From 1667682c9d1f3157102b3008b960f2fb395af444 Mon Sep 17 00:00:00 2001
From: punix <polunga40@unity-mail.de>
Date: Sat, 8 Mar 2025 22:13:22 +0100
Subject: [PATCH] ssl part one

---
 cls_mth_fc.py       | 11 +++--------
 install             |  4 +++-
 org.sslcrypt.policy | 40 ++++++++++++++++++++++++++++++++++++++++
 ssl_decrypt.py      | 38 ++++++++++++++++++++++++++++++++++++++
 ssl_encrypt.py      | 39 +++++++++++++++++++++++++++++++++++++++
 wg_main.py          | 31 ++++++++++++++++++++-----------
 6 files changed, 143 insertions(+), 20 deletions(-)
 create mode 100644 org.sslcrypt.policy
 create mode 100755 ssl_decrypt.py
 create mode 100755 ssl_encrypt.py

diff --git a/cls_mth_fc.py b/cls_mth_fc.py
index 4289f85..904f093 100755
--- a/cls_mth_fc.py
+++ b/cls_mth_fc.py
@@ -229,11 +229,9 @@ class Tunnel:
     """
     @staticmethod
     def list():
-        dirname = Path.home() / '.config/wire_py/'
+        dirname = '/tmp/tlecdcwg/'
         wg_s = os.listdir(dirname)
-        wg_s.remove('keys')
-        wg_s.remove('settings')
-        
+
         return wg_s
 
     """
@@ -250,11 +248,8 @@ class Tunnel:
         try:
             if len(tl) != 0:
                 wg_tar = str(Path.home()) + '/' + now_datetime
-                shutil.copytree(Path.home() / '.config/wire_py/', '/tmp/wire_py', dirs_exist_ok=True)
+                shutil.copytree('/tmp/tlecdcwg/', '/tmp/wire_py', dirs_exist_ok=True)
                 source = Path('/tmp/wire_py')
-                Path.unlink(Path(source) / 'wg_py', missing_ok=True)
-                Path.unlink(Path(source) / 'keys', missing_ok=True)
-                Path.unlink(Path(source) / 'settings', missing_ok=True)
                 shutil.make_archive(wg_tar, 'zip', source)
                 #shutil.chown(wg_tar + '.zip', 1000, 1000)
                 shutil.rmtree(source)
diff --git a/install b/install
index c10ecfa..803ac54 100755
--- a/install
+++ b/install
@@ -9,8 +9,9 @@ install_file_with(){
   mkdir -p ~/.config/wire_py && touch ~/.config/wire_py/keys && cp -u settings ~/.config/wire_py/ && \
   mkdir -p ~/.config/systemd/user && cp -u wg_start.service ~/.config/systemd/user/ && \
   systemctl --user enable wg_start.service
+  sudo cp -u org.sslcrypt.policy /usr/share/polkit-1/actions/ && \
   sudo apt install python3-tk && \
-  sudo cp -u wg_main.py start_wg.py cls_mth_fc.py /usr/local/bin/ && \
+  sudo cp -u wg_main.py start_wg.py cls_mth_fc.py ssl_encrypt.py ssl_decrypt.py /usr/local/bin/ && \
   sudo cp -uR wp-icons lx-icons /usr/share/icons/ &&  sudo cp -uR TK-Themes /usr/share/ && \
   sudo cp -u languages/de/*.mo /usr/share/locale/de/LC_MESSAGES/ && \
   sudo ln -sf /usr/local/bin/wg_main.py /usr/local/bin/wirepy && \
@@ -28,6 +29,7 @@ install_arch_d(){
   sudo ln -sf /usr/bin/wirepy.py /usr/local/bin/wirepy && \
   sudo cp -u org.wirepy.policy /usr/share/polkit-1/actions/ && \
   sudo cp -u Wire-Py.desktop /usr/share/applications/ && \
+  sudo cp -u org.sslcrypt.policy /usr/share/polkit-1/actions/ && \
   sudo cp -u wg_start.service /lib/systemd/system/ && \
   sudo systemctl enable wg_start.service
   }
diff --git a/org.sslcrypt.policy b/org.sslcrypt.policy
new file mode 100644
index 0000000..9aca08b
--- /dev/null
+++ b/org.sslcrypt.policy
@@ -0,0 +1,40 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE policyconfig PUBLIC "-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN" "http://www.freedesktop.org/standards/PolicyKit/1/policyconfig.dtd">
+
+<!--
+Policy definitions for ssl_encrypt and ssl_decrypt
+
+Copyright (C) 2025 Désiré Werner Menrath <polunga40@unity-mail.de>
+
+This library is free software; you can redistribute it and/or
+modify it under the terms of the GNU Lesser General Public
+License as published by the Free Software Foundation; either
+version 2.1 of the License, or (at your option) any later version.
+
+This library is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+Lesser General Public License for more details.
+
+You should have received a copy of the GNU Lesser General Public
+License along with this library.  If not, see
+<http://www.gnu.org/licenses/>.
+-->
+
+<policyconfig>
+  <action id="org.ssl_encrypt">
+    <defaults>
+      <allow_any>auth_admin_keep</allow_any>
+      <allow_active>yes</allow_active>
+    </defaults>
+    <annotate key="org.freedesktop.policykit.exec.path">/usr/local/bin/ssl_encrypt.py</annotate>
+  </action>
+
+  <action id="org.ssl_decrypt">
+    <defaults>
+      <allow_any>auth_admin_keep</allow_any>
+      <allow_active>yes</allow_active>
+    </defaults>
+    <annotate key="org.freedesktop.policykit.exec.path">/usr/local/bin/ssl_decrypt.py</annotate>
+  </action>
+</policyconfig>
\ No newline at end of file
diff --git a/ssl_decrypt.py b/ssl_decrypt.py
new file mode 100755
index 0000000..fb061b1
--- /dev/null
+++ b/ssl_decrypt.py
@@ -0,0 +1,38 @@
+#!/usr/bin/python3
+''' This Script decrypt Wireguardfiles for Wirepy users '''
+
+import os
+from subprocess import check_call
+import shutil
+from pathlib import Path
+
+''' Dirname "tlecdewg" = Tunnel Encrypt Decrypt Wireguard '''
+dirname = Path('/tmp/tlecdcwg/')
+keyfile = '/usr/local/etc/ssl/pwgk.pem'
+logname = os.getlogin()
+
+''' Remove the folder when it is there '''
+if os.path.exists(str(dirname)):
+    shutil.rmtree(str(dirname))
+
+os.mkdir(dirname)
+shutil.chown(dirname, 1000, 1000)
+tl = os.listdir(str(dirname))
+
+dirname2 = '/home/' + logname + '/.config/wire_py/'
+detl = os.listdir(dirname2)
+os.chdir(dirname2)
+detl.remove('keys')
+detl.remove('settings')
+if os.path.exists(dirname2 + 'pbwgk.pem'):
+    detl.remove('pbwgk.pem')
+    for detunnels in detl:
+        tlname2 = detunnels[:-4] + '.conf'
+        extpath = str(dirname) + '/' + tlname2
+        check_call(['openssl', 'pkeyutl', '-decrypt', '-inkey', keyfile, '-in', detunnels, '-out', extpath])
+
+
+def create_pub_key():
+    pth_with_keyname = '/home/' + logname + '/.config/wire_py/pbwgk.pem'
+    check_call(['openssl', 'rsa', '-in', keyfile, '-out', pth_with_keyname, '-outform', 'PEM', '-pubout'])        
+    shutil.chown(pth_with_keyname, 1000, 1000)
diff --git a/ssl_encrypt.py b/ssl_encrypt.py
new file mode 100755
index 0000000..c05dd6c
--- /dev/null
+++ b/ssl_encrypt.py
@@ -0,0 +1,39 @@
+#!/usr/bin/python3
+''' This Script encrypt Wireguardfiles for Wirepy users for more Security'''
+
+import os
+from subprocess import check_call
+from pathlib import Path
+import shutil
+from ssl_decrypt import create_pub_key
+
+logname = os.getlogin()
+keyfile = Path('/home/', logname) / '.config/wire_py/pbwgk.pem'
+dirname = Path('/tmp/tlecdcwg/')
+
+if not keyfile.is_file():
+    create_pub_key()
+    
+else:
+
+    if dirname.exists():
+        tl = os.listdir(dirname)
+        print(tl)
+        cpth = str(keyfile)
+        cryptfiles = cpth[:-9]
+
+        if keyfile.exists() and len(tl) != 0:
+            for tunnels in tl:
+                sourcetl = str(dirname) + '/' + tunnels
+                print(source)
+                tlname = cryptfiles + tunnels[:-5] + '.dat'
+                check_call(['openssl', 'pkeyutl', '-encrypt', '-inkey', keyfile, '-pubin', '-in', sourcetl, '-out', tlname])
+        else:
+            print('im else block')
+
+        #shutil.rmtree(dirname)
+    else:
+        print('im letzen else block')
+
+
+
diff --git a/wg_main.py b/wg_main.py
index 88f0b97..5caf28c 100755
--- a/wg_main.py
+++ b/wg_main.py
@@ -12,6 +12,8 @@ from subprocess import check_call
 from tkinter import filedialog, ttk, TclError
 from cls_mth_fc import (Tunnel, dirs_and_files, msg_window, Tipi, GiteaUpdate ,files_for_autostart)
 
+check_call(['pkexec', '/usr/local/bin/ssl_decrypt.py'])
+
 tcl_path = Path('/usr/share/TK-Themes')
 wg_set = Path(Path.home() / '.config/wire_py/settings')
 wg_tips = Tipi.if_tip(wg_set)
@@ -382,7 +384,7 @@ class FrameWidgets(ttk.Frame):
         ''' Button Vpn '''
         if self.a != '':
             self.stop()
-            wg_read = str(Path.home()) + '/.config/wire_py/' + str(self.a + '.conf')
+            wg_read = '/tmp/tlecdcwg/' + str(self.a + '.conf')
             with open(wg_read, 'r') as file:
                 data = Tunnel.con_to_dict(file)
 
@@ -420,7 +422,7 @@ class FrameWidgets(ttk.Frame):
             try:
                 self.select_tunnel = self.l_box.curselection()
                 select_tl = self.l_box.get(self.select_tunnel[0])
-                with open(str(Path.home()) + '/.config/wire_py/' + select_tl + '.conf', 'r+') as file2:
+                with open('/tmp/tlecdcwg/' + select_tl + '.conf', 'r+') as file2:
                     key = Tunnel.con_to_dict(file2)
                     pre_key = key[3]
                 check_call(['nmcli', 'connection', 'delete', select_tl])
@@ -433,8 +435,10 @@ class FrameWidgets(ttk.Frame):
                             set_file7.writelines(lines6)
                         self.selected_option.set(0)
                         self.autoconnect_var.set(_('no Autoconnect'))
-
-                Path.unlink(str(Path.home()) + '/.config/wire_py/' + str(select_tl + '.conf'))
+                is_encrypt =  Path.home() / '.config/wire_py' / str(select_tl + '.dat')      
+                if is_encrypt.is_file():
+                    Path.unlink(str(Path.home()) + '/.config/wire_py/' + str(select_tl + '.dat'))
+                Path.unlink(Path('/tmp/tlecdcwg') / str(select_tl + '.conf'))
                 with open(str(Path.home()) + '/.config/wire_py/keys', 'r') as readfile:
                     with open(str(Path.home()) +  '/.config/wire_py/keys2', 'w') as writefile:
                         for line in readfile:
@@ -636,9 +640,10 @@ class FrameWidgets(ttk.Frame):
 
                     ''' nmcli connection modify old connection.id iphone '''
                     check_call(['nmcli', 'connection', 'modify', select_tl, 'connection.id', self.lb_rename.get()])
-                    source = Path.home() / '.config/wire_py' / str(select_tl + '.conf')
+                    source = Path('/tmp/tlecdcwg') / str(select_tl + '.conf')
                     destination = source.with_name(str(self.lb_rename.get() + '.conf'))
                     source.replace(destination)
+                    Path.unlink(str(Path.home()) + '/.config/wire_py/' + str(select_tl + '.dat'))
                     self.l_box.delete(self.select_tunnel[0])
                     self.l_box.insert("end", self.lb_rename.get())
                     self.l_box.update()
@@ -771,10 +776,10 @@ class FrameWidgets(ttk.Frame):
                                 with open(str(Path.home()) +  '/.config/wire_py/keys', 'a') as keyfile:
                                     keyfile.write(pre_key + '\r')
                                     if len(path_split1) > 17:
-                                        p1 = shutil.copy(filepath, str(Path.home()) + '/.config/wire_py/')
+                                        p1 = shutil.copy(filepath, '/tmp/tlecdcwg/')
                                         path_split = path_split1[len(path_split1) - 17:]
-                                        os.rename(p1, str(Path.home()) + '/.config/wire_py/' + str(path_split))
-                                        new_conf = str(Path.home()) + '/.config/wire_py/' + path_split
+                                        os.rename(p1, '/tmp/tlecdcwg/' + str(path_split))
+                                        new_conf = '/tmp/tlecdcwg/' + path_split
                                         if self.a != '':
                                             check_call(['nmcli', 'connection', 'down', Tunnel.active()])
                                             self.label_empty()
@@ -783,7 +788,7 @@ class FrameWidgets(ttk.Frame):
                                                                  'wireguard', 'file', new_conf], text=True)
 
                                     else:
-                                        shutil.copy(filepath, str(Path.home()) + '/.config/wire_py/')
+                                        shutil.copy(filepath, '/tmp/tlecdcwg/')
                                         if self.a != '':
                                             check_call(['nmcli', 'connection', 'down', Tunnel.active()])
                                             self.label_empty()
@@ -868,7 +873,7 @@ class FrameWidgets(ttk.Frame):
                                     self.StrVar.set(self.a)
                                     self.color_label()
                                     self.stop()
-                                    wg_read = str(Path.home()) + '/.config/wire_py/' + str(self.a + '.conf')
+                                    wg_read = '/tmp/tlecdcwg/' + str(self.a + '.conf')
                                     with open(wg_read, 'r') as file_for_key:
                                         data = Tunnel.con_to_dict(file_for_key)
 
@@ -877,6 +882,9 @@ class FrameWidgets(ttk.Frame):
                                     self.show_data()
                                     check_call(['nmcli', 'con', 'mod', self.a, 'connection.autoconnect', 'no'])
                                     Path.chmod(wg_read, 0o600)
+                                    
+            ''' Here encrypt import files '''
+            check_call(['pkexec', '/usr/local/bin/ssl_encrypt.py'])
 
             if 'PrivateKey = ' and 'Endpoint = ' not in read:
                 """img_w, img_i, w_title, w_txt hand over"""
@@ -1064,7 +1072,7 @@ class FrameWidgets(ttk.Frame):
                 self.select_tunnel = self.l_box.curselection()
                 select_tl = self.l_box.get(self.select_tunnel[0])
                 check_call(['nmcli', 'connection', 'up', select_tl])
-                wg_read = str(Path.home()) + '/.config/wire_py/' + str(select_tl + '.conf')
+                wg_read = '/tmp/tlecdcwg/' + str(select_tl + '.conf')
                 with open(wg_read, 'r') as file:
                     data = Tunnel.con_to_dict(file)
 
@@ -1147,6 +1155,7 @@ class MyToolTip(tk.Toplevel):
     def clear_tip(self):
         """Remove Tool-Tip"""
         self.destroy()
+        
 
 
 if __name__ == '__main__':