT license][ses-smtp-licence] on [GitHub][ses-smtp-src]. In the documentation
+it's called "smtp_credentials_generate.py". The same licence has been adapted to this repository. 
+See the LICENSE file. 
+
+
+[ses-smtp-doc](https://docs.aws.amazon.com/ses/latest/DeveloperGuide/smtp-credentials.html)
+[ses-smtp-license](https://github.com/awsdocs/amazon-ses-developer-guide/blob/3c0d65cbb63c8aaebfc4d005ca96d3b0332e0430/LICENSE-SAMPLECODE)
+[ses-smtp-src](https://github.com/awsdocs/amazon-ses-developer-guide/blob/3c0d65cbb63c8aaebfc4d005ca96d3b0332e0430/doc-source/smtp-credentials.md)

pyproject.toml

@@ -0,0 +1,21 @@
+[tool.poetry]
+name = "ses-smtp-credentials"
+version = "0.3.1"
+description = ""
+authors = ["Ben Bridts"]
+
+[tool.poetry.dependencies]
+python = "^3.6.0"
+
+[tool.poetry.dev-dependencies]
+
+[tool.poetry.scripts]
+ses-smtp-credentials = 'ses_smtp_credentials.cli:run'
+
+[build-system]
+requires = ["poetry-core>=1.0.0"]
+build-backend = "poetry.core.masonry.api"
+
+[tool.black]
+line-length = 118
+

ses_smtp_credentials/cli.py

@@ -0,0 +1,25 @@
+#!/usr/bin/env python3
+import argparse
+from getpass import getpass
+
+from constants import SMTP_REGIONS
+from lib import calculate_key
+
+
+def run():
+    parser = argparse.ArgumentParser(description="Convert a Secret Access Key for an IAM user to an SMTP password.")
+    parser.add_argument("--secret", help="The Secret Access Key to convert.")
+    parser.add_argument(
+        "--region",
+        help="The AWS Region where the SMTP password will be used.",
+        choices=SMTP_REGIONS,
+    )
+    args = parser.parse_args()
+
+    region = args.region if args.region else input("region: ").strip()
+    secret = args.secret if args.secret else getpass("secret: ").strip()
+    print(calculate_key(secret, region))
+
+
+if __name__ == "__main__":
+    run()

ses_smtp_credentials/constants.py

@@ -0,0 +1,23 @@
+SMTP_REGIONS = [
+    "us-east-2",  # US East (Ohio)
+    "us-east-1",  # US East (N. Virginia)
+    "us-west-2",  # US West (Oregon)
+    "ap-south-1",  # Asia Pacific (Mumbai)
+    "ap-northeast-2",  # Asia Pacific (Seoul)
+    "ap-southeast-1",  # Asia Pacific (Singapore)
+    "ap-southeast-2",  # Asia Pacific (Sydney)
+    "ap-northeast-1",  # Asia Pacific (Tokyo)
+    "ca-central-1",  # Canada (Central)
+    "eu-central-1",  # Europe (Frankfurt)
+    "eu-west-1",  # Europe (Ireland)
+    "eu-west-2",  # Europe (London)
+    "sa-east-1",  # South America (Sao Paulo)
+    "us-gov-west-1",  # AWS GovCloud (US)
+]
+
+# These values are required to calculate the signature. Do not change them.
+SIG_DATE = "11111111"
+SIG_SERVICE = "ses"
+SIG_MESSAGE = "SendRawEmail"
+SIG_TERMINAL = "aws4_request"
+SIG_VERSION = 0x04

ses_smtp_credentials/lib.py

@@ -0,0 +1,29 @@
+import hmac
+import hashlib
+import base64
+
+from constants import (
+    SMTP_REGIONS,
+    SIG_DATE,
+    SIG_SERVICE,
+    SIG_TERMINAL,
+    SIG_MESSAGE,
+    SIG_VERSION,
+)
+
+
+def sign(key, msg):
+    return hmac.new(key, msg.encode("utf-8"), hashlib.sha256).digest()
+
+
+def calculate_key(secret_access_key, region):
+    assert region in SMTP_REGIONS, f"The {region} Region doesn't have an SMTP endpoint."
+
+    signature = sign(("AWS4" + secret_access_key).encode("utf-8"), SIG_DATE)
+    signature = sign(signature, region)
+    signature = sign(signature, SIG_SERVICE)
+    signature = sign(signature, SIG_TERMINAL)
+    signature = sign(signature, SIG_MESSAGE)
+    signature_and_version = bytes([SIG_VERSION]) + signature
+    smtp_password = base64.b64encode(signature_and_version)
+    return smtp_password.decode("utf-8")