# Copyright 2021-2024 VyOS maintainers and contributors <maintainers@vyos.io>
#
# This library is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public
# License as published by the Free Software Foundation; either
# version 2.1 of the License, or (at your option) any later version.
#
# This library is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
# Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public License
# along with this library.  If not, see <http://www.gnu.org/licenses/>.

# Deletes Wireguard peers if they have the same public key as the router has.

from vyos.configtree import ConfigTree
from vyos.utils.network import is_wireguard_key_pair

def migrate(config: ConfigTree) -> None:
    base = ['interfaces', 'wireguard']
    if not config.exists(base):
        # Nothing to do
        return

    for interface in config.list_nodes(base):
        if not config.exists(base + [interface, 'private-key']):
            continue
        private_key = config.return_value(base + [interface, 'private-key'])
        interface_base = base + [interface]
        if config.exists(interface_base + ['peer']):
            for peer in config.list_nodes(interface_base + ['peer']):
                peer_base = interface_base + ['peer', peer]
                if not config.exists(peer_base + ['public-key']):
                    continue
                peer_public_key = config.return_value(peer_base + ['public-key'])
                if not config.exists(peer_base + ['disable']) \
                        and is_wireguard_key_pair(private_key, peer_public_key):
                    config.set(peer_base + ['disable'])