Wire-Py/ssl_decrypt.py

#!/usr/bin/python3
""" This Script decrypt Wireguard files for Wirepy users """
import argparse
from pathlib import Path
import pwd
import shutil
from subprocess import CompletedProcess, run
from wp_app_config import AppConfig

parser = argparse.ArgumentParser()
parser.add_argument("--user", required=True, help="Username of the target file system")
args = parser.parse_args()

try:
    # Retrieve UID and GID
    user_info = pwd.getpwnam(args.user)
    uid = user_info.pw_uid  # User ID (e.g., 1000)
    gid = user_info.pw_gid  # Group ID (e.g., 1000)
except KeyError:
    print(f"User '{args.user}' not found.")
    exit(1)

keyfile: Path = Path(f"/home/{args.user}/.config/wire_py/pbwgk.pem")
path_of_crypted_tunnel: Path = Path(f"/home/{args.user}/.config/wire_py")

if not keyfile.is_file():
    process: CompletedProcess[str] = run(
        [
            "openssl",
            "rsa",
            "-in",
            AppConfig.SYSTEM_PATHS["pkey_path"],
            "-out",
            keyfile,
            "-outform",
            "PEM",
            "-pubout",
        ],
        capture_output=True,
        text=True,
        check=False,
    )
    print(process.stdout)
    if process.returncode == 0:
        print("Public key generated successfully.")
    else:
        print(f"Error with the following code... {process.returncode}")
    shutil.chown(keyfile, uid, gid)

if AppConfig.PUBLICKEY.exists():

    crypted__tunnel = [str(file) for file in path_of_crypted_tunnel.glob("*.dat")]

    for tunnel_path in crypted__tunnel:

        base_name = Path(tunnel_path).stem

        process: CompletedProcess[str] = run(
            [
                "openssl",
                "pkeyutl",
                "-decrypt",
                "-inkey",
                AppConfig.SYSTEM_PATHS["pkey_path"],
                "-in",
                tunnel_path,  # full path to the file
                "-out",
                f"{AppConfig.TEMP_DIR}/{base_name}.conf",
            ],
            capture_output=True,
            text=True,
            check=False,
        )
        shutil.chown(f"{AppConfig.TEMP_DIR}/{base_name}.conf", uid, gid)
        print(f"Processing of the file: {tunnel_path}")

        if process.stdout:
            print(process.stdout)

        # Output from Openssl Error
        if process.stderr:
            print("(Error):", process.stderr)

        if process.returncode == 0:
            print(f"File {base_name}.dat successfully decrypted.")
        else:
            print(f"Error by {tunnel_path}: Code: {process.returncode}")