nextcloud-integration/tools/go/obfuscation/obfuscation.go

package main

import (
	"encoding/base64"
	"fmt"
)

// Build-time obfuscated credentials
var (
	ObfuscatedServer   string
	ObfuscatedUser     string
	ObfuscatedPassword string
	ObfuscationKey    string
)

// DeobfuscateString reverses the XOR obfuscation applied at build time
func DeobfuscateString(obfuscatedBase64, key string) (string, error) {
	// Decode base64
	obfuscated, err := base64.StdEncoding.DecodeString(obfuscatedBase64)
	if err != nil {
		return "", fmt.Errorf("failed to decode obfuscated string: %w", err)
	}

	// XOR de-obfuscation
	result := make([]byte, len(obfuscated))
	keyBytes := []byte(key)
	keyLen := len(keyBytes)

	for i := 0; i < len(obfuscated); i++ {
		result[i] = obfuscated[i] ^ keyBytes[i%keyLen]
	}

	return string(result), nil
}

// GetDeobfuscatedCredentials returns the actual credentials
// This is called at runtime to retrieve and de-obfuscate credentials
func GetDeobfuscatedCredentials() (server, user, password string, err error) {
	server, err := DeobfuscateString(ObfuscatedServer, ObfuscationKey)
	if err != nil {
		return "", "", "", fmt.Errorf("failed to de-obfuscate server: %w", err)
	}

	user, err := DeobfuscateString(ObfuscatedUser, ObfuscationKey)
	if err != nil {
		return "", "", "", fmt.Errorf("failed to de-obfuscate user: %w", err)
	}

	password, err := DeobfuscateString(ObfuscatedPassword, ObfuscationKey)
	if err != nil {
		return "", "", "", fmt.Errorf("failed to de-obfuscate password: %w", err)
	}

	return server, user, password, nil
}