punix/Wire-Py
1
0
Fork 0
Code Issues Pull Requests 1 Packages Projects Releases 13 Wiki Activity

ssl part one

Browse Source
This commit is contained in:
Désiré Werner Menrath
2025-03-08 22:13:22 +01:00
parent 8771be760d
commit 1667682c9d
6 changed files with 143 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
cls_mth_fc.py
View File

@@ -229,11 +229,9 @@ class Tunnel:
""" """
@staticmethod @staticmethod
def list(): def list():
dirname = Path.home() / '.config/wire_py/' dirname = '/tmp/tlecdcwg/'
wg_s = os.listdir(dirname) wg_s = os.listdir(dirname)
wg_s.remove('keys')
wg_s.remove('settings')
return wg_s return wg_s
""" """
@@ -250,11 +248,8 @@ class Tunnel:
try: try:
if len(tl) != 0: if len(tl) != 0:
wg_tar = str(Path.home()) + '/' + now_datetime wg_tar = str(Path.home()) + '/' + now_datetime
shutil.copytree(Path.home() / '.config/wire_py/', '/tmp/wire_py', dirs_exist_ok=True) shutil.copytree('/tmp/tlecdcwg/', '/tmp/wire_py', dirs_exist_ok=True)
source = Path('/tmp/wire_py') source = Path('/tmp/wire_py')
Path.unlink(Path(source) / 'wg_py', missing_ok=True)
Path.unlink(Path(source) / 'keys', missing_ok=True)
Path.unlink(Path(source) / 'settings', missing_ok=True)
shutil.make_archive(wg_tar, 'zip', source) shutil.make_archive(wg_tar, 'zip', source)
#shutil.chown(wg_tar + '.zip', 1000, 1000) #shutil.chown(wg_tar + '.zip', 1000, 1000)
shutil.rmtree(source) shutil.rmtree(source)

4
install
View File

@@ -9,8 +9,9 @@ install_file_with(){
mkdir -p ~/.config/wire_py && touch ~/.config/wire_py/keys && cp -u settings ~/.config/wire_py/ && \ mkdir -p ~/.config/wire_py && touch ~/.config/wire_py/keys && cp -u settings ~/.config/wire_py/ && \
mkdir -p ~/.config/systemd/user && cp -u wg_start.service ~/.config/systemd/user/ && \ mkdir -p ~/.config/systemd/user && cp -u wg_start.service ~/.config/systemd/user/ && \
systemctl --user enable wg_start.service systemctl --user enable wg_start.service
sudo cp -u org.sslcrypt.policy /usr/share/polkit-1/actions/ && \
sudo apt install python3-tk && \ sudo apt install python3-tk && \
sudo cp -u wg_main.py start_wg.py cls_mth_fc.py /usr/local/bin/ && \ sudo cp -u wg_main.py start_wg.py cls_mth_fc.py ssl_encrypt.py ssl_decrypt.py /usr/local/bin/ && \
sudo cp -uR wp-icons lx-icons /usr/share/icons/ && sudo cp -uR TK-Themes /usr/share/ && \ sudo cp -uR wp-icons lx-icons /usr/share/icons/ && sudo cp -uR TK-Themes /usr/share/ && \
sudo cp -u languages/de/*.mo /usr/share/locale/de/LC_MESSAGES/ && \ sudo cp -u languages/de/*.mo /usr/share/locale/de/LC_MESSAGES/ && \
sudo ln -sf /usr/local/bin/wg_main.py /usr/local/bin/wirepy && \ sudo ln -sf /usr/local/bin/wg_main.py /usr/local/bin/wirepy && \
@@ -28,6 +29,7 @@ install_arch_d(){
sudo ln -sf /usr/bin/wirepy.py /usr/local/bin/wirepy && \ sudo ln -sf /usr/bin/wirepy.py /usr/local/bin/wirepy && \
sudo cp -u org.wirepy.policy /usr/share/polkit-1/actions/ && \ sudo cp -u org.wirepy.policy /usr/share/polkit-1/actions/ && \
sudo cp -u Wire-Py.desktop /usr/share/applications/ && \ sudo cp -u Wire-Py.desktop /usr/share/applications/ && \
sudo cp -u org.sslcrypt.policy /usr/share/polkit-1/actions/ && \
sudo cp -u wg_start.service /lib/systemd/system/ && \ sudo cp -u wg_start.service /lib/systemd/system/ && \
sudo systemctl enable wg_start.service sudo systemctl enable wg_start.service
} }

40
org.sslcrypt.policy Normal file
View File

@@ -0,0 +1,40 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE policyconfig PUBLIC "-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN" "http://www.freedesktop.org/standards/PolicyKit/1/policyconfig.dtd">
<!--
Policy definitions for ssl_encrypt and ssl_decrypt
Copyright (C) 2025 Désiré Werner Menrath <polunga40@unity-mail.de>
This library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
License as published by the Free Software Foundation; either
version 2.1 of the License, or (at your option) any later version.
This library is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Lesser General Public License for more details.
You should have received a copy of the GNU Lesser General Public
License along with this library. If not, see
<http://www.gnu.org/licenses/>.
-->
<policyconfig>
<action id="org.ssl_encrypt">
<defaults>
<allow_any>auth_admin_keep</allow_any>
<allow_active>yes</allow_active>
</defaults>
<annotate key="org.freedesktop.policykit.exec.path">/usr/local/bin/ssl_encrypt.py</annotate>
</action>
<action id="org.ssl_decrypt">
<defaults>
<allow_any>auth_admin_keep</allow_any>
<allow_active>yes</allow_active>
</defaults>
<annotate key="org.freedesktop.policykit.exec.path">/usr/local/bin/ssl_decrypt.py</annotate>
</action>
</policyconfig>

38
ssl_decrypt.py Executable file
View File

@@ -0,0 +1,38 @@
#!/usr/bin/python3
''' This Script decrypt Wireguardfiles for Wirepy users '''
import os
from subprocess import check_call
import shutil
from pathlib import Path
''' Dirname "tlecdewg" = Tunnel Encrypt Decrypt Wireguard '''
dirname = Path('/tmp/tlecdcwg/')
keyfile = '/usr/local/etc/ssl/pwgk.pem'
logname = os.getlogin()
''' Remove the folder when it is there '''
if os.path.exists(str(dirname)):
shutil.rmtree(str(dirname))
os.mkdir(dirname)
shutil.chown(dirname, 1000, 1000)
tl = os.listdir(str(dirname))
dirname2 = '/home/' + logname + '/.config/wire_py/'
detl = os.listdir(dirname2)
os.chdir(dirname2)
detl.remove('keys')
detl.remove('settings')
if os.path.exists(dirname2 + 'pbwgk.pem'):
detl.remove('pbwgk.pem')
for detunnels in detl:
tlname2 = detunnels[:-4] + '.conf'
extpath = str(dirname) + '/' + tlname2
check_call(['openssl', 'pkeyutl', '-decrypt', '-inkey', keyfile, '-in', detunnels, '-out', extpath])
def create_pub_key():
pth_with_keyname = '/home/' + logname + '/.config/wire_py/pbwgk.pem'
check_call(['openssl', 'rsa', '-in', keyfile, '-out', pth_with_keyname, '-outform', 'PEM', '-pubout'])
shutil.chown(pth_with_keyname, 1000, 1000)

39
ssl_encrypt.py Executable file
View File

@@ -0,0 +1,39 @@
#!/usr/bin/python3
''' This Script encrypt Wireguardfiles for Wirepy users for more Security'''
import os
from subprocess import check_call
from pathlib import Path
import shutil
from ssl_decrypt import create_pub_key
logname = os.getlogin()
keyfile = Path('/home/', logname) / '.config/wire_py/pbwgk.pem'
dirname = Path('/tmp/tlecdcwg/')
if not keyfile.is_file():
create_pub_key()
else:
if dirname.exists():
tl = os.listdir(dirname)
print(tl)
cpth = str(keyfile)
cryptfiles = cpth[:-9]
if keyfile.exists() and len(tl) != 0:
for tunnels in tl:
sourcetl = str(dirname) + '/' + tunnels
print(source)
tlname = cryptfiles + tunnels[:-5] + '.dat'
check_call(['openssl', 'pkeyutl', '-encrypt', '-inkey', keyfile, '-pubin', '-in', sourcetl, '-out', tlname])
else:
print('im else block')
#shutil.rmtree(dirname)
else:
print('im letzen else block')

31
wg_main.py
View File

@@ -12,6 +12,8 @@ from subprocess import check_call
from tkinter import filedialog, ttk, TclError from tkinter import filedialog, ttk, TclError
from cls_mth_fc import (Tunnel, dirs_and_files, msg_window, Tipi, GiteaUpdate ,files_for_autostart) from cls_mth_fc import (Tunnel, dirs_and_files, msg_window, Tipi, GiteaUpdate ,files_for_autostart)
check_call(['pkexec', '/usr/local/bin/ssl_decrypt.py'])
tcl_path = Path('/usr/share/TK-Themes') tcl_path = Path('/usr/share/TK-Themes')
wg_set = Path(Path.home() / '.config/wire_py/settings') wg_set = Path(Path.home() / '.config/wire_py/settings')
wg_tips = Tipi.if_tip(wg_set) wg_tips = Tipi.if_tip(wg_set)
@@ -382,7 +384,7 @@ class FrameWidgets(ttk.Frame):
''' Button Vpn ''' ''' Button Vpn '''
if self.a != '': if self.a != '':
self.stop() self.stop()
wg_read = str(Path.home()) + '/.config/wire_py/' + str(self.a + '.conf') wg_read = '/tmp/tlecdcwg/' + str(self.a + '.conf')
with open(wg_read, 'r') as file: with open(wg_read, 'r') as file:
data = Tunnel.con_to_dict(file) data = Tunnel.con_to_dict(file)
@@ -420,7 +422,7 @@ class FrameWidgets(ttk.Frame):
try: try:
self.select_tunnel = self.l_box.curselection() self.select_tunnel = self.l_box.curselection()
select_tl = self.l_box.get(self.select_tunnel[0]) select_tl = self.l_box.get(self.select_tunnel[0])
with open(str(Path.home()) + '/.config/wire_py/' + select_tl + '.conf', 'r+') as file2: with open('/tmp/tlecdcwg/' + select_tl + '.conf', 'r+') as file2:
key = Tunnel.con_to_dict(file2) key = Tunnel.con_to_dict(file2)
pre_key = key[3] pre_key = key[3]
check_call(['nmcli', 'connection', 'delete', select_tl]) check_call(['nmcli', 'connection', 'delete', select_tl])
@@ -433,8 +435,10 @@ class FrameWidgets(ttk.Frame):
set_file7.writelines(lines6) set_file7.writelines(lines6)
self.selected_option.set(0) self.selected_option.set(0)
self.autoconnect_var.set(_('no Autoconnect')) self.autoconnect_var.set(_('no Autoconnect'))
is_encrypt = Path.home() / '.config/wire_py' / str(select_tl + '.dat')
Path.unlink(str(Path.home()) + '/.config/wire_py/' + str(select_tl + '.conf')) if is_encrypt.is_file():
Path.unlink(str(Path.home()) + '/.config/wire_py/' + str(select_tl + '.dat'))
Path.unlink(Path('/tmp/tlecdcwg') / str(select_tl + '.conf'))
with open(str(Path.home()) + '/.config/wire_py/keys', 'r') as readfile: with open(str(Path.home()) + '/.config/wire_py/keys', 'r') as readfile:
with open(str(Path.home()) + '/.config/wire_py/keys2', 'w') as writefile: with open(str(Path.home()) + '/.config/wire_py/keys2', 'w') as writefile:
for line in readfile: for line in readfile:
@@ -636,9 +640,10 @@ class FrameWidgets(ttk.Frame):
''' nmcli connection modify old connection.id iphone ''' ''' nmcli connection modify old connection.id iphone '''
check_call(['nmcli', 'connection', 'modify', select_tl, 'connection.id', self.lb_rename.get()]) check_call(['nmcli', 'connection', 'modify', select_tl, 'connection.id', self.lb_rename.get()])
source = Path.home() / '.config/wire_py' / str(select_tl + '.conf') source = Path('/tmp/tlecdcwg') / str(select_tl + '.conf')
destination = source.with_name(str(self.lb_rename.get() + '.conf')) destination = source.with_name(str(self.lb_rename.get() + '.conf'))
source.replace(destination) source.replace(destination)
Path.unlink(str(Path.home()) + '/.config/wire_py/' + str(select_tl + '.dat'))
self.l_box.delete(self.select_tunnel[0]) self.l_box.delete(self.select_tunnel[0])
self.l_box.insert("end", self.lb_rename.get()) self.l_box.insert("end", self.lb_rename.get())
self.l_box.update() self.l_box.update()
@@ -771,10 +776,10 @@ class FrameWidgets(ttk.Frame):
with open(str(Path.home()) + '/.config/wire_py/keys', 'a') as keyfile: with open(str(Path.home()) + '/.config/wire_py/keys', 'a') as keyfile:
keyfile.write(pre_key + '\r') keyfile.write(pre_key + '\r')
if len(path_split1) > 17: if len(path_split1) > 17:
p1 = shutil.copy(filepath, str(Path.home()) + '/.config/wire_py/') p1 = shutil.copy(filepath, '/tmp/tlecdcwg/')
path_split = path_split1[len(path_split1) - 17:] path_split = path_split1[len(path_split1) - 17:]
os.rename(p1, str(Path.home()) + '/.config/wire_py/' + str(path_split)) os.rename(p1, '/tmp/tlecdcwg/' + str(path_split))
new_conf = str(Path.home()) + '/.config/wire_py/' + path_split new_conf = '/tmp/tlecdcwg/' + path_split
if self.a != '': if self.a != '':
check_call(['nmcli', 'connection', 'down', Tunnel.active()]) check_call(['nmcli', 'connection', 'down', Tunnel.active()])
self.label_empty() self.label_empty()
@@ -783,7 +788,7 @@ class FrameWidgets(ttk.Frame):
'wireguard', 'file', new_conf], text=True) 'wireguard', 'file', new_conf], text=True)
else: else:
shutil.copy(filepath, str(Path.home()) + '/.config/wire_py/') shutil.copy(filepath, '/tmp/tlecdcwg/')
if self.a != '': if self.a != '':
check_call(['nmcli', 'connection', 'down', Tunnel.active()]) check_call(['nmcli', 'connection', 'down', Tunnel.active()])
self.label_empty() self.label_empty()
@@ -868,7 +873,7 @@ class FrameWidgets(ttk.Frame):
self.StrVar.set(self.a) self.StrVar.set(self.a)
self.color_label() self.color_label()
self.stop() self.stop()
wg_read = str(Path.home()) + '/.config/wire_py/' + str(self.a + '.conf') wg_read = '/tmp/tlecdcwg/' + str(self.a + '.conf')
with open(wg_read, 'r') as file_for_key: with open(wg_read, 'r') as file_for_key:
data = Tunnel.con_to_dict(file_for_key) data = Tunnel.con_to_dict(file_for_key)
@@ -877,6 +882,9 @@ class FrameWidgets(ttk.Frame):
self.show_data() self.show_data()
check_call(['nmcli', 'con', 'mod', self.a, 'connection.autoconnect', 'no']) check_call(['nmcli', 'con', 'mod', self.a, 'connection.autoconnect', 'no'])
Path.chmod(wg_read, 0o600) Path.chmod(wg_read, 0o600)
''' Here encrypt import files '''
check_call(['pkexec', '/usr/local/bin/ssl_encrypt.py'])
if 'PrivateKey = ' and 'Endpoint = ' not in read: if 'PrivateKey = ' and 'Endpoint = ' not in read:
"""img_w, img_i, w_title, w_txt hand over""" """img_w, img_i, w_title, w_txt hand over"""
@@ -1064,7 +1072,7 @@ class FrameWidgets(ttk.Frame):
self.select_tunnel = self.l_box.curselection() self.select_tunnel = self.l_box.curselection()
select_tl = self.l_box.get(self.select_tunnel[0]) select_tl = self.l_box.get(self.select_tunnel[0])
check_call(['nmcli', 'connection', 'up', select_tl]) check_call(['nmcli', 'connection', 'up', select_tl])
wg_read = str(Path.home()) + '/.config/wire_py/' + str(select_tl + '.conf') wg_read = '/tmp/tlecdcwg/' + str(select_tl + '.conf')
with open(wg_read, 'r') as file: with open(wg_read, 'r') as file:
data = Tunnel.con_to_dict(file) data = Tunnel.con_to_dict(file)
@@ -1147,6 +1155,7 @@ class MyToolTip(tk.Toplevel):
def clear_tip(self): def clear_tip(self):
"""Remove Tool-Tip""" """Remove Tool-Tip"""
self.destroy() self.destroy()
if __name__ == '__main__': if __name__ == '__main__':