#!/usr/bin/python3
""" This Script encrypt Wireguardfiles for Wirepy users for more Security """
import argparse
import logging
from pathlib import Path
import pwd
import shutil
from subprocess import CompletedProcess, run
from shared_libs.wp_app_config import AppConfig
from shared_libs.common_tools import LogConfig
parser = argparse.ArgumentParser()
parser.add_argument("--user", required=True, help="Username of the target file system")
args = parser.parse_args()
LogConfig.logger(f"/home/{args.user}/.local/share/lxlogs/wirepy.log")
try:
# Retrieve UID and GID
user_info = pwd.getpwnam(args.user)
uid = user_info.pw_uid # User ID (e.g., 1000)
gid = user_info.pw_gid # Group ID (e.g., 1000)
except KeyError:
logging.error(f"User '{args.user}' not found.", exc_info=True)
exit(1)
keyfile: Path = Path(f"/home/{args.user}/.config/wire_py/pbwgk.pem")
target: Path = Path(f"/home/{args.user}/.config/wire_py/")
if not keyfile.is_file():
process: CompletedProcess[str] = run(
[
"openssl",
"rsa",
"-in",
AppConfig.SYSTEM_PATHS["pkey_path"],
"-out",
keyfile,
"-outform",
"PEM",
"-pubout",
],
capture_output=True,
text=True,
check=False,
)
# Output from Openssl Error
if process.stderr:
logging.error(f"{process.stderr} Code: {process.returncode}", exc_info=True)
if process.returncode == 0:
logging.info("Public key generated successfully.", exc_info=True)
shutil.chown(keyfile, uid, gid)
# any() get True when directory is not empty
if AppConfig.TEMP_DIR.exists() and any(AppConfig.TEMP_DIR.iterdir()):
clear_files = [str(file) for file in AppConfig.TEMP_DIR.glob("*.conf")]
for config_file in clear_files:
base_name = Path(config_file).stem
process: CompletedProcess[str] = run(
[
"openssl",
"pkeyutl",
"-encrypt",
"-inkey",
keyfile,
"-pubin",
"-in",
config_file,
"-out",
f"{target}/{base_name}.dat",
],
capture_output=True,
text=True,
check=False,
)
# Output from Openssl Error
if process.stderr:
logging.error(process.stderr, exc_info=True)