U !Xh)@sdZddlmZddlmZddlmZddlm Z ddl m Z Gddde Z Gd d d e Z Gd d d e ZGd dde ZdS)a VPN Configuration Models This module contains models for managing VPN configurations specific to channel-zone relationships. Each VPN technology has its own model with technology-specific parameters. Models: - VPNConfiguration: Abstract base for VPN configurations - IPSecConfiguration: IPSec-specific VPN configuration - OpenVPNConfiguration: OpenVPN-specific configuration - WireGuardConfiguration: WireGuard-specific configuration )models)RegexValidator) gettext_lazy) BaseModel)ChannelZoneRelationc@sTeZdZdZejeejdededdZ ej dededd Z Gd d d Z d S) VPNConfigurationz Abstract base for VPN-specific configurations. Extended by concrete VPN implementation models to store technology-specific configuration parameters. z%(class)s_configz Zone Relationz3The zone relation this VPN configuration applies to) on_delete related_name verbose_name help_textTz Is Enabledz3Whether this VPN configuration is currently enableddefaultr r c@seZdZdZdS)zVPNConfiguration.MetaTN)__name__ __module__ __qualname__abstractrr;/var/www/html/Focus/src/apps/channels/models/vpn_configs.pyMeta-srN) rrr__doc__r OneToOneFieldrCASCADE_ zone_relation BooleanField is_enabledrrrrrrsrc@seZdZdZddddgZdddd d gZejed ed d Z ej dedede deddgdZ ej dedede deddgdZ ej dedededdZej dedededdZGd d!d!Zd"d#Zd$S)%IPSecConfigurationa IPSec VPN configuration for channel-zone relationships. Stores IPSec-specific parameters including pre-shared keys, subnet configurations, and tunnel settings. Attributes: preshared_key (str): IPSec pre-shared key for authentication local_subnet (str): Local network subnet (e.g., 192.168.1.0/24) remote_subnet (str): Remote network subnet (e.g., 10.0.0.0/24) encryption_algorithm (str): Encryption algorithm to use hash_algorithm (str): Hash algorithm for integrity Relationships: - zone_relation: One-to-one with ChannelZoneRelation Example: >>> ipsec_config = IPSecConfiguration.objects.create( ... zone_relation=my_relation, ... preshared_key="secure_key_here", ... local_subnet="192.168.1.0/24", ... remote_subnet="10.0.0.0/24" ... ) )Zaes128zAES-128)Zaes192zAES-192)aes256zAES-256)Z3desZ3DES)sha1zSHA-1)sha256zSHA-256)sha384zSHA-384)sha512zSHA-512)md5MD5zPre-shared Keyz'IPSec pre-shared key for authenticationr r z Local Subnetz>> openvpn_config = OpenVPNConfiguration.objects.create( ... zone_relation=my_relation, ... ca_cert="-----BEGIN CERTIFICATE-----...", ... client_cert="-----BEGIN CERTIFICATE-----...", ... client_key="-----BEGIN PRIVATE KEY-----..." ... ) )nonezNo Compression)lzozLZO Compression)Zlz4zLZ4 Compression) aes-256-cbcz AES-256-CBC)z aes-192-cbcz AES-192-CBC)z aes-128-cbcz AES-128-CBC)z aes-256-gcmz AES-256-GCM)zchacha20-poly1305zChaCha20-Poly1305zvpn_configs/openvpn/TzOpenVPN Config Filez"OpenVPN configuration file (.ovpn)) upload_toblanknullr r zCA Certificatez/Certificate Authority certificate in PEM formatr<r r zClient Certificatez Client certificate in PEM formatzClient Private Keyz Client private key in PEM formatr*r9Z Compressionz(Compression algorithm for OpenVPN tunnelr+r:ZCipherz$Encryption cipher for OpenVPN tunnelc@s eZdZdZedZedZdS)zOpenVPNConfiguration.MetaZopenvpn_configurationszOpenVPN ConfigurationzOpenVPN ConfigurationsNr-rrrrrsrcCs d|jS)Nz OpenVPN: r0r1rrrr3szOpenVPNConfiguration.__str__cCst|jo|jo|jS)z Check if all required certificates are configured. Returns: bool: True if CA cert, client cert, and key are present )boolca_cert client_cert client_keyr1rrrhas_certificatessz%OpenVPNConfiguration.has_certificatesN)rrrrZCOMPRESSION_ALGORITHMSZCIPHER_ALGORITHMSr FileFieldrZ config_filer4rArBrCr5 compressioncipherrr3rDrrrrr7sdr7cseZdZdZejededdZejdededdZejed ed dZ ej d ed ed dZ ejdededdZ ej dededdZGdddZddZfddZddZZS)WireGuardConfigurationa WireGuard VPN configuration for channel-zone relationships. Stores WireGuard-specific parameters including cryptographic keys, endpoints, and allowed IP ranges. Attributes: private_key (str): WireGuard private key public_key (str): WireGuard public key peer_public_key (str): Peer's public key endpoint (str): Server endpoint (host:port) allowed_ips (str): Comma-separated allowed IP ranges persistent_keepalive (int): Keepalive interval in seconds Relationships: - zone_relation: One-to-one with ChannelZoneRelation Example: >>> wireguard_config = WireGuardConfiguration.objects.create( ... zone_relation=my_relation, ... private_key="private_key_here", ... peer_public_key="peer_public_key_here", ... endpoint="vpn.example.com:51820", ... allowed_ips="0.0.0.0/0" ... ) z Private Keyz%WireGuard private key for this clientr$Tz Public KeyzFWireGuard public key for this client (auto-generated from private key)r>zPeer Public Keyz&WireGuard public key of the VPN serverZEndpointzBWireGuard server endpoint (host:port, e.g., vpn.example.com:51820))r(r r z 0.0.0.0/0z Allowed IPsz9Comma-separated list of allowed IP ranges (CIDR notation)r zPersistent Keepalivez,Keepalive interval in seconds (0 to disable)c@s eZdZdZedZedZdS)zWireGuardConfiguration.MetaZwireguard_configurationszWireGuard ConfigurationzWireGuard ConfigurationsNr-rrrrr%srcCs d|jS)Nz WireGuard: r0r1rrrr3*szWireGuardConfiguration.__str__cs|jr |js tj||dS)z Auto-generate public key from private key if not provided. Note: This is a placeholder - actual implementation would require WireGuard cryptography library. N) private_key public_keysupersave)r2argskwargs __class__rrrN-s zWireGuardConfiguration.savecCs |js gSdd|jdDS)z} Parse allowed IPs string into a list. Returns: list: List of allowed IP ranges cSsg|]}|r|qSr)strip).0iprrr Bsz?WireGuardConfiguration.get_allowed_ips_list..,) allowed_ipssplitr1rrrget_allowed_ips_list9sz+WireGuardConfiguration.get_allowed_ips_list)rrrrrr4rrKrLZpeer_public_keyr5ZendpointrXPositiveIntegerFieldZpersistent_keepaliverr3rNrZ __classcell__rrrQrrHsB rHN)r django.dbrZdjango.core.validatorsrdjango.utils.translationrrapps.common.modelsr&apps.channels.models.channel_relationsrrrr7rHrrrrs     [`