forked from extern/wg-meshconf
88 lines
2.2 KiB
Python
Executable File
88 lines
2.2 KiB
Python
Executable File
#!/usr/bin/env python3
|
|
# -*- coding: utf-8 -*-
|
|
"""
|
|
Name: WireGuard Python Bindings
|
|
Dev: K4YT3X
|
|
Date Created: October 11, 2019
|
|
Last Modified: July 19, 2020
|
|
"""
|
|
|
|
# built-in imports
|
|
import pathlib
|
|
import subprocess
|
|
|
|
|
|
class WireGuard:
|
|
""" WireGuard utility controller
|
|
|
|
This class handles the interactions with the wg binary,
|
|
including:
|
|
|
|
- genkey
|
|
- pubkey
|
|
- genpsk
|
|
"""
|
|
|
|
def __init__(self, wg_binary=pathlib.Path("/usr/bin/wg")):
|
|
"""
|
|
Keyword Arguments:
|
|
wg_binary {pathlib.Path} -- path of wg binary (default: {pathlib.Path("/usr/bin/wg")})
|
|
|
|
Since the script might have to be run as root, it is bad practice to find wg using
|
|
pathlib.Path(shutil.which("wg") since a malicious binary named wg can be under the current
|
|
directory to intercept root privilege if SUID permission is given to the script.
|
|
"""
|
|
self.wg_binary = wg_binary
|
|
|
|
def genkey(self):
|
|
""" generate WG private key
|
|
|
|
Generate a new wireguard private key via
|
|
wg command.
|
|
"""
|
|
return (
|
|
subprocess.run(
|
|
[str(self.wg_binary.absolute()), "genkey"],
|
|
check=True,
|
|
stdout=subprocess.PIPE,
|
|
)
|
|
.stdout.decode()
|
|
.strip()
|
|
)
|
|
|
|
def pubkey(self, privkey: str) -> str:
|
|
""" convert WG private key into public key
|
|
|
|
Uses wg pubkey command to convert the wg private
|
|
key into a public key.
|
|
|
|
Arguments:
|
|
privkey {str} -- wg privkey
|
|
|
|
Returns:
|
|
str -- pubkey derived from privkey
|
|
"""
|
|
return (
|
|
subprocess.run(
|
|
[str(self.wg_binary.absolute()), "pubkey"],
|
|
check=True,
|
|
stdout=subprocess.PIPE,
|
|
input=privkey.encode("utf-8"),
|
|
)
|
|
.stdout.decode()
|
|
.strip()
|
|
)
|
|
|
|
def genpsk(self):
|
|
""" generate a random base64 PSK
|
|
"""
|
|
return (
|
|
subprocess.run(
|
|
[str(self.wg_binary.absolute()), "genpsk"],
|
|
check=True,
|
|
stdout=subprocess.PIPE,
|
|
)
|
|
.stdout.decode()
|
|
.strip()
|
|
)
|