Wire-Py/ssl_encrypt.py

#!/usr/bin/python3
""" This Script encrypt Wireguardfiles for Wirepy users for more Security """

import argparse
from pathlib import Path
import pwd
import shutil
from subprocess import CompletedProcess, run
from shared_libs.wp_app_config import AppConfig, logging

parser = argparse.ArgumentParser()
parser.add_argument("--user", required=True, help="Username of the target file system")
args = parser.parse_args()

try:
    # Retrieve UID and GID
    user_info = pwd.getpwnam(args.user)
    uid = user_info.pw_uid  # User ID (e.g., 1000)
    gid = user_info.pw_gid  # Group ID (e.g., 1000)
except KeyError:
    logging.error(f"User '{args.user}' not found.", exc_info=True)
    exit(1)

keyfile: Path = Path(f"/home/{args.user}/.config/wire_py/pbwgk.pem")

target: Path = Path(f"/home/{args.user}/.config/wire_py/")

if not keyfile.is_file():

    process: CompletedProcess[str] = run(
        [
            "openssl",
            "rsa",
            "-in",
            AppConfig.SYSTEM_PATHS["pkey_path"],
            "-out",
            keyfile,
            "-outform",
            "PEM",
            "-pubout",
        ],
        capture_output=True,
        text=True,
        check=False,
    )

    # Output from Openssl Error
    if process.stderr:
        logging.error(f"{process.stderr} Code: {process.returncode}", exc_info=True)

    if process.returncode == 0:
        logging.info("Public key generated successfully.", exc_info=True)

    shutil.chown(keyfile, uid, gid)

# any() get True when directory is not empty
if AppConfig.TEMP_DIR.exists() and any(AppConfig.TEMP_DIR.iterdir()):
    clear_files = [str(file) for file in AppConfig.TEMP_DIR.glob("*.conf")]

    for config_file in clear_files:
        base_name = Path(config_file).stem
        process: CompletedProcess[str] = run(
            [
                "openssl",
                "pkeyutl",
                "-encrypt",
                "-inkey",
                keyfile,
                "-pubin",
                "-in",
                config_file,
                "-out",
                f"{target}/{base_name}.dat",
            ],
            capture_output=True,
            text=True,
            check=False,
        )

        # Output from Openssl Error
        if process.stderr:
            logging.error(process.stderr, exc_info=True)